4367 matches found
CVE-2022-49022
In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routineas reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac8021...
CVE-2023-52499
In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476FSP2 system: kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0)BUG: Unable to handle kernel instr...
CVE-2023-52561
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory(the splash memory region set up by the bootloader). It fixes a kernel panic (arm-smmu: Unhandled...
CVE-2023-52611
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comeswith an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetoothcombo card. The error he obse...
CVE-2023-52766
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are notallocated and enabled in hci_dma_init(). Otherwise out of bounds accesswill occur from rings->...
CVE-2023-52846
In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees theskb and returns NULL. Meanwhile on the success path, it returns theoriginal skb. So it's straight forward...
CVE-2024-26699
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr [Why]There is a potential memory access violation whileiterating through array of dcn35 clks. [How]Limit iteration per array size.
CVE-2024-26705
In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about theBTLB information to set up the static (block) TLB entries. For that write access to the static b...
CVE-2024-26745
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics dueto NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? ...
CVE-2024-26914
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why]MAX_SURFACES is per stream, while MAX_PLANES is per asic. Thempc_combine is an array that records all the planes per asic. ThereforeMAX_PLANES should be used as the array s...
CVE-2024-27405
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11as host, at some instances, the gadget_giveback has one byte appended atthe end of a proper ...
CVE-2024-27432
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK:In the mtk_ppe_stop() function, the PPE scan mode is not disabled beforedisabling the PPE. This can potentially ...
CVE-2024-35813
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assignsprev_idata = idatas[i - 1], but doesn't check that the iterator i isgreater than zero. Let's fix this by add...
CVE-2024-35851
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL...
CVE-2024-35922
In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value onoverflow. It is necessary to prevent division by zero like infb_var_to_videomode(). Found by Linux Verification...
CVE-2024-35936
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,as it could be caused only by two impossible conditions: at first the search key is set up ...
CVE-2024-35972
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it isnot properly assigned and the cleanup path will not be able to free it.Fix it by assigning it prop...
CVE-2024-40928
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Clang static checker (scan-build) warning:net/ethtool/ioctl.c:line 2233, column 2Called function pointer is null (null dereference). Return '-EOPNOTSUPP' when...
CVE-2024-40937
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after itis freed with dev_kfree_skb_any(). This can result in a subsequent callto napi_get_frags returning a dang...
CVE-2024-42092
In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of brokenDT due to any error this value can be any. Without this value validationthere can be out of chips->...
CVE-2024-42102
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into32-bits. This patch s...
CVE-2024-42108
In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitch_poll() The use-after-free is actually in rswitch_tx_free(), which is inlined inrswitch_poll(). Since skb and gq->skbs[gq->dirty] are in fact thesame pointer, the skb is first free...
CVE-2024-42288
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB
CVE-2024-43855
In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is inprogress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bi...
CVE-2024-44948
In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching controlof the 640K-1MB region that uses separate MSRs. This fixed variant hasa separate capability bit in the MTR...
CVE-2024-45008
In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), fornum_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024.
CVE-2024-46737
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds()the kernel crashes in nvmet_tcp_release_queue_work() because ofa NULL pointer dereference. nvmet: failed to install ...
CVE-2024-46763
In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting downa host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocolin struct fou. When fou_release() is called du...
CVE-2024-46765
In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronousPF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same re...
CVE-2024-46772
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW]A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.
CVE-2024-46861
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: Payload too short Payload formatted incorrecly (e.g. bad NCM framing) Lack of memory None of these should cause the driver to seize u...
CVE-2024-47667
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when aninbound PCIe TLP spans more than two intern...
CVE-2024-47756
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentiallyresults in a NULL dereference. Thus, fix the if-statement expression to use the correct condition. [k...
CVE-2024-49981
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which isused to handle error. The code use core->sys_err_done to make sync work.The ...
CVE-2024-49987
In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called withqsort(NULL, 0, ...). This results in undefined behavior, as UBSanreports: net.c:827:2: runtime error: null pointer p...
CVE-2024-50060
In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty.And if an application does overflow a bit, it'll have a few entries.However, nothing obviously prev...
CVE-2024-50083
In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.------------[ cut here ]------------WARNIN...
CVE-2024-50096
In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The nouveau_dmem_copy_one function ensures that the copy push command issent to the device firmware but does not track whether it was executedsuccessfully. In the ca...
CVE-2024-50156
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed thenblock->state can be NULL. The msm_disp_state_print_regs() functiondoes have code to try to handle it with:...
CVE-2024-50183
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released beforean NPIV's resources can be torn down. Failure to release fabric ndlpsbeforehand ...
CVE-2024-50224
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Add check for the return value of spi_get_csgpiod() to avoid passing a NULLpointer to gpiod_direction_output(), preventing a crash when GPIO chipselect is not used. Fix b...
CVE-2024-53177
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to open_cached_dir error paths If open_cached_dir() encounters an error parsing the lease from theserver, the error handling may race with receiving a lease break,resulting in open_cached_dir() freei...
CVE-2024-53223
In the Linux kernel, the following vulnerability has been resolved: clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Base clocks are the first in being probed and are real dependencies of therest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,RT305x and RT3883 '...
CVE-2024-56557
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the sizeof tx_buf and ring_xfer was not increased accordingly, leading to apotential buffer overflow in a...
CVE-2024-56577
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtk_jpeg_core.c since commit09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwisethe below calltrace can be easily trigger...
CVE-2024-56708
In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: In igen6_probe(), igen6_pvt will be allocated with kzalloc() In igen6_register_mci(), mci->pvt_info will point to&ige...
CVE-2024-56710
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leakedand pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of spars...
CVE-2024-56723
In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to usethe hierarchy of the IRQ chips is correct, the implementationhas (inherited) flaws. This was unveiled when platfor...
CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assignedto the local "options". options is then used in with strsep() to findspaces: while ((name = strsep(&options, " ")) ...
CVE-2021-47137
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, aninvalid address is programmed into the descriptor. This can leadto memory corruption. If the memory allocation fails, DMA ...