10747 matches found
CVE-2013-6368
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
CVE-2013-6378
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
CVE-2014-0205
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application t...
CVE-2014-4652
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2014-4655
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX ...
CVE-2015-4002
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packe...
CVE-2015-8709
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor stat...
CVE-2016-2063
Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of serv...
CVE-2016-5412
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.
CVE-2017-10662
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.
CVE-2021-46997
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry Zenghui reports that booting a kernel with "irqchip.gicv3_pseudo_nmi=1"on the command line hits a warning during kernel entry, due to the waywe manipulate the PMR. Early in t...
CVE-2021-47078
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properlycreated ones, but in case rxe_qp_from_init() failed it was filled withgarbage and caused tot the following er...
CVE-2021-47080
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as adenominator to calculate number of entries. The zero supplied by the userwill trigger the following divide...
CVE-2021-47412
In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: rq_qos_done_bio() needn't to be called for bio based driver rq_qos_done_bio() needn't to be called for...
CVE-2022-48884
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commandstill command interface is reinitialized. Such command failure is beinglogged to command stats. This results in NUL...
CVE-2022-49123
In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0kernel: [25398.421509] ath11k_pci 0000:01:00.0: failed to flush ...
CVE-2022-49145
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, donot attempt to access the "Revision" element of that package, becauseit may not be present then. Bug...
CVE-2022-49257
In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix NULL dereference in error cleanup In watch_queue_set_size(), the error cleanup code doesn't take account ofthe fact that __free_page() can't handle a NULL pointer when trying to freeup buffer pages that did get all...
CVE-2022-49291
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against theconcurrent calls of PCM hw_params and hw_free ioctls, which may resultin a UAF. Since the existing P...
CVE-2022-49295
In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling ofnetlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, addre...
CVE-2022-49297
In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds.Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884"echo 0 > /proc/sy...
CVE-2022-49330
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug,added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe iftcp_snd_cwnd(tp) &g...
CVE-2022-49349
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows:EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continueext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478ext4_get_fir...
CVE-2022-49372
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_rtx_synack() can be called from process context Laurent reported the enclosed report [1] This bug triggers with following coditions: Kernel built with CONFIG_DEBUG_PREEMPT=y A new passive FastOpen TCP socket is created.Thi...
CVE-2022-49379
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout wasnon-zero [1]. This was because ip_auto_config() initcall times outwaiting for the netwo...
CVE-2022-49573
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49575
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49626
In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was readafter being freed was vf->pci_dev: it was freed from pci_disable_sriovand later read in efx_ef10_sriov_free_vf_...
CVE-2022-49642
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driverfor Tegra194 where random system crashes have been observed [0]. Theproblem occurs when the split header fe...
CVE-2022-49666
In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit")the kernel now validate the addr against high_memory value. This resultsin the below BUG_ON wi...
CVE-2022-49687
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warningwhen using virtio_net: ip link set eth0 up echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem) ip link s...
CVE-2022-49710
In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then usesfind_next_zero_bit_le on the allocated region. find_next_zero_bit_leaccesses the bitmap using unsigned lon...
CVE-2022-49732
In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")has moved the inet_csk_has_ulp(sk) check from sk_psock_init() tothe new tcp_bpf_update_proto() function. ...
CVE-2023-52509
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise,ravb_tx_timeout_work() is possible to use the freed priv afterravb_remove() was called like below: CPU0 CPU1ravb_tx_...
CVE-2023-52567
In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) andIIR register shows that an interrupt happened in the 8250 hardwarethe IRQ data can be NULL. In such a case we need to skip t...
CVE-2023-52609
In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages ona remote address space from Task B. For this, Task A pins the remote mmvia mmget_not_zero() first. This can race ...
CVE-2024-26657
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctlto the AMDGPU DRM driver on any ASICs with valid context.The bug was reported by Joonkyo Jung [email protected] .For exampl...
CVE-2024-26776
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt wasdetected. Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL p...
CVE-2024-26942
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function ofat803x PHYs it was added a NULL dereference bug where priv is referencedbefore it's actually allocated...
CVE-2024-35907
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception inmlxbf_gige_open() when kdump is enabled. The sequence to reproducethe exception is as follows:a) enable kdumpb) trigg...
CVE-2024-35982
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmitthe local translation table then it must be resized to fit inside allfragments (when enabled) or a si...
CVE-2024-39483
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if andonly if NMIs are actually masked, i.e. if the vCPU is already handling anNMI. KVM's ABI for NM...
CVE-2024-39498
In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why]Commit: commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement")accidently overwrite the commit commit 54d217406afe ("drm: use mgr-&...
CVE-2024-42132
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that wasnot allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MA...
CVE-2024-43828
In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to anuninitialized extent_status struct. ext4_ext_determine_insert_hole() doesnot detect the replay and calls ext4_es_f...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only ifthe parent object does not have a parent itself. That is, nesting is notsupported. Aggregation happens in two cases: Wi...
CVE-2024-46854
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the bufferfollowing the data may be leaked. Avoid this by extending all packets toETH_ZLEN, ensuring nothing is leaked in the padding. Thi...
CVE-2024-47408
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset inproposal msg is from the remote client and can not be fully trusted.Once the value of smcd_v2_ext_o...
CVE-2024-47754
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c.Which leads to a kernel crash when fb is NULL.
CVE-2024-49568
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/eid_cnt/ism_gid_cnt in proposal msg are from the remote clientand can not be fully trusted...