4371 matches found
CVE-2021-47484
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files"rvu_debugfs.c" and "rvu_nix.c"
CVE-2021-47541
In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called andtmp->tx_cq will be freed on the error path of mlx4_en_copy_priv().After that mlx4_en_allo...
CVE-2021-47551
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpschalready been called, the start_cpsch will not be called since there...
CVE-2021-47599
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14....
CVE-2021-47620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of whilenum_reports loop, and would fill journal with false positives. Addedcheck to beginning of loop processing so that it do...
CVE-2022-48710
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a NULL pointer dereferenceon failure of drm_mode_duplicate(). Add a che...
CVE-2022-48775
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called...
CVE-2022-48788
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queuestate before preparing the AER command and scheduling io_work, in orderto fully prevent a...
CVE-2022-48799
In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on thefollowing path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)cpu_ctx_sched_inctx_sched_inctx_pinned_sched...
CVE-2023-52523
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an sk_msg program user can steer messagessent from one TCP socket (s1) to actually egress from another TCPsocket (s2): tcp_bpf_sendmsg(...
CVE-2023-52531
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for:sizeof(struct iwl_nvm_data) +sizeof(struct ieee80211_channel) +sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_dat...
CVE-2023-52611
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comeswith an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetoothcombo card. The error he obse...
CVE-2023-52801
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and islinked to domains_itree, pages_nodes have to be properlyreinserted. Otherwise the doma...
CVE-2024-26715
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuouslythere could be a chance while checking for dwc->gadget_driver indwc3_gadget_suspend, a NULL...
CVE-2024-26854
In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use.Move it to the top of ice_dpll_init.Note that the "err_exit" error path destroys the mutex. And the mutex isthe last ...
CVE-2024-26914
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why]MAX_SURFACES is per stream, while MAX_PLANES is per asic. Thempc_combine is an array that records all the planes per asic. ThereforeMAX_PLANES should be used as the array s...
CVE-2024-35799
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why]Disabling stream encoder invokes a function that no longer exists. [How]Check if the function declaration is NULL in disable stream encoder.
CVE-2024-35909
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causingalignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1...
CVE-2024-35921
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the contextregardless if the initialization worked or not. This caused a use afterfree, when the pointer is freed in ca...
CVE-2024-36018
In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8was causing a remap operation like the below. op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0...
CVE-2024-36910
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is shared. Caller...
CVE-2024-36947
In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positivesin subtree. For the cases when its argument has been kept alive bythe pinning alone that's exactly the right thing to do, but herethe ar...
CVE-2024-36948
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_migrate: Cast to output precision before multiplying operands Addressing potential overflow in result of multiplication of two lowerprecision (u32) operands before widening it to higher precision(u64). -v2Fix commit messa...
CVE-2024-36949
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the firstdevice will call kfd_suspend_all_processes() to evict all processeson all devices, this call takes...
CVE-2024-38628
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctlyhandled with locks.
CVE-2024-39493
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has goneaway only works after a complete call. Furthermore it's stillpossible that the caller has not yet called wait_for_comple...
CVE-2024-40915
In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in pagetable entry for deallocated pages to detect illegal memory accesses tofreed pages. Th...
CVE-2024-40921
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state()instead of dereferencing it again. Each caller has already correctlydereferenced it for thei...
CVE-2024-40947
In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010PGD 42f873067 P4D 0Oops: 0000 [#1] SMP NOPTICPU: 5 PID: 1286325 Com...
CVE-2024-42137
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closedserdev") will cause below regression issue: BT can't be enabled after below steps:cold...
CVE-2024-42241
In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can't be supported by xarr...
CVE-2024-42267
In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctlykill the process and we don't BUG() the kernel.
CVE-2024-43818
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no suchdevice, ACPI table error, reference count drop to 0, etc).Existing check just emit error messag...
CVE-2024-43819
In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION andKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.This is necessary since ucontrol VMs have kvm->arc...
CVE-2024-43825
In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended.It could result in an out-of-bounds access when the time is zero. Here are more details: ...
CVE-2024-43833
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(), ancillary links are created forlens and flash sub-devices. These are sub-device to sub-device links andif the async n...
CVE-2024-43847
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index.When the driver receives an interrupt for the reo reinject ring, themonitor ring ...
CVE-2024-43868
In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must beword-aligned in purgatory, since the trap handler is then set to thekexec one. Without the alignment, hitting the excep...
CVE-2024-46710
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursorbuffer. These maps can race with each other in simple scenario where:a) buffer "a" mapped for updateb) buffe...
CVE-2024-46752
In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message andabort the transaction in case we find an extent buffer belonging to therelocation tree that doe...
CVE-2024-46760
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference inrtw_rx_fill_rx_status on hw object and/or its fields becauseinitialization routine can start getting USB replie...
CVE-2024-46773
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW]A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.
CVE-2024-46778
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check UnboundedRequestEnabled's value CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabledis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thusif (p->UnboundedRequestEnabled) checks ...
CVE-2024-46827
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an associationrequest containing an Extended HE Capabilities InformationElement with an invalid MCS-NSS, it triggers a firmwarecrash. ...
CVE-2024-50175
In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw DataInterfaces RDIs could be driven by different virtual channels VCs on theCSIPHY input driving the vi...
CVE-2024-50281
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait forthe AEAD cipher operation to finish and simply return after submittingthe request. If there is some ...
CVE-2024-50298
In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VFis enabled. However, net_device_ops::ndo_set_vf_mac() may be called beforeVF is enabled to configure the MAC ad...
CVE-2024-53083
In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier If the read of USB_PDPHY_RX_ACKNOWLEDGE_REG failed, then hdr_len andtxbuf_len are uninitialized. This commit stops to print uninitializedvalue and misleading/false data...
CVE-2024-53149
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS.Correct the condition in the pmic_glink_ucsi_connector_status()callback, fixing Type-C orientation repo...
CVE-2024-56561
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCIdomain ID, but there are two issues: 'epc->dev' is passed to pci_bus_release_domain_nr() which...