4371 matches found
CVE-2022-48818
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free()...
CVE-2022-48843
In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not attached by default to the connectorIt is attached only if VRR is supported.So if the driver tries to call drm core set prop function wit...
CVE-2022-48933
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane.The transaction logic allocates a temporary object for this purpose. The ->init function was called for this...
CVE-2022-48957
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened indpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().
CVE-2022-48972
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008RIP: 0010:cfg802154_netdev_notifier_call+0x1...
CVE-2022-49005
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the usual one, maxis the number of steps rather than the maximum value. This means that ourcheck in snd_soc_put_volsw_sx() needs to...
CVE-2022-49019
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointerpriv->rx_bd_v is possible for the case of its allocation failure innixge_hw_dma_bd_init(). Move for() loop with priv->...
CVE-2023-52695
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW]This is to check connector type to avoidunhandled null pointer for writeback connectors.
CVE-2023-52780
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checksleads to kernel crashes.First the page pool is only available if the bm is not used.The page pool is also not allocated wh...
CVE-2023-52841
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the errorif it fails in order to avoid NULL pointer dereference.Moreover, use kfree() in the later error handling in order to...
CVE-2023-52901
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to allendpoints need to be killed. This can cause a kernel panic if wedereference an invalid endpoint. Fix this ...
CVE-2024-26709
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach The function spapr_tce_platform_iommu_attach_dev() is missing to calliommu_group_put() when the domain is already set. This refcount leakshows up with B...
CVE-2024-26780
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix task hung while purging oob_skb in GC. syzbot reported a task hung; at the same time, GC was looping infinitelyin list_for_each_entry_safe() for OOB skb. [0] syzbot demonstrated that the list_for_each_entry_safe() was ...
CVE-2024-26781
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/...
CVE-2024-35798
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes,without any obvious pattern so possibly an overwrite in memory.After some debugging it turns out there's a race when rea...
CVE-2024-35846
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzil...
CVE-2024-35953
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context.It requires XA_FLAGS_LOCK_IRQ flag to be passed during initializationotherwise the lock could be acquired from a thre...
CVE-2024-36935
In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytesfrom userspace to that buffer. Later, we use sscanf on this buffer but wedon't ensure that the string is terminated...
CVE-2024-38554
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" inax25_dev_device_down(). When the ax25 device is shutting down, theax25_dev_device_down() drops the reference coun...
CVE-2024-38557
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of itsrepresentors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor load...
CVE-2024-38595
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflectthe changes for peer devlink set logic. Peer devlink set istriggering a call trace if done after dev...
CVE-2024-39461
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
CVE-2024-40938
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered whentrying to link a root mount point. This cannot work in practice becausethis directory is mounted, but the VFS check is done after the ...
CVE-2024-41025
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. Thisname needs to be copied to kernel for which memory is allocated.This memory is never freed which migh...
CVE-2024-42109
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:95...
CVE-2024-42260
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handlearray the rest of the driver will not handle that well. Fix it by checking handle...
CVE-2024-42264
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...
CVE-2024-43845
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updatingchecksum of '..' directory entry of a moved directory. This is indeedtrue as we pass on-stack diriter.fi to...
CVE-2024-43852
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL(4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then wehave read one element bey...
CVE-2024-44953
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work,and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0...
CVE-2024-46748
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Set the maximum size of a subrequest that writes to cachefiles to beMAX_RW_COUNT so that we don't overrun the maximum write we can make to thebacking filesystem.
CVE-2024-46767
In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix missing of_node_put() for leds The call of of_get_child_by_name() will cause refcount incrementedfor leds, if it succeeds, it should call of_node_put() to decreaseit, fix it.
CVE-2024-46863
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test!link->num_adr as a condition to end the loop in hda_sdw_machine_select().So an empty item in struct ...
CVE-2024-47721
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn'timplemented, but driver expects number of handlers isNU...
CVE-2024-49869
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate structname_cache_entry with __counted_by()") we annotated the variable lengtharray "name" from th...
CVE-2024-50094
In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated fromnetpoll_send_udp(). The netconsole sends a message and then netpollinvokes the driver's NAPI function with a budget of zero. It i...
CVE-2024-50149
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job threadresulting in UAF. It is only safe for free job to naturally be called bythe scheduler. Rather free job in TDR, add to pending list. (che...
CVE-2024-50173
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our second loop,because it points to the previously iterated list_head, not a validgroup. Get the ptdev o...
CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to64 for the video capture queue. But video capture used a must_blankarray that was still sized for 32 ...
CVE-2021-47148
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context"comes from the user. Add some bounds checking to prevent memorycorruption.
CVE-2021-47152
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxyto use the MPTCP protocol for the inbound connections. He alsoprovided a clean reproducer. The problem boils down to 'mptcp_frag_ca...
CVE-2021-47184
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters.Added new I40E_VSI_RELEASING flag to signalize deleting and releasingof VSI resources to sync this thread with sync...
CVE-2021-47197
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceedsto rest of destroy operations. mlx5_core_destroy_cq() could be called againby user and cause addit...
CVE-2021-47215
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contextsthat require some attention, to communicate their resync informationto the HW.Here we fix list corruptions, by protecting th...
CVE-2021-47216
In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsignedlong' and printed with %lx. Change %lx to %p to print the hashed pointer.
CVE-2021-47232
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue,without incrementing the ref count. This leads to a ...
CVE-2021-47234
In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() Use clk_disable_unprepare() in the error path of mtk_phy_init() to fixsome resource leaks.
CVE-2021-47242
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lookup in subflow_error_report() Maxim reported a soft lookup in subflow_error_report(): watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]RIP: 0010:native_queued_spin_lock_slowpathRSP: 0018:ffffa859c00...
CVE-2021-47255
In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APICregister may cause undefined behavior and must not be executed."Worse, such an access in kvm_lapic...
CVE-2021-47332
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer tofree_pages_exact(). Add a proper NULL check for avoiding possibleOops.