3468 matches found
CVE-2021-47261
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQfragments buffer cq->buf, or the temporary cq->resize_buf that is filledduring CQ resize operation. Howev...
CVE-2021-47283
In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI orlegacy IRQ interrupts. In the last one, the interrupt was not properlyreleased on module remove. It was not freed be...
CVE-2021-47295
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was innon-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms() new tcindex_data is ...
CVE-2021-47309
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_infotype without validation. lwtstate->data can have various types such asmpls_iptunnel_...
CVE-2021-47343
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error(e.g. read the content of origin block fails during shadowing),and the value of shadow_spine::root is uninit...
CVE-2021-47351
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} andlistxattr operations, such as assertion failure, memory corruption,stale xattr value[1]. Fix it by i...
CVE-2021-47382
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removedtaking discipline_mutex inside qeth_do_reset(), fixing potentialdeadlocks. An error path was missed though, that...
CVE-2021-47390
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm]Read of size 8 at addr ffffc9001364f638...
CVE-2021-47394
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF:BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955nla_strcmp+0xf2/0x130 lib/nlattr.c:836nft_table_lookup.part.0+0x1a2/0x460 net/netfi...
CVE-2021-47476
In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanitychecks on the sizes. This can lead to zero-size-pointer dereferences oroverflowed transfer buffers in ni6501_p...
CVE-2022-48692
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereferencewhich is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 00000000...
CVE-2022-48732
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS rejectaccess to the last byte. This causes driver initialization to fail onApple eMac's with GeForce 2 MX GPUs, le...
CVE-2022-48793
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebasesI accidentally moved the call to nested_svm_load_cr3 to be too early,before the NPT is enabled, which is very wro...
CVE-2022-48838
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320Read of size 8 at addr ffff88802b93409...
CVE-2022-48935
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases vianf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow...
CVE-2022-48995
In the Linux kernel, the following vulnerability has been resolved: Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() There is a kmemleak when test the raydium_i2c_ts with bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8):comm "python3", pid 349, jiffies 4294741067 (age 9...
CVE-2022-49016
In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I got the following report while doing device(mscc-miim) load testwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled: OF: ERROR: memory leak, expected refcount 1 instead of 2,of_...
CVE-2023-52505
In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD(implemented by the driver), as well as others, control protocolconverters from multipl...
CVE-2023-52559
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled.Allocating memory with the GFP_KERNEL flag may re-enable IRQs duringthe suspend callback, which can ca...
CVE-2023-52702
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() old_meter needs to be free after it is detached regardless of whetherthe new meter is successfully attached.
CVE-2023-52738
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini Currently amdgpu calls drm_sched_fini() from the fence driver sw finiroutine - such function is expected to be called only after therespective init function - drm_s...
CVE-2023-52860
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplugcallbacks after the device has been unregistered, leading to firew...
CVE-2023-52894
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproduciblecrash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code ...
CVE-2024-26652
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), Callback function pdsc_auxbus_dev_releasecalls kfree(padev) to free memory. We should...
CVE-2024-26724
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: [ 2169.711665] ==================================================================[ 2169.71400...
CVE-2024-26849
In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]BUG: KMSAN: uninit-value in...
CVE-2024-35920
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_dec_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
CVE-2024-35948
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code forindividual items is generally low pr...
CVE-2024-41011
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU hasan unused 4K area of the register BAR space into which you canremap registers. We remap the HDP flush registe...
CVE-2024-41028
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMImatching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-...
CVE-2024-41061
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why]Potential out of bounds access in dml2_calculate_rq_and_dlg_params()because the value of out_lowest_state_idx used as an index for FCLKChangeSupportarray...
CVE-2024-43891
In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate thefreeing of the file meta data with the files that are exposed to userspace. The file meta data would have...
CVE-2024-46706
In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernelsometimes boot hang. It is because normal console still is not ready,but runtime suspend is called, so ...
CVE-2024-49942
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. When sourceresource is null, it will trigger a NULL pointer dereference inxe_migrate_copy. To avoid this situation, u...
CVE-2024-50043
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix possible badness in FREE_STATEID When multiple FREE_STATEIDs are sent for the same delegation stateid,it can lead to a possible either use-after-free or counter refcountunderflow errors. In nfsd4_free_stateid() under the ...
CVE-2024-50114
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free whentearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c...
CVE-2024-50190
In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_tx_topology() Fix leak of the FW blob (DDP pkg). Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoidcopying whole FW blob. Copy just the topology section, and only whenneeded. Reus...
CVE-2024-50213
In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the followingmemory leak occurs. The mode allocated in drm_mode_duplicate() called bydrm_display_mode_from_...
CVE-2024-53182
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with sync_bfqq, and bfq_release_process_ref cannotbe put into bfq_pu...
CVE-2024-56536
In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis tocause a potential NULL dereference, fix this!
CVE-2024-56542
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a memleak issue when driver is removed Running "modprobe amdgpu" the second time (followed by a modprobe -ramdgpu) causes a call trace like: [ 845.212163] Memory manager not clean during takedown.[ 845.212170] ...
CVE-2024-56617
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate andbuild ca...
CVE-2021-47091
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context,as even encoded by the lockdep_assert_held() there. Fix it.
CVE-2021-47159
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative errorcode such as -EOPNOTSUPP. Because "i" is an unsigned int, the negativeerror code is type promoted to a...
CVE-2021-47160
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, butwas not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link ...
CVE-2021-47180
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.Fix this by freeing hci_dev in nci_free_device. BUG: memory leakunreferenced object 0xffff888111ea6800 (size 1024...
CVE-2021-47192
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero afterofflinining device") The problem is that after iSCSI recovery, iscsi...
CVE-2021-47206
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2021-47218
In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(),h->size is left initialized with a non-zero value, but the h->htablepointer is NULL. This m...
CVE-2021-47233
In the Linux kernel, the following vulnerability has been resolved: regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL devm_gpiod_get_array_optional may return NULL if no GPIO was assigned.