2811 matches found
CVE-2024-57843
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM.Specially if the sysctl net.core.high_order_alloc_disable value is 1,then the frag always get a page when do refill. ...
CVE-2025-21785
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a boundscheck on the array size but does not account for cache levels withseparate data/instructions cache...
CVE-2022-49492
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (typically-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, whichis checked immediately ...
CVE-2024-56777
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to bechecked. To avoid use of error pointer 'crtc_state' in caseof the failure.
CVE-2024-57900
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner")attempted to fix a similar issue. Looking at the syzbot repro, we have c...
CVE-2025-21699
In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag:depending on that flag, the pages in the address space will either usebuffer heads or iomap_foli...
CVE-2025-21791
In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg()ip_push_pending_frames()ip_send_skb()ip_local_out()__ip_local_out()l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock(...
CVE-2025-22004
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling->send() to avoid a use after free.
CVE-2021-47671
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the functiondirectly returns without calling netif_rx(skb). This means that theskb previously allocated by al...
CVE-2022-49451
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix list protocols enumeration in the base protocol While enumerating protocols implemented by the SCMI platform usingBASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols iscurrently validated in an im...
CVE-2024-57807
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warningCPU0 CPU1---- ----lock(&instance->reset_mutex);lock(&shost->scan_mutex);lock(&instance->reset_mutex);lock...
CVE-2025-21864
In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit whilerunning tests that boil down to: create a pair of netns run a basic TCP test over ipcomp6 delete the pair of...
CVE-2025-21996
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace viaioctl() call to radeon_vce_cs_parse() is weirdly crafted andfirst command to execute is to encode (cas...
CVE-2022-49107
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comment explainingwhy we don't free last_readdir when dir_emit returns false.
CVE-2022-49563
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of thekey. This is to prevent a possible integer underflow that might happenwhen copying the source scatterlist into a linear b...
CVE-2024-57885
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called frominvalid context" warning when /sys/kernel/debug/kmemleak is printed underspec...
CVE-2025-21637
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net'structure via 'current' is not recommended for different reasons: Inconsistency: getting info from the reader'...
CVE-2022-49080
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will befreed via mpol_put before returning to the caller. But refcnt is notinitialized yet, so mpol_put could ...
CVE-2022-49275
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move thecan_put_echo_skb() for the m_can version 3.0.x directly before thestart of the xmit in hardware, similar to the ...
CVE-2024-56778
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to bechecked. To avoid use of error pointer 'crtc_state' in caseof the failure.
CVE-2025-21672
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This isbecause if argc is less than 0 and the function returns directly, the heldinode lock is not released. Fix this by s...
CVE-2025-21697
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device mustbe set to NULL. Failing to do so triggers a warning when unloadingthe driver, as it appears the job ...
CVE-2025-21760
In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()and avoid a potential UAF.
CVE-2022-49290
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leavingmesh") fixed a memory leak on mesh leave / teardown it introduced apotential memory corruption caused by a double...
CVE-2022-49295
In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling ofnetlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, addre...
CVE-2022-49296
In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync.2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()-->ceph_mdsc_do_request(openc)finish_open(file, dentry, ceph_...
CVE-2022-49319
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2022-49322
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix sleeping function called from invalid context on RT kernel When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in thecmdline, the output_printk() was called, and the spin_lock_irqsave() was called...
CVE-2024-57939
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep.However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.That causes the following warning: BUG: sl...
CVE-2025-21670
In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transporthas been assigned. As Michal reported, a socket might have the transport at NULL,for example after a failed connect(...
CVE-2025-21692
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan [email protected] found that ets_class_from_arg() canindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of0. The overflow may cause local privilege escalation....
CVE-2025-21731
In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: grab nbd_config temporarily; nbd_genl_disconnect() flush all recv_work() and release theinitial reference: nbd_genl_disconnectnbd_disconnect_an...
CVE-2025-21959
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbagecollection confirm race"), cpu and jiffies32 were introduced tothe struct nf_connc...
CVE-2022-49323
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform_get_resource()returns NULL, so move using 'res' after devm_ioremap_resource() thatwill check it to av...
CVE-2024-39282
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use anasynchronous thread to process the command operation. If the mainthread detects that the task has timed out, the async...
CVE-2024-47141
In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for thesame functionality, we are seeing NULL pointer issue while accessingdesc->mux_owner. Let's say two ...
CVE-2024-57902
In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as foundby syzbot. Rework vlan_get_tci() to not touch skb at all,so that it can be used from many cpus on the same skb. Add a const ...
CVE-2024-58069
In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmapinterface operates with fixed-size storage. If an nvmem client uses abuffer size less than 4 bytes, r...
CVE-2025-21772
In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: The bailout for a bad partoffset must use put_dev_sector(), since thepreceding read_part_sector() succeeded. If the partition table cla...
CVE-2025-21926
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting theskb but the socket reference is kept as-is. This is an issue if theoriginal skb is later orphaned as we can hit th...
CVE-2022-49058
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning:arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:__memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'lin...
CVE-2024-57892
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, aslab-use-after-free occurs after the user uses a syscall toquota_getnextquota. Specifically, sb_dqinfo(sb, ty...
CVE-2024-57922
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why]Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2()should check for granularity is non zero to avoid assert anddivide-by-zero error in dcn_bw_ functions...
CVE-2025-21658
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG]Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1BUG: kernel NULL pointer dereference, address: 0000000000...
CVE-2025-21685
In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()before setting the client ops via serdev_device_set_client_ops(). Thisordering can trigger ...
CVE-2025-21719
In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mr_mfc_uses_dev() for unres entries syzbot found that calling mr_mfc_uses_dev() for unres entrieswould crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvifalias to "struct sk_buff_head unresolved",...
CVE-2025-21782
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read inorangefs_debug_write... several people suggested fixes,I tested Al Viro's suggestion and made this patch.
CVE-2025-21848
In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() innfp_bpf_cmsg_alloc() to prevent null pointer dereference.
CVE-2022-49280
In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue.
CVE-2024-57809
In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDLplatform, as documented in the NXP errata (ERR005723): https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patch...