4367 matches found
CVE-2024-26839
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va,init_credit_return should deallocate dd->cr_base anddd->cr_base[i] that allocated before. Or those resourceswould be ...
CVE-2024-26842
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<task_tag will out of bounds for a u32 mask. Fix this up to preventSHIFT_ISSUE (bitwise shifts tha...
CVE-2024-27403
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own itanymore. Reset dst in route object, otherwise if flow_offload_add()fails, error path re...
CVE-2024-35848
In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, theread will fail, and the device will be torn down. If another driveraccesses the nvmem device after the teard...
CVE-2024-35911
In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is causedfrom the driver only calling the ice_vsi_free_q_vectors() function byitself, when it is suspending. Since co...
CVE-2024-35997
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations.However, this is not necessary, because I2C core already has its ownlocking for that. More importan...
CVE-2024-36908
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, whichis intended to confirm iocg is active when it has debt. However, warncan be triggered during a blkcg or disk...
CVE-2024-38553
In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to thecommit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoiddeadlocks"). The root cause of the...
CVE-2024-38667
In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. Howeverthis is not the case for the idle threads of the secondary boot harts.Their stacks overlap with thei...
CVE-2024-41070
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up stt from tablefd, but then continues to use it after doingfdput()...
CVE-2024-42133
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where thehandle value is belonging to ida id range, otherwise ida will be erroneouslyreleased in hci_conn_cleanup.
CVE-2024-43821
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc mightfail, thereby making rdp_context a null pointer. In the following contextand functions that use this point...
CVE-2024-46786
In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache moduleis inserted, but is not deleted when the fscache module is removed.If timer_reduce() is cal...
CVE-2024-47689
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() syzbot reports a f2fs bug as below: ------------[ cut here ]------------WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:17...
CVE-2024-47698
In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to preventout-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions sho...
CVE-2024-47743
In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}arguments, the kernel will first emit WARN but then have an oopsbecause id_2 gets dereferenced anywa...
CVE-2024-49982
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potentialuse-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()instead of doing in aoecmd_cfg_pkts...
CVE-2024-50023
In the Linux kernel, the following vulnerability has been resolved: net: phy: Remove LED entry from LEDs list on unregister Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correctordering") correctly fixed a problem with using devm_ but missedremoving the LED entry from the LEDs list. ...
CVE-2024-50066
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and thespecified address range to figure out by which method the next chunk ofpage table entries should be m...
CVE-2024-50075
In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between allVirtual Functions. The USB2 port number owned by an USB2 root hub ina Virtual Function may be less than total USB2 phy num...
CVE-2024-50272
In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to thefilesystem upper limit, and an iterator with a count that causes us tooverflow that limit, then filemap_read() enter...
CVE-2024-53079
In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues:under load revealing long-standing races, causing list_del corruptions,"Bad page state"s and worse (I keep ...
CVE-2024-53222
In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/0...
CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crashhappens because during hot-unplug __iommu_group_set_domain_nofail()attaching the default domain fails when the platform n...
CVE-2024-53236
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., forevery non-multibuf descriptor or the first frag of a multibuf descriptor,but the descriptor is later found ...
CVE-2024-56587
In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid devicebeing added which results in adding a led_cdev addition and later aanother call to acc...
CVE-2024-56607
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching touse recently i...
CVE-2024-56609
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by:rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx statuscau...
CVE-2024-56679
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp().
CVE-2021-47067
In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is outof range due to a bug in the code. The max-spread requirement shall beaccounted when CPU r...
CVE-2021-47142
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL.Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI[ 12...
CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet.Commit b72949328869 ("s390/dasd: Prepare for additional path event handling")renamed the verify_path function for ECKD but...
CVE-2021-47348
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field,the code was reading 8. This could result in a corrupted value if thetrailing 3 bytes were non-zero, so instead ...
CVE-2021-47489
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67Author: Thelford Williams [email protected] Date: Wed Oct 13 16:04:13 2021 -0400 drm/amdgpu...
CVE-2021-47572
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled(!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error pathof nh_create_ipv6() due to callin...
CVE-2022-48765
In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cut here ]------------WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0...
CVE-2022-48794
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Onlyieee802154_wake_queue() is called manually. In the Tx case we then leakthe skb structure. Free the skb structure upo...
CVE-2022-48883
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx queues whencreating an interface via netlink. This doesn't work for child PKEYinterfaces because the chil...
CVE-2022-48905
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.
CVE-2022-48921
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected tocommit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalidsched_task_group") There is a race between sched_post_fo...
CVE-2023-51781
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
CVE-2023-52571
In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak Dan Carpenter reports that the Smatch static checker warning has foundthat there is another refcount leak in the probe function. Whileof_node_put() was added in one of the return paths, ...
CVE-2023-52616
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are notcleared, causing a crash when referencing the field when thestructure was released. Initially, this iss...
CVE-2023-52783
In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the functionwx_sw_init() returns before the memory of 'wx->mac_table' is allocated.The null pointer will causes the kernel pan...
CVE-2024-26790
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC(Net...
CVE-2024-26856
In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5_del_mact_entry Based on the static analyzis of the code it looks like when an entryfrom the MAC table was removed, the entry was still used after beingfreed. More precise the vid of the...
CVE-2024-35999
In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding thechannel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")
CVE-2024-36959
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the referencecount we just took. Because the pinctrl_dt_free_maps() includes thedroping operation, here we call i...
CVE-2024-38611
In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callbackbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device getsunbound (e.g. using sysfs ...
CVE-2024-38664
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_funccalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to beinitialized. We do this before zynqmp_dpsub_drm_init s...