CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues todelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5("net-sysfs: update the queue ...

CVE-2022-48956

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6_dst_i...

CVE-2022-49015

In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this,dereferencing skb may trigger use-after-free.

CVE-2023-52736

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removalare re-used by ASoC codec drivers implementations. Drivers mimic thebehavior of hda_codec_driver_probe/remo...

CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tls_sw_splice_eof() with empty record syzkaller discovered that if tls_sw_splice_eof() is executed as part ofsendfile() when the plaintext/ciphertext sk_msg are empty, the send pathgets confused because the e...

CVE-2023-52828

In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpf_throw kfunc is the first such call instruction that hasnoreturn semantics within the verifier, this also kicks in dead codeelimination in unprecedented ways. For one, a...

CVE-2023-52836

In the Linux kernel, the following vulnerability has been resolved: locking/ww_mutex/test: Fix potential workqueue corruption In some cases running with the test-ww_mutex code, I was seeingodd behavior where sometimes it seemed flush_workqueue wasreturning before all the work threads were finished....

CVE-2023-52863

In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the privateaxi_fan_control_data structure, might be called before the hwmondevice is registered. That will cause an "Unable ...

CVE-2023-52872

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping alltimers, removing the virtual tty devices and clearing the data queues.This procedure, ho...

CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysf...

CVE-2023-52903

In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734CPU: 0 PID: 28 Comm: kwo...

CVE-2024-24864

A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE-2024-26709

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach The function spapr_tce_platform_iommu_attach_dev() is missing to calliommu_group_put() when the domain is already set. This refcount leakshows up with B...

CVE-2024-26755

In the Linux kernel, the following vulnerability has been resolved: md: Don't suspend the array for interrupted reshape md_start_sync() will suspend the array if there are spares that can beadded or removed from conf, however, if reshape is still in progress,this won't happen at all or data will be...

CVE-2024-26867

In the Linux kernel, the following vulnerability has been resolved: comedi: comedi_8255: Correct error in subdevice initialization The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Reworksubdevice initialization functions") to the initialization of the iofield of struct subdev_8255...

CVE-2024-35858

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget toreclaimed the flushed packets. This leads to a memory leak since wedo not free the dma mapped buffers. This a...

CVE-2024-38572

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hencefacing below KASAN warning, ==================================================================BU...

CVE-2024-38577

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow inshow_rcu_tasks_trace_gp_kthread() if counters, passedto sprintf() are huge. Counter numbers, needed for thisare unrealistica...

CVE-2024-38591

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/xa_erase_irq() to avoid deadlock.

CVE-2024-40899

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restorecommand: ==================================================================BUG: KASAN: sla...

CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.If create new file or open file during this gap, these fileswill not use inlinecrypt. Worse case, it may lead t...

CVE-2024-40993

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase orare executing a "destroy all sets command" from userspace. The latterwas taken into account in ip_set_deref...

CVE-2024-41018

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

CVE-2024-41069

In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, sohaving pointer references directly into topology file contents is wrong.Use devm_kmemdup(), to allocate memory as...

CVE-2024-42127

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be preparedto be called at any time. At driver removal time, the clocks aredisabled early and the interrupts stay regis...

CVE-2024-42264

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...

CVE-2024-43832

In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and thata folio reference is held, as documented. After we dropped the PTL, thefolio could get freed co...

CVE-2024-43852

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL(4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then wehave read one element bey...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate thefreeing of the file meta data with the files that are exposed to userspace. The file meta data would have...

CVE-2024-44953

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work,and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0...

CVE-2024-46779

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak. Although the individualallocations are small, the leaks occurs in a high-usage codepath(remapping or unmapping device memory) so they add up quic...

CVE-2024-46794

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for anaddress from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of aninitialized variable (val) on th...

CVE-2024-46830

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forciblyleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMXreads guest memory...

CVE-2024-46834

In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count withactive RSS contexts") proves that allowing indirection table to containchannels with o...

CVE-2024-46845

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise andtimer latency. If the program using this is killed via a SIGTERM, thethreads are shutdown one at a time a...

CVE-2024-47732

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees"device_mode" but it iss passed to iaa_compression_modes[i]->free() a fewlines later resulting in a use after...

CVE-2024-49940

In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. Whenthe session refcount drops to 0, l2tp_session_free drops the tunnelrefcount if session->tunnel is non-NULL. How...

CVE-2024-50021

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() This patch addresses a reference count handling issue in theice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),which increments the referen...

CVE-2024-50157

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a thresholdas soon as the pacing interrupt is received. This can cause soft lockup onone of the processors, ...

CVE-2024-50239

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")removed most users of the platform device driver data from theqcom-qmp-usb driver, but mistakenly ...

CVE-2024-50263

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in anincomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicatemaple tree in dup_...

CVE-2024-50297

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Enqueue packets in dql after dma engine starts causes race condition.Tx transfer starts once dma engine is started and may execute dql dequeuein completion bef...

CVE-2024-53115

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrectinputs. To avoid possible null pointer dereference, add a check whetherthe 'bo' is NULL i...

CVE-2024-53200

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue inhwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state isnull. The fix adds a ch...

CVE-2024-56579

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered,otherwise video_drvdata() may return NULL in the open() file ops, and ledto oops.

CVE-2024-56613

In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description]When running the hackbench program of LTP, the following memory leak isreported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 100...

CVE-2024-56618

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panicstill be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt[ 4.012976] CPU: 2 UID: 0...

CVE-2024-56671

In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irq_chip.name from probe() function to the initializationof "irq_chip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification ...

CVE-2024-56689

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' If platform_get_resource_byname() fails and returns NULL because DT lacksan 'mmio' property for the MHI endpoint, dereferencing res->start willcause a NULL pointe...

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers onSPI buses") introduced a per-controller mutex. But mutex_unlock() ofsaid lock is called after the controller is alr...