4371 matches found
CVE-2024-43859
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fs_file_open() chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011fscrypt_set_bio_crypt_ctx+0x78/0x1e8f2fs_grab_...
CVE-2024-46682
In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Prior to commit 3f29cc82a84c ("nfsd: split sc_status out ofsc_type") states_show() relied on sc_type field to be of validtype before calling into a subfunction to show ...
CVE-2024-46766
In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that isnot rtnl-locked when called from the reset. This creates the need to takethe rtnl_lock just for a s...
CVE-2024-47702
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/data_end/data_meta syzbot reported a kernel crash due tocommit 1f1e864b6555 ("bpf: Handle sign-extenstin ctx member accesses").The reason is due to sign-extension of 32-bit l...
CVE-2024-49970
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN401 'stream_enc_regs' array is an array of dcn10_stream_enc_registersstructures. The array is initialized with four elements, correspondingto the four calls ...
CVE-2024-49976
In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", sincecommit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearingof kthread in stop_kthread()"...
CVE-2024-50291
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index wasfor a valid buffer. Add this check.
CVE-2021-47167
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,so that the structure reflects the fact that it is now empty.Also change the test in nfs_pageio_do...
CVE-2021-47173
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe.Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leakunreferenced object 0xffff8881011138...
CVE-2021-47212
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error,which indicates that the driver started the destroy process.In this case, when a destroy command is being executed,...
CVE-2021-47252
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the timethe OGM was queued for transmission and when the OGM is actuallytransmitted by the worker. But WARN_ON must be...
CVE-2021-47275
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper locationfrom the internal B+ tree is matched for a cache miss range, functioncached_dev_cache_miss() will ...
CVE-2021-47288
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() whileaddressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:...
CVE-2021-47314
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for privatestructure. Fix this by using resource-managed allocation.
CVE-2021-47368
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_tparameter in the irq descriptor, and that reference can beaccessed later from irq_affinity_hint_proc_show(). Sincethe cp...
CVE-2021-47389
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sev_decommission in sev_receive_start DECOMMISSION the current SEV context if binding an ASID fails afterRECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guestcontext and thus needs to be paired...
CVE-2021-47395
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotaproutine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at ...
CVE-2021-47409
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2021-47410
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driverdisconnects from a device, devm_memunmap_pages anddevm_release_mem_region calls in svm_migrate_fini are redundant. It causes be...
CVE-2021-47421
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd,it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCIdriver w...
CVE-2021-47475
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up untilrecently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSizeof us...
CVE-2021-47479
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was inrace condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see from crash log, that d...
CVE-2021-47538
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as itholds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a function]
CVE-2021-47546
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftablesfirewall rules and a suppress_prefix rule is present in the IPv6 routingrules (used by certain tools such as wg-quick). ...
CVE-2021-47619
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUsand X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0...
CVE-2022-48633
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutexgets destroyed by drm_gem_object_release() move thedrm_gem_object_release() call in psb_gem_free_object() to aft...
CVE-2022-48650
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG")made the __qlt_24xx_handle_abts() function return early iftcm_qla2xxx_find_cmd_by_tag() didn't fin...
CVE-2022-48665
In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a largecapacity partition. For example, if storage with sector size of 512 bytes and partitioncapacity is larger than 2TB, ...
CVE-2022-48694
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQafter QP is in error target the wrong CQ. This causes theib_drain_sq to hang with no completion. Fix this to generate complet...
CVE-2022-48766
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and somekernel panics without this fix.
CVE-2022-48875
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when adeauthentication is ongoing. Here a trace triggering the race with the hostapd testmulti_ap_fronthaul_on_ap: (...
CVE-2022-48887
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunatelythe rcu paths were buggy and it was easy to make the driver crash bysubmitting command buffers from two differ...
CVE-2022-48946
In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, thecode would corrupt extent tree header instead. Fix the problem and useudf_delete_aext() for deleting e...
CVE-2022-48949
In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the messagesent to the VF is not set. The memory, however, is allocated from thestack meaning that information may be leaked...
CVE-2022-48968
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not freetc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().
CVE-2022-49031
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace:a...
CVE-2023-39180
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required t...
CVE-2023-52568
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for anenclave and set secs.epc_page to NULL. The SECS page is used for EAUGand ELDU in the SGX page fault handl...
CVE-2023-52742
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: Azero-length control-OUT transfer was treated as a read instead of awrite. In modern kernels this error provokes a WARNI...
CVE-2023-52799
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks thereis an array out of bounds while getting element in tp->dm_stree. To addthe required check for out of bound w...
CVE-2023-52898
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not raceand cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci...
CVE-2024-26768
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform hasmore then 64 cpus, system will crash on these platforms. MAX_CORE_PICis the maximum cpu nu...
CVE-2024-26918
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM manageddevices need to be in the RPM_ACTIVE state for PME polling. In fact, onlydevices in low power states should...
CVE-2024-27433
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So callingmtk_free_clk_data() explicitly in the remove function would lead to adoubl...
CVE-2024-35961
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, thedriver will report the error to user via devlink. This will triggera WARN_ON, since mlx5 is calling devlink_register...
CVE-2024-35975
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creationNetdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling hasa bug...
CVE-2024-36024
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why]Workaroud for a race condition where DMCUB is in the process ofcommitting to IPS1 during the handshake causing us to miss thetransition into IPS2 and tou...
CVE-2024-38385
In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which isreturned by mt_find() while neither holding sparse_irq_lock nor RCU readlock, which means the des...
CVE-2024-38548
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() isassigned to mhdp_state->current_mode, and there is a dereference of it indrm_mode_set_nam...
CVE-2024-38590
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdev_err() toibdev_err_ratelimited(), and change the printing level of cqe dumpto debug level.