CVE-2022-48877

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760lr : f2fs_do_write_data_page+0x104/0x87csp : ffffffc010cbb3c0x29: ffffffc010cbb3e0 x28: 0000000000000000x2...

CVE-2022-48889

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 charactersincluding the trailing NUL byte. The sof_nau8825.c file exceeds that,which causes an obscure error message: ...

CVE-2022-48898

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller,HPDstatus, Controller state changes and Aux read/write transaction.At every irq, DP...

CVE-2022-48907

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed.Fix the memory leak by switching to devm_kzalloc().

CVE-2022-48922

In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointerproperly. This because these two functions use macro 'CALLER_ADDR1' (aka.__builtin_return_address(1)) to acquir...

CVE-2022-48937

In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups,especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b...

CVE-2022-48945

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000#PF: supervisor write access in kernel mode#PF: error_code(0x0002) - not-present pagePGD 100000067 ...

CVE-2022-48946

In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, thecode would corrupt extent tree header instead. Fix the problem and useudf_delete_aext() for deleting e...

CVE-2022-48951

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to thefirst channel, meaning it is possible to write out of bounds values to thesecond channel ...

CVE-2022-48962

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, aftercalling this, dereferencing skb may trigger use-after-free.

CVE-2022-48968

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not freetc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().

CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fieldsin order to avoid integer overflows when userspace passes weird values. But that assumed that use...

CVE-2023-52747

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs.

CVE-2023-52896

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while anotherone is trying to disable quotas, we can end up hitting a race that resultsin th...

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set.Otherwise, it is an uninitialized value. In the error path, it is freedunconditionally. Avoid passing an uniniti...

CVE-2024-36962

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses local_bh_disable()/local_bh_enable() in itsIRQ handler to avoid triggering net_rx_action() softirq on exit fromnetif_rx(). The net_rx_a...

CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpf_objec_load_prog(), there's no guarantee that obj->btf is non-NULLwhen passing it to btf__fd(), and this function does not perform anycheck before deref...

CVE-2024-38622

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,but then callback function is unconditionally called by this pointer.Fix this bug by ...

CVE-2024-40951

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() bdev->bd_super has been removed and commit 8887b94d9322 change the usagefrom bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't setbh->b_assoc_m...

CVE-2024-41028

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMImatching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-...

CVE-2024-41029

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmemdata than the main attribute itself.For example if nvme_config::root_only was set, the cell attrib...

CVE-2024-41052

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakesin the device counting and crashes the userspace if the get hot reset infopath is triggered.

CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt formultiple mmap events to prevent use-after-free in arena_vm_close.

CVE-2024-42128

In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register()so they are automatically unregistered after module's remove() is done.led_classdev_unregister() ca...

CVE-2024-42150

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: remove separate irq request for MSI and INTx When using MSI or INTx interrupts, request_irq() for pdev->irq willconflict with request_threaded_irq() for txgbe->misc.irq, to causesystem crash. So remove txgbe_reque...

CVE-2024-42155

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys isaccessible, this key material should only be visible to the callingprocess. So wipe all copies of protected- or sec...

CVE-2024-42273

In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid mkdir /mnt/test/compf2fs_io setflags compression /mnt/test/compdd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1truncate --size 13 /mnt/test/comp/testfile In the above s...

CVE-2024-42279

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to beemptied in the interrupt handler. A subsequent transfer could thenread crap from the pr...

CVE-2024-42296

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_convert_inline_inode() If device is readonly, make f2fs_convert_inline_inode()return EROFS instead of zero, otherwise it may triggerpanic during writeback of inline inode's dirty page asbelow: f2fs_wr...

CVE-2024-43815

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when runningAES with a key from one of the hardware's key slots. Fix this byensuring the payload field is set to 0 in...

CVE-2024-43845

In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updatingchecksum of '..' directory entry of a moved directory. This is indeedtrue as we pass on-stack diriter.fi to...

CVE-2024-43896

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Call efi_rt_services_supported() to check that efi.get_variable existsbefore calling it.

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")introduced a RISC-V specific variant of the FLAT format which doesnot allocate any space for the (obsole...

CVE-2024-46766

In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that isnot rtnl-locked when called from the reset. This creates the need to takethe rtnl_lock just for a s...

CVE-2024-46810

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling anyHPD events via drm_kms_helper_hotplug_event(), otherwise this maylead to NULL po...

CVE-2024-46833

In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. However, tnl_num comesfrom hardware and the length of array is a fixed value. To void array outof bound, make sure the loop tim...

CVE-2024-46842

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and theroutine unconditionally frees submitted mailbox commands regardless ofreturn status. The issue is that ...

CVE-2024-46846

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus duringNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status andsimply disabled clocks unco...

CVE-2024-46851

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipecontext passed to dcn10_set_drr() is a member of this resource context. If dc_state...

CVE-2024-47658

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlockrecursion warning. The reason is the fact that BH must be disabledduring this process.

CVE-2024-47662

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why]These registers should not be read from driver and triggering thesecurity violation when DMCUB work times out and diagnostics arecollected blocks Z8 entry...

CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernelsbuilt with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal erro...

CVE-2024-47731

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing The alibaba_uncore_pmu driver forgot to clear all interrupt statusin the interrupt processing function. After the PMU counter overflowinterrupt occurred, an interrupt s...

CVE-2024-49910

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointerin the dcn401_set_output_transfer_func function. Previously,set_output_g...

CVE-2024-49916

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw This commit addresses a potential null pointer dereference issue in thedcn401_init_hw function. The issue could occur when dc->clk_mgr ordc->...

CVE-2024-50005

In the Linux kernel, the following vulnerability has been resolved: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker In the mac802154_scan_worker function, the scan_req->type field wasaccessed after the RCU read-side critical section was unlocked. Accordingto RCU usage rul...

CVE-2024-50091

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupe_context after releasing it Clear the dedupe_context pointer in a data_vio whenever ownership ofthe context is lost, so that vdo can't examine it accidentally.

CVE-2024-50268

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means"new_cam" can be as high as 255 while the size of the uc->updated[] arrayis UC...

CVE-2024-53071

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Be stricter about IO mapping flags The current panthor_device_mmap_io() implementation has two issues: For mapping DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET,panthor_device_mmap_io() bails if VM_WRITE is set, but does not c...

CVE-2024-53107

In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The "arg->vec_len" variable is a u64 that comes from the user at the startof the function. The "arg->vec_len * sizeof(struct page_region))"multiplication c...