4371 matches found
CVE-2022-48960
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, aftercalling this, dereferencing skb may trigger use-after-free.
CVE-2022-48966
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkedingto ...
CVE-2022-48983
In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3Read of size 4 at addr 0000000000000138 by task file1/1955 CPU: 1 PID: 1955 C...
CVE-2022-49032
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call...
CVE-2023-52512
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO indexvalidity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVAC...
CVE-2023-52736
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removalare re-used by ASoC codec drivers implementations. Drivers mimic thebehavior of hda_codec_driver_probe/remo...
CVE-2023-52754
In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the secondinterface, the driver assumes blindly that the first interface gotbound with the same imon dr...
CVE-2023-52768
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues withvmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4Write of size 4 at addr c3...
CVE-2023-52838
In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt()fails we need to call iounmap(par->cmap_regs).
CVE-2023-52879
In the Linux kernel, the following vulnerability has been resolved: tracing: Have trace_event_file have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' > kprobe_events exec 5>>events/kprobes/sched/enable > kprobe_events exec 5>&- The ab...
CVE-2024-26682
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: improve CSA/ECSA connection refusal As mentioned in the previous commit, we pretty quickly foundthat some APs have ECSA elements stuck in their probe response,so using that to not attempt to connect while CSA is hap...
CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue [1]: BUG: kernel NULL pointer dereference, address: 0000000000000000[...]RIP: 0010:0x0[...]Cal...
CVE-2024-26823
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirksapplicable to ACPI-based platforms was lost. As a result, systems such asHIP07 lose their GICv4 f...
CVE-2024-26910
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroyand kernel side add/del/test", commit 28628fa9 fixes a race condition.But the synchronize_rcu() adde...
CVE-2024-35832
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.It should be freed by kvfree not kfree.Or umount will triger: [ 406.829178 ] BUG: unable to handle page fau...
CVE-2024-35841
In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use thetls_sw_sendmsg_splice path in the TLS sendmsg code to move the userprovided pages from the msg into the msg_pl. This will loop ove...
CVE-2024-35914
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parentshaving no common ancestor") added an error bail out path. However thispath does not drop the remount protection th...
CVE-2024-35974
In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queuein case of disk rebind. blkg may still stay in q->blkg_list when callingblkcg_init_disk() for rebind...
CVE-2024-36963
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs.Because the permissions are generated when accessed, they default to theroot inode's permissi...
CVE-2024-39462
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
CVE-2024-40899
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restorecommand: ==================================================================BUG: KASAN: sla...
CVE-2024-42162
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for asubset of queues. Without this change, gve_get_ethtool_stats might makean invalid access on the priv->stats...
CVE-2024-42273
In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid mkdir /mnt/test/compf2fs_io setflags compression /mnt/test/compdd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1truncate --size 13 /mnt/test/comp/testfile In the above s...
CVE-2024-43857
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed byis_end_zone_blkaddr() that checks the last block of a zonewhen f2fs is mounted as a single device.
CVE-2024-44943
In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing try_grab_folio A kernel warning was reported when pinning folio in CMA memory whenlaunching SEV virtual machine. The splat looks like: [ 464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages...
CVE-2024-44956
In the Linux kernel, the following vulnerability has been resolved: drm/xe/preempt_fence: enlarge the fence critical section It is really easy to introduce subtle deadlocks inpreempt_fence_work_func() since we operate on single global ordered-wqfor signalling our preempt fences behind the scenes, s...
CVE-2024-45001
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() tocreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignmentis affected by the a...
CVE-2024-46734
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one ofthem is doing direct IO writes while the other is doing fsync, we have arace where we can e...
CVE-2024-49876
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on arandom system wq, which will outlive the driver instance. With badtiming we can teardown the driver with one or more work wo...
CVE-2024-50100
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems eversince the dummy-hcd driver was changed to use hrtimers instead ofregular timers. It turns out that the problems are ca...
CVE-2024-53211
In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tp_exit_net found by syzbot In l2tp's net exit handler, we check that an IDR is empty beforedestroying it: WARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr)); idr_destroy(&pn->l2tp_tunnel_idr); By fo...
CVE-2024-56537
In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer inzynqmp_disp_create_layers
CVE-2024-56555
In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with theproc->inner_lock held. However, this lock is temporarily dropped toacquire the node->lock first (lock nesting ...
CVE-2024-56559
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-runningKASAN-enabled kernel on a 256-core machine, the following soft l...
CVE-2024-56695
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' The kfd_get_cu_occupancy function previously declared a largecu_occupancy array as a local variable, which could lead to stackoverflows due to ex...
CVE-2021-47114
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is inthe middle of last cluster, then the part from isize to the end of thecluster will be zeroed with buffer write, at that ...
CVE-2021-47120
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple MagicTrackpad 2") added a sanity check for an Apple trackpad but returnedsuccess instead of -ENODEV when the check failed. T...
CVE-2021-47139
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializingcomplete. So there is a timewindow between netdevice availableand usable. In this case, ...
CVE-2021-47146
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page,only order-0 allocation is allowed.If headroom size is too large, a kernel panic could occur in skb_put(). Test commands:ip netns del Aip netns...
CVE-2021-47158
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() orsja1105_devlink_setup() fails, we can't just return in the middle ofsja1105_setup() or memory will leak. Ad...
CVE-2021-47209
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rqin update_blocked_averages(). Initial debugging revealed that we'velive cfs_rq's (on_list=1) in an a...
CVE-2021-47223
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunnel_dst null pointer dereference due to locklessaccess in the tunnel egress path. When deleting a vlan tunnel thetunnel_dst pointer is set to NULL with...
CVE-2021-47261
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQfragments buffer cq->buf, or the temporary cq->resize_buf that is filledduring CQ resize operation. Howev...
CVE-2021-47283
In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI orlegacy IRQ interrupts. In the last one, the interrupt was not properlyreleased on module remove. It was not freed be...
CVE-2021-47295
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was innon-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms() new tcindex_data is ...
CVE-2021-47309
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_infotype without validation. lwtstate->data can have various types such asmpls_iptunnel_...
CVE-2021-47343
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error(e.g. read the content of origin block fails during shadowing),and the value of shadow_spine::root is uninit...
CVE-2021-47351
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} andlistxattr operations, such as assertion failure, memory corruption,stale xattr value[1]. Fix it by i...
CVE-2021-47382
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removedtaking discipline_mutex inside qeth_do_reset(), fixing potentialdeadlocks. An error path was missed though, that...
CVE-2021-47390
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm]Read of size 8 at addr ffffc9001364f638...