2895 matches found
CVE-2022-49877
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running test_sockmap selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0Cal...
CVE-2022-49883
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM willaccess 16 gprs to 32-bit smram image, causing out-ouf-bound ramaccess. On 32 bit host, t...
CVE-2022-49886
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This includeseverything from kernel stacks to kernel text. Handlingexceptions on arbitrary accesses to kernel memor...
CVE-2022-49894
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix region HPA ordering validation Some regions may not have any address space allocated. Skip them whenvalidating HPA order otherwise a crash like the following may result: devm_cxl_add_region: cxl_acpi cxl_acpi.0: dec...
CVE-2022-49904
In the Linux kernel, the following vulnerability has been resolved: net, neigh: Fix null-ptr-deref in neigh_table_clear() When IPv6 module gets initialized but hits an error in the middle,kenel panic with: KASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f]CPU: 1 PID: 361 Comm: i...
CVE-2022-49907
In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changingsignificant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds ...
CVE-2023-52981
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference countingaround the request object was broken. Fix it up. The context based search manages the spinloc...
CVE-2023-53009
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svmif the initialization is not complete and application iswritting on the memory. Adding sync to wait for theinitialization completion ...
CVE-2023-53088
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passivesocket initialization, the mptcp listener shutdown path is proneto an UaF issue. BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0...
CVE-2024-57877
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable,and a SETREGSET call with a length of zero will leave thisuninitialized. Consequently an arbitrary value will ...
CVE-2024-57909
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from atriggered buffer, but it does not set values for inactive channels, asit only uses iio_for_each_active_ch...
CVE-2024-57975
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG]With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crashwith the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, st...
CVE-2024-58067
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check The devm_kzalloc() function returns NULL on error, not error pointers.Update the check to match.
CVE-2025-21752
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAIDstripe-tree, as this can lead to corruption of the tree, which is caughtby the checks in btrfs_set_it...
CVE-2025-37807
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32):backtrace (crc 0):pcpu_alloc_noprof+0x730/0xeb0bpf_map_alloc_percpu+0x69/0xc0prealloc_ini...
CVE-2025-37947
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset(*pos) was within the bounds of the existing stream data length (v_len).If *pos was greater than or equ...
CVE-2025-37957
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested modeon vCPU reset") addressed an issue where a triple fault occurring innested mode could lead to use-afte...
CVE-2025-37982
In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup failswith a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.
CVE-2025-37990
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the functionbrcmf_usb_dl_cmd() but dose not check its return value. The'state.state' and the 'state.bytes' are uni...
CVE-2025-37993
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is notbeing initialized. This leads the following spinlock bad magiccomplaint from the kernel,...
CVE-2025-37996
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made theinitialization of the local memcache variable in user_mem_abort()conditional, leaving a codepa...
CVE-2022-49763
In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrs_offset field in first...
CVE-2022-49766
In the Linux kernel, the following vulnerability has been resolved: netlink: Bounds-check struct nlmsgerr creation In preparation for FORTIFY_SOURCE doing bounds-check on memcpy(),switch from __nlmsg_put to nlmsg_put(), and explain the bounds checkfor dealing with the memcpy() across a composite fl...
CVE-2022-49791
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix multishot accept request leaks Having REQ_F_POLLED set doesn't guarantee that the request isexecuted as a multishot from the polling path. Fortunately for us, ifthe code thinks it's multishot issue when it's not, it c...
CVE-2022-49805
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() lan966x_stats_init() calls create_singlethread_workqueue() and notchecked the ret value, which may return NULL. And a null-ptr-deref mayhappen: lan966x_stats_init()...
CVE-2022-49811
In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe()iterator to prevent a use after free.
CVE-2022-49838
In the Linux kernel, the following vulnerability has been resolved: sctp: clear out_curr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: list_del corruption, ffffa035ddf01c18->next is NULLWARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x...
CVE-2022-49851
In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of thedevice tree. As a result, when trying to get a reserved memory regionusing of_reserved_mem_lookup(), the pointer to reserved me...
CVE-2022-49859
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: fix issue of invalid opcode in lapbeth_open() If lapb_register() failed when lapb device goes to up for the first time,the NAPI is not disabled. As a result, the invalid opcode issue isreported when the lapb device ...
CVE-2023-52934
In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support toMADV_COLLAPSE") we make the following change to find_pmd_or_thp_or_none(): - if (!pmd_present(pmde)) - return SC...
CVE-2023-52942
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() It was found that the check to see if a partition could use up allthe cpus from the parent cpuset in update_parent_subparts_cpumask()was incorrect. As a result, it ...
CVE-2023-53050
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in margining Memory for the usb4->margining needs to be relased for the upstream portof the router as well, even though the debugfs directory gets releasedwith the router device removal. Fix this.
CVE-2024-57914
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix NULL pointer issue on shared irq case The tcpci_irq() may meet below NULL pointer dereference issue: [ 2.641851] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010[ 2.641951]...
CVE-2024-58091
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannotrely on it for deferred I/O. Allocate a shadow buffer for driversthat require deferred I/O and use it as framebuf...
CVE-2025-21751
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow,the error flow of the function reconnects the matcher back and returnsan error, which continues running t...
CVE-2025-21932
In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristineafter a merge attempt. Usually this is the case, however in the one edge case scenario of a mergeattemp...
CVE-2025-21939
In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages thatwe don't have a reference on, and the guarantee that they are stillin the cpu page-tables is...
CVE-2025-37952
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the filevia __ksmbd_close_fd while another thread holds a reference toit. The existing checks on fp->refcount are not sufficient toprev...
CVE-2025-37956
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server.It will cause a kernel oops from d_alloc.This patch return the error when attempting to renamea file or directory with an empty new name s...
CVE-2025-37960
In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slabis not yet available, a call to memblock_find_in_range() is used toreserve/allocate memor...
CVE-2025-37991
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application witha second SIGFPE in the signal handler. Dave analyzed it, and it happensbecause glibc uses a double-word floating-point sto...
CVE-2022-49768
In the Linux kernel, the following vulnerability has been resolved: 9p: trans_fd/p9_conn_cancel: drop client lock earlier syzbot reported a double-lock here and we no longer need thislock after requests have been moved off to local list:just drop the lock earlier.
CVE-2022-49774
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Should not call eventfd_ctx_put() in case of error. [Introduce new goto target instead. - Paolo]
CVE-2022-49782
In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(),which fires if pending_sigtrap was already set: returning to user spacewithout consuming pending_sigtrap, and then having t...
CVE-2022-49785
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add overflow check in sgx_validate_offset_length() sgx_validate_offset_length() function verifies "offset" and "length"arguments provided by userspace, but was missing an overflow check ontheir addition. Add it.
CVE-2022-49798
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race where eprobes can be called before the event The flag that tells the event to call its triggers after reading the eventis set for eprobes after the eprobe is enabled. This leads to a race wherethe eprobe may be tr...
CVE-2022-49803
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmemleak reports this issue: unreferenced object 0xffff8881bac872d0 (size 8):comm "sh", pid 58603, jiffies 4481524462 (age 68.065s)hex dump (first 8 bytes):04 00 00 00 de ad be e...
CVE-2022-49806
In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() sparx_stats_init() calls create_singlethread_workqueue() and notchecked the ret value, which may return NULL. And a null-ptr-deref mayhap...
CVE-2022-49828
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], andit solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, th...
CVE-2022-49849
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in dev_args_match_device syzkaller found a failed assertion: assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to (u64...