CVE-2024-56719

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmapfor non-paged SKB data") moved the assignment of tx_skbuff_dma[]'smembers to be later in stmmac_tso_xmit(). The buf...

CVE-2021-47083

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number,it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.

CVE-2021-47140

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domainof an iommu group") a user can switch a device between IOMMU and directDMA through sysfs. This doesn't work for A...

CVE-2021-47151

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid thereference leak.

CVE-2021-47193

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memoryleak during driver removal. Properly free memory when the module is removed.

CVE-2021-47197

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceedsto rest of destroy operations. mlx5_core_destroy_cq() could be called againby user and cause addit...

CVE-2021-47294

In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to usesock timer API. It replaces mod_timer() by sk_reset_timer(), anddel_timer() by sk_stop_timer(). Function...

CVE-2021-47300

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctlyand fix use-after-free") under various failure conditions, for example, whenjit_su...

CVE-2021-47360

In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA objectcleanup may close 1 or more fds. The close operations arecompleted using the task work mechanism -- which means the threadneeds to ret...

CVE-2021-47369

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix NULL deref in qeth_clear_working_pool_list() When qeth_set_online() calls qeth_clear_working_pool_list() to rollback after an error exit from qeth_hardsetup_card(), we are at risk ofaccessing card->qdio.in_q befor...

CVE-2021-47415

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possible NULL dereference In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULLbefore dereferencing it.

CVE-2021-47437

In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560("iio: adis16475: improve sync scale mode handling"), two deadlocks wereintroduced: The call to 'adis_write_reg_16()' was not changed to it's unlockedversion. T...

CVE-2021-47499

In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, thememory allocated by iio_triggered_buffer_setup() will not be freed, and causememory l...

CVE-2021-47510

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the followingscript. #!/bin/sh for d in sda sdb; domkfs.btrfs -d single -m single -f /dev/${d}done mount /dev/sda /mnt/testmount...

CVE-2021-47513

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 ("Resource leak")Addresses-Coverity-ID: 1492899 ("Resource leak")

CVE-2021-47537

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed outunder the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_r...

CVE-2022-48660

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below commandgpiomon --num-events=3 --rising-edge gpiochip1 25There will be a warning trace as below:Call tr...

CVE-2022-48690

In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters.During reallocation of RX buffers, new DMA mappings are created forthose buffers. New buffers with different RX ring count shouldsubstitute older ones, but thos...

CVE-2022-48712

In the Linux kernel, the following vulnerability has been resolved: ext4: fix error handling in ext4_fc_record_modified_inode() Current code does not fully takes care of krealloc() error case, whichcould lead to silent memory corruption or a kernel bug. This patchfixes that. Also it cleans up some ...

CVE-2022-48761

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMPModules linked in:CPU: 2 PID: 244 Co...

CVE-2022-48814

In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_fre...

CVE-2022-48822

In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called fromffs_func_disable as part of composition switch and at thesame time ffs_epfile_release get called from userspace.ffs_epfile_release wi...

CVE-2022-48843

In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not attached by default to the connectorIt is attached only if VRR is supported.So if the driver tries to call drm core set prop function wit...

CVE-2022-48845

In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle),2-core 2-thread-per-core interAptiv (CPS-driven) started emittingthe following: [ 0.025698] CPU1 revision is: 0001a120 (MI...

CVE-2022-48860

In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcountincremented in this function. Calling of_node_put() to avoid therefcount leak. As the remove function do.

CVE-2022-48890

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),which in a confidential VM allocates swiotlb bounce buffers. If the I/Osubmission fails in st...

CVE-2022-48925

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediatelyfail and no change to global state should happen. However, itunconditionally overwrites the src_...

CVE-2022-48931

In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem()is executing link_group() or unlink_group(),it is possible that two processes add or delete list concur...

CVE-2022-48967

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size...

CVE-2023-52526

In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compresseddeduplication feature enabled (-Ededupe), I found some short-livedtemporary pages weren't properly r...

CVE-2023-52737

In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locksa file range in the inode's io tree. This however can lead to a deadlockif we have a concurrent fs...

CVE-2023-52780

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checksleads to kernel crashes.First the page pool is only available if the bm is not used.The page pool is also not allocated wh...

CVE-2023-52797

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Check find_first_bit() return value We must check the return value of find_first_bit() before using thereturn value as an index array since it happens to overflow the arrayand then panic: [ 107.318430] Kernel BUG [#1...

CVE-2023-52829

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected valuein case some errors happen. As a result out-of-bound write may occur tosoc-&g...

CVE-2023-52851

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL inmlx5_mkey_cache_init(), delete the call tomlx5r_umr_resource_cleanup() (which f...

CVE-2023-52860

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplugcallbacks after the device has been unregistered, leading to firew...

CVE-2023-52870

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order toavoid NULL pointer dereference.

CVE-2023-52871

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, evena failed probe call would modify the global drv_data pointer. So checkif drv_data is valid befor...

CVE-2023-52883

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.

CVE-2023-52904

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.

CVE-2023-52916

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage istight. The way to reproduce this issue: Use 1600x900 to display on host Mount ISO through 'Virtual med...

CVE-2024-26652

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), Callback function pdsc_auxbus_dev_releasecalls kfree(padev) to free memory. We should...

CVE-2024-26780

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix task hung while purging oob_skb in GC. syzbot reported a task hung; at the same time, GC was looping infinitelyin list_for_each_entry_safe() for OOB skb. [0] syzbot demonstrated that the list_for_each_entry_safe() was ...

CVE-2024-35856

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter dan...

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code forindividual items is generally low pr...

CVE-2024-35953

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context.It requires XA_FLAGS_LOCK_IRQ flag to be passed during initializationotherwise the lock could be acquired from a thre...

CVE-2024-35971

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there areany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()implementation is guarded by l...

CVE-2024-36958

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in anunconditional call to kfree() on the way out ofnfsd4_encode_fattr4().

CVE-2024-36975

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. asn1_encode_sequence() is not an internal function (locatedin lib/asn1_encode.c). Location is known, which makes ...

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL)feature on a QAT device by sending the ICP_QAT_FW_TL_START message tothe firmware. This triggers the FW to start wr...