2811 matches found
CVE-2024-57896
In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleanerkthread, using kthread_stop() which frees the associated task_struct, andthen st...
CVE-2024-57912
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from atriggered buffer, but it has a hole between the temperature and thetimestamp (u32 pressure, u16 tem...
CVE-2024-57949
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interruptdisabled section: irq_set_vcpu_affinity()irq_get_desc_lock()raw_spin_lock_irqsave...
CVE-2024-58055
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion ofthe sense status. It can be freed then. Otherwise we will double-freethe command.
CVE-2025-21744
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a potential NULLpointer dereference occurs. The following sequence deletes the interface: brcmf_detach()b...
CVE-2025-21762
In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.
CVE-2025-21779
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if andonly if the local API is emulated/virtualized by KVM, and explicitly rejectsaid ...
CVE-2025-21920
In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, this also causes abug which leaks the address of a kernel function to use...
CVE-2025-21968
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why]A slab-use-after-free is reported when HDCP is destroyed but theproperty_validate_dwork queue is still running. [How]Cancel the delayed work when destroying workqueue. (che...
CVE-2025-22011
In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crasheson xHCI power-domain resume: root@raspberrypi:/sys/power# echo freeze > state[ 70.724347] xhci_suspend finished[ 70...
CVE-2022-49116
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaksin l2cap_ecred_connect
CVE-2022-49283
In the Linux kernel, the following vulnerability has been resolved: firmware: sysfb: fix platform-device leak in error path Make sure to free the platform device also in the unlikely event thatregistration fails.
CVE-2022-49653
In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memoryleak in that code path. The leak is caused by the fact thatrelease_resource() merely removes the resource fr...
CVE-2022-49700
In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long asthe TID stays the same. However, two places in __slab_alloc() currentlydon't update the TID when de...
CVE-2023-53033
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then thelength is adjusted to copy the bytes that are within the boundaries ofthe vlan_ethhdr...
CVE-2024-56774
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root iscorrupted thus the extent tree is NULL. Wh...
CVE-2025-21681
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the followingsequence of calls: do_output -> ovs_vport_send -> dev_queue_xmit -> __dev_queue_xmit ->...
CVE-2025-21763
In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.
CVE-2025-21922
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by theppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP filt...
CVE-2025-21963
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to havean upper limit, but before it is validated, the value is converted fromseconds to jiffies which...
CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extendedattribute list (xattr) size matches ea_size. If not, it logs"ea_get: invalid extended attribute" and calls print...
CVE-2022-49235
In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missingfield initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Basedon code it looks like in current...
CVE-2022-49256
In the Linux kernel, the following vulnerability has been resolved: watch_queue: Actually free the watch free_watch() does everything barring actually freeing the watch object. Fixthis by adding the missing kfree. kmemleak produces a report something like the following. Note that as anaddress can b...
CVE-2022-49321
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client maytreats it as a bcall when bc service is not exist. The debug message at rpcrdma_bc_receive_call are, [5657...
CVE-2022-49404
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even whenstoring the result in a larger type. This is because the conversion isdone after the multiplicati...
CVE-2022-49520
In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system call above the__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to theoffending process. Info...
CVE-2022-49583
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly.iavf_get_rx_buffer now sets the rx_buffer return value for dummy receivedescriptors. Without this patch, when ...
CVE-2022-49587
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49603
In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. While reading sysctl_ip_fwd_update_priority, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49636
In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlan_newlink() Blamed commit added back a bug I fixed in commit 9bbd917e0bec("vlan: fix memory leak in vlan_dev_set_egress_priority") If a memory allocation fails in vlan_changelink() after other allocation...
CVE-2024-47408
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset inproposal msg is from the remote client and can not be fully trusted.Once the value of smcd_v2_ext_o...
CVE-2024-57792
In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowestcharge current limit to be greater zero. If requested charge current limitis below lowest limit, the ...
CVE-2025-21728
In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a programrunning in a non-preemptible context uses the bpf_send_signal() kfunc,it will cause issues because this kfunc can ...
CVE-2025-21969
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data workqueue references the released l2cap_conn when sending to the upper layer.Add hci dev lock to ...
CVE-2025-21993
In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefixlength is 64, this c...
CVE-2022-49287
In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpm_chip The following sequence of operations results in a refcount warning: Open device /dev/tpmrm. Remove module tpm_tis_spi. Write a TPM command to the file descriptor opened at step 1. ---...
CVE-2022-49313
In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxu_bus_suspend() There is a deadlock in oxu_bus_suspend(), which is shown below: (Thread 1) | (Thread 2)| timer_action()oxu_bus_suspend() | mod_timer()spin_lock_irq() //(1) | (wait a time)... | ...
CVE-2022-49356
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svc_rdma_build_writes() from walking off the end of a Writechunk's segment array. Caught with KASAN. The test that this fix replaces is invalid, and might have been leftover from an earli...
CVE-2022-49429
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call tohfi1_write_iter() will dereference a NULL pointer and panic. A typicalstack frame is: sdma_select_user_engine [hfi1]hfi1_u...
CVE-2022-49536
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces areobserved. CPU A:native_queued_spin_lock_slowpath+0x192_raw_spin_lock_irqsave+0x32lpfc_handle_fcp_er...
CVE-2022-49615
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function.But, the rt711->component doesn't be assigned yet.If IO error happened during initial setti...
CVE-2022-49644
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be called to takecare of proper free. So it is necessary to drop the refcount of portbefore intel_connect...
CVE-2022-49707
In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image whichis freshly clear resize_inode feature (not run e2fsck). It could besimply reproduced by following steps. The problem is bec...
CVE-2024-57908
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from atriggered buffer, but it does not set values for inactive channels, asit only uses iio_for_each_active_chan...
CVE-2025-21650
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs1024-1279 are in different BAR space addresses. However,hclge_fetch_pf_reg does not dist...
CVE-2025-21787
In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1]BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]BUG: KMSAN: uninit-val...
CVE-2025-21917
In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB driversavailable on the Renesas RZ/G2L SoC, a kernel crash with the message"Unable to handle kernel NULL pointer derefer...
CVE-2025-21925
In the Linux kernel, the following vulnerability has been resolved: llc: do not use skb_get() before dev_queue_xmit() syzbot is able to crash hosts [1], using llc and devicesnot supporting IFF_TX_SKB_SHARING. In this case, e1000 driver calls eth_skb_pad(), whilethe skb is shared. Simply replace skb...
CVE-2025-21997
In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32',their product can wrap around and then be cast to 'u64'.This can lead to two different XDP buffers pointing...
CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232):comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s)hex dump (first 32 bytes):0...