CVE-2022-48767

In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked.Ensure we put it.

CVE-2022-48777

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty)the kernel panics in the cleanup function as the name entry is NULL.Rework the parser logic by first c...

CVE-2022-48779

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so ifthis is the same as the port's pvid_vlan which we access afterwards,what we're accessing is freed mem...

CVE-2022-48793

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebasesI accidentally moved the call to nested_svm_load_cr3 to be too early,before the NPT is enabled, which is very wro...

CVE-2022-48812

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_fre...

CVE-2022-48834

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0WARNING: CPU: 0 PID: 3813 at drivers/us...

CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcg_init_queue() may add rq qos structures to request queue, previouslyblk_cleanup_queue() calls rq_qos_exit() to release them, but commit8e141f9eb803 ("block: drain file sy...

CVE-2023-52636

In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from thesocket. Later, when the socket is ready for another read, themessenger invokes all read_partial_*() hand...

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption likethe following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304capage:0000000022261c5...

CVE-2023-52754

In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the secondinterface, the driver assumes blindly that the first interface gotbound with the same imon dr...

CVE-2023-52794

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2...

CVE-2023-52888

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostlycalled only when the buffer to free exists, there are some instancesthat didn't do the check and trig...

CVE-2023-52894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproduciblecrash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code ...

CVE-2023-52900

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree nodeblock by calling __nilfs_btree_get_block() against an invalid virtualblock address, it returns -ENO...

CVE-2024-1312

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

CVE-2024-26690

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of structu64_stats_sync must ensure mutual exclusion, or one seqcount update couldbe lost on 32-bit platforms, thus blocking reade...

CVE-2024-26738

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULLpointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030Fault...

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order tosilence such warnings (and also avoid potential errors due to unexpectedinterrupts): WARNING: CPU: 1 PI...

CVE-2024-35846

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzil...

CVE-2024-35874

In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queueentry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip takingthe...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGHor O_*SYNC or RWF_*SYNC was specified, write-through caching is performedon a buffered ...

CVE-2024-36900

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink re...

CVE-2024-36973

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() When auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), callback functiongp_auxiliary_device_release() calls ida_free...

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount....

CVE-2024-38614

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floatingpoint exceptions and trap instructions (for debugging) among others.There is a bug where the trap han...

CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but onlywaiting_list and done_list are initialized. notifier_entry was kept'zeroed' leading to an uninitialized list_head.Thi...

CVE-2024-40908

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp test_run callback syzbot reported crash when rawtp program executed through thetest_run interface calls bpf_get_attach_cookie helper or anyother helper that touches task->bpf_ctx pointer. Setting t...

CVE-2024-40926

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock areleft uninitialized which causes BUG when attempting to schedule hpd_workon runtime PM resume. Fix...

CVE-2024-41025

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. Thisname needs to be copied to kernel for which memory is allocated.This memory is never freed which migh...

CVE-2024-42103

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying inbtrfs_reclaim_bgs_work and adding to the unused list. Since the blockgroup is removed from ...

CVE-2024-42140

In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, themachine_kexec_mask_interrupts() function will trigger a deadlock whiletrying to acquire the irqdesc spinlock and then d...

CVE-2024-42142

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created onlywhen vport metadata match and prio tag are enabled. But active-backuplag mode also uses it. It is independent o...

CVE-2024-42267

In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctlykill the process and we don't BUG() the kernel.

CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, oncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokessleeping functions...

CVE-2024-42320

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocationfails. However, two callsites in dasd_copy_pair_store() do not checkthe result, potentially resulting in a NUL...

CVE-2024-46680

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, whenrunning the load/unload test over multiple iterations. modprobe btnxpuart hciconfig hci0 reset...

CVE-2024-46697

In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get tochecking for the security label, then args.context will be set touninitialized junk on the stack, which we'l...

CVE-2024-46728

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.

CVE-2024-46735

In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, thefirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggersWARN in ublk_queue_reinit...

CVE-2024-46749

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and closefunctions to handle the kernel crash seen while removing driver after FWdownload fails or bef...

CVE-2024-46796

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned-EINVAL, we need to call cifs_get_writable_path() before retrying itas the reference of @cfile was alread...

CVE-2024-46836

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that hostmay not manipulate the index to point past endpoint array. Found by static analysis.

CVE-2024-49908

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) This commit adds a null check for the 'afb' variable in theamdgpu_dm_update_cursor function. Previously, 'afb' was assumed to benull at line 8388, but was us...

CVE-2024-49945

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resultingin use-after-free bugs or kernel panic.

CVE-2024-49988

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used,But freed ->conn can be used on multichannel.This patch add a reference count to the ksmbd_conn structso that it can be freed w...

CVE-2024-50206

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers mustonly touch as many descriptors, otherwise it ends up corrupting unrelatedmemory. Fix the l...

CVE-2024-53067

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence,only start the RTC update work after runtime power management in the UFSdriver has been fully initialized. Thi...

CVE-2024-53216

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svc_expkey/svc_export with rcu_work The last reference for cache_head can be reduced to zero in c_showand e_show(using rcu_read_lock and rcu_read_unlock). Consequently,svc_export_put and expkey_put will be invoked, le...

CVE-2024-56680

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: do not handle interrupts when device is disabled Some IPU6 devices have shared interrupts. We need to handle properlycase when interrupt is triggered from other device on shared irq lineand IPU6 itself disabled. ...

CVE-2024-56706

In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Reservation of the PMU hardware is done at first event creationand is protected by a pair of mutex_lock() and mutex_unlock().After reservation of the PMU hardware t...