2811 matches found
CVE-2022-49852
In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, whichmay be finally leaked to userspace. This is a security hole. Fix itby clearing the s[12] array in thread_struct when fork....
CVE-2022-49884
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper andcall the new helper during VM/vCPU creation. There are raceconditions possible due to kvm_gfn_to_pfn_cach...
CVE-2022-49893
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously assignedto that region hold references to it. Trigger those references todrop by detaching all targets...
CVE-2022-49912
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in error paths of qgroup self tests In the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,if we fail to add the tree ref, remove the extent item or remove theextent ref, we are returning f...
CVE-2023-52980
In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queue_size to fix overflow When validating drafted SPDK ublk target, in a case thatassigning large queue depth to multiqueue ublk device,ublk target would run into a weird incorrect state. Duringrounds of rev...
CVE-2023-52982
In the Linux kernel, the following vulnerability has been resolved: fscache: Use wait_on_bit() to wait for the freeing of relinquished volume The freeing of relinquished volume will wake up the pending volumeacquisition by using wake_up_bit(), however it is mismatched withwait_var_event() used in f...
CVE-2023-53004
In the Linux kernel, the following vulnerability has been resolved: ovl: fix tmpfile leak Missed an error cleanup.
CVE-2024-57985
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global '__scm' on probe failures If SCM driver fails the probe, it should not leave global '__scm'variable assigned, because external users of this driver will assume theprobe finished successfully. For...
CVE-2024-57987
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, itwill hit the NULL point accessed. Add a null point check to avoid theKernel Oops.
CVE-2024-58065
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check The devm_kzalloc() function returns NULL on error, not error pointers.Fix the check.
CVE-2024-58074
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Grab intel_display from the encoder to avoid potential oopsies Grab the intel_display from 'encoder' rather than 'state'in the encoder hooks to avoid the massive footgun that isintel_sanitize_encoder(), which passes NULL ...
CVE-2025-21746
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmousedriver binds to the pass-through port. However synaptics sub-drivertries to access psmouse instanc...
CVE-2025-21788
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDP_PASS then we leak thememory allocated by am65_cpsw_build_skb(). It is pointless to allocate SKB memory before running the XDPpr...
CVE-2025-21882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed,causing a leak. Add the missing free and reset the vport scheduling node pointer toNULL.
CVE-2025-21952
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an interrupt context,locking battery_mutex in it was causing a kernel panic.Fix it by moving the critical se...
CVE-2025-37930
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences onlyever get signaled through nouveau_fence_signal(). However, in at leastone other place, nouveau_fence_do...
CVE-2022-49819
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: fix potential memory leak in octep_device_setup() When occur unsupported_dev and mbox init errors, it did not free oct->confand iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.Add kfree() for...
CVE-2022-49932
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvm_init() only after all setup is complete, as kvm_init() exposes/dev/kvm to userspace and thus allows userspace to create VMs (and callother ioctls). E.g....
CVE-2023-53055
In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encryptedinodes were evicted; otherwise it cannot safely destroy the keyring.Since inodes that are in-use by the Lan...
CVE-2023-53115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() Don't allocate memory again when IOC is being reinitialized.
CVE-2024-49570
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commitafd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format")exposes potential UAFs in the xe_bo_move trace event. Fix those by avoiding derefere...
CVE-2024-57976
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG]When testing with COW fixup marked as BUG_ON() (this is involved with thenew pin_user_pages*() change, which should not result new out-of-banddirty pages), I hit a cr...
CVE-2024-58021
In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in winwing_init_led() is not checked.Add NULL check in winwing_init_led(), to handle kernel NULLpointer...
CVE-2025-37928
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP andtry_verify_in_tasklet are enabled.[ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-buf...
CVE-2025-37983
In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair,if we are that far OOM, the odds of failing at that particularallocation are low...
CVE-2022-49817
In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This patch ca...
CVE-2024-57989
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but thisreturned value is not checked.
CVE-2024-58004
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens whenwe do not remove cpu latency request on error path and freecorresponding memory. [ 30.634378] l7 kernel: list...
CVE-2025-21717
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands tonothing on !CONFIG_D...
CVE-2025-21778
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap() of persistent ring buffer When trying to mmap a trace instance buffer that is attached toreserve_mem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8#PF: supervisor read a...
CVE-2025-21789
In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bitsystem") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("...
CVE-2025-21942
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang likebelow. They are both stack by locking an extent. This suggests someoneforget to unlock an extent. ...
CVE-2025-21954
In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but notTX. It is not safe to forward/redirect an RX unreadable netmem packetinto the device's TX path, as the device may call dma-...
CVE-2025-37907
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling.When a thread aborts currently executing jobs due to a fault,it first locks the global lock protecting submitted_jobs (#1). After th...
CVE-2025-37948
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influencewhat the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgat...
CVE-2025-37963
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typicallydisabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigat...
CVE-2024-52560
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the mi_enum_attr() function interface with an additionalparameter, struct ntfs_inode *ni, to allow marking the inodeas bad as soon as an error is dete...
CVE-2024-57927
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf ofnfs, it creates a new write request and calls nfs_netfs_init_request() toinitialise it, but w...
CVE-2025-21800
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset When bit offset for HWS_SET32 macro is negative,UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds indrivers/net/ethernet/mellanox/mlx5/core/st...
CVE-2025-37914
In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netemchild qdisc will make the parent qdisc's enqueue callback reentrant.In the case of ets, t...
CVE-2025-37915
In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netemchild qdisc will make the parent qdisc's enqueue callback reentrant.In the case of drr, t...
CVE-2025-37921
In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in 'vnifilter' mode, the FDBentry associated with the default remote (assuming one was configured)is deleted without holding the...
CVE-2025-37923
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd...
CVE-2025-37949
In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_threadcallstack:BUG: kernel NULL pointer dereference, address: 0000000000000000RIP: e030:__wake_up_common+0x4c/0x180Call Trace:__wake_u...
CVE-2025-37953
In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node()after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(...
CVE-2025-37987
In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which preventsmore than 1 command to be posted onto it at any one time. This makes itso the client drivers cannot sim...
CVE-2024-58008
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trustedkeys can crash during en- and decryption of the blob encryption key viathe DCP crypto driver. Th...
CVE-2025-21709
In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dup_mmap() failures and uprobe registering If a memory allocation fails during dup_mmap(), the maple tree can be leftin an unsafe state for other iterators besides the exit path. All thelocks are dropp...
CVE-2025-21730
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggeredwithout removing the interface first. Then the mgnt_entry list init again,causing the list_...
CVE-2025-21777
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of allthe subbuffers. The first entry is the reader page, and the rest of theentries lay out the order ...