8330 matches found
CVE-2024-26962
In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshapeposition will wait for reshape to make progress. However, for dm-raid,in fol...
CVE-2024-26996
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down,eth_stop() is called. At this piont, accidentally if usb transport errorshould h...
CVE-2024-26968
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with anempty element. Add such entry to the end of the arrays where itis missing in order to avoid possible ...
CVE-2024-27049
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a testto make sure the shared irq handler should be able to handle the unexpectedevent after deregistration. For...
CVE-2024-27071
In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fix potential NULL pointer dereference The "im" pins are optional. Add missing check in the hx8357_probe().
CVE-2024-27042
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessedbefore checking if the index 'adev->vcn.num_vcn_inst' is within thebounds ...
CVE-2024-26995
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pd_set Off-by-one errors happen because nr_snk_pdo and nr_src_pdo areincorrectly added one. The index of the loop is equal to the number ofPDOs to be updated when leaving the loop and i...
CVE-2023-52649
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the lastindex of the array the ceil LUT index will point to an entrybeyond the array. Make sure we guard against it and use thevalue of t...
CVE-2024-26998
In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uart_tty_port_shutdown()under the spin lock. However, the PM or other timer based callbacksmay still trigger after this event witho...
CVE-2024-27031
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disableinterrupts while iterating through pages in the xarray to submitfor NFS read. This is not safe ...
CVE-2024-27033
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic verify_blkaddr() will trigger panic once we inject fault intof2fs_is_valid_blkaddr(), fix to remove this unnecessary f2fs_bug_on().
CVE-2024-26975
In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix a NULL pointer dereference A NULL pointer dereference is triggered when probing the MMIO RAPLdriver on platforms with CPU ID not listed in intel_rapl_common CPUmodel list. This is because the intel_rapl_co...
CVE-2024-27068
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking.So free it to avoid a leak.
CVE-2024-27048
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if thephysical memory has run out. As a result, if we dereferencethe null value, the null pointer dereference bug will happen. ...
CVE-2024-35855
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list ofconfigured rules and queries their activity from the device. As part of this task ...
CVE-2024-26886
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shownbellow, so instead of using sock_sock this uses sk_receive_queue.lockon bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:...
CVE-2024-27064
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain If nft_netdev_register_hooks() fails, the memory associated withnft_stats is not freed, causing a memory leak. This patch fixes it by moving nft_stats_alloc() down after...
CVE-2024-27025
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errnobased on other call sites within the same source code.
CVE-2024-27029
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mmhub client id out-of-bounds access Properly handle cid 0x140.
CVE-2021-46958
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit,a task doing an fsync and the transaction kthread, which leads to anuse-after-fre...
CVE-2024-42089
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used infsl_asoc_card_audmux_init().Move this assignment at the start of the probe function, sosub-functions can correctly use pdev thr...
CVE-2022-2602
io_uring UAF, Unix SCM garbage collection
CVE-2021-47549
In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the rmmod sata_fsl.ko command is executed in the PPC64 GNU/Linux,a bug is reported: BUG: Unable to handle kernel data access on read at 0x80000800805b502cOops: Kernel...
CVE-2021-46973
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediatelyfollowing the queueing of the skb for transmission, leading to thecallback decrementing the refcount of the as...
CVE-2024-26980
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request sizevalidation could be skipped. if request size is smaller thansizeof(struct smb2_query_info_req), slab-out-of-bou...
CVE-2024-27073
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attachshould free the resources it allocates, like the error-handling ofttpci_budget_init does. Besides, there are...
CVE-2024-27054
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the devicetakes care of decrementing the module's refcount. Doing it manually onthis error path causes refcount to artifici...
CVE-2024-26889
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event thathdev->name is bigger than that strcpy would attempt to write past itssize, so this fixes this problem by sw...
CVE-2024-26950
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device beingdereferenced. It's actually easier and faster performance-wise toinstead get the device from ctx-...
CVE-2024-26940
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when thecorresponding ttm_resource_manager is not allocated.This leads to a crash when trying to read from...
CVE-2024-26894
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated withit is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024):c...
CVE-2024-42139
In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc.However, in case where the driver is removed when the application isrunning, a specific extts event remains enabled and can cause a ke...
CVE-2024-27393
In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag incommit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were mi...
CVE-2021-46976
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retirefunction to store flags. However, the auto_retire function is notguaranteed to be aligned to a multiple of 4, which causes crashe...
CVE-2024-26991
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and triggerKASAN splat, as seen in the private_mem_conversions_test selftest. When memory attribut...
CVE-2024-27041
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULLbefore the call to dc_enable_dmub_notifications(), checkbeforehand to ensure there will not...
CVE-2022-48669
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() buf is allocated in papr_get_attr(), and krealloc() of bufcould fail. We need to free the original buf in the case of failure.
CVE-2024-27040
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But inthe second if statement, we're not checking if 'replay' is NULL againbefore calling re...
CVE-2024-26977
In the Linux kernel, the following vulnerability has been resolved: pci_iounmap(): Fix MMIO mapping leak The #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),which means MMIO mappings are leaked. Move the guard so we call iounmap() for MMIO mappings.
CVE-2023-52653
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neithergss_import_v2_context nor it only caller gss_krb5_import_sec_context,which frees ctx on error. Thus, this patch r...
CVE-2024-27005
In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lockmutexes in [1] to avoid lockdep splats. However, this didn't adequatelyprotect access to icc_node::...
CVE-2024-27032
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible thatf2fs_reserve_new_block() will return -ENOSPC during recovery,then it may trigger panic. Also, if fault injection rate is 1...
CVE-2024-27058
In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquotinformation from the rb tree. Fetching the rb_tree root node must also be protected by thedqopt->dqio_sem, otherwise, g...
CVE-2024-27072
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() becauseare useless and may led to a deadlock as reported here:https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000Also remove ...
CVE-2024-53158
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned fromclk_round_rate() is the same as on the previous iteration. However,that check doesn't make sense on the f...
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...
CVE-2024-56531
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-longwaiting. OTOH, the current code uses snd_card_free() atdisconnection, but this waits for the close of...
CVE-2024-53160
In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expiresvariable in the schedule_delayed_monitor_work() function: BUG: KCSAN: data-race in __mod_timer ...
CVE-2024-53214
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden fromthe user. For example, an unknown capability (i.e., capability with IDgreater than PCI_EXT_CAP_ID_...
CVE-2024-56788
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack.waiting_tx_skb pointer points to the tx skb which needs to be processedand ongoing_tx...