CVE-2024-53201

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue indcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display:Add null check for ...

CVE-2021-47251

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length checkwith dynamic determination based on the frame type. Otherwise, wehit a validation WARN_ON in cfg80211 later. [st...

CVE-2021-47264

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix Null-point-dereference in fmt_single_name() Check the return value of devm_kstrdup() in case ofNull-point-dereference.

CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by thedevice which can be any value between 0 and 255. In order toprevent any out of bound accesses, ...

CVE-2021-47312

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix dereference of null pointer flow In the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false thennft_flow_rule_create is not called and flow is NULL. The subsequenterror handling execution via label ...

CVE-2021-47336

In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001Date: Mon, 12 Apr 2021 22:25:06 +0900Subject: [PATCH] smackfs: restrict b...

CVE-2021-47524

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning onprobe errors.

CVE-2021-47530

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. Inparticular, when the fence has already been signalled. Split outa helper to simplify handling this in the various different retu...

CVE-2021-47584

In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zeroafter-donation hweight, so the lowest active hweight a donating cgroup canhave is 2 so that it can don...

CVE-2021-47601

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returnsNULL so fix this condition to avoid a NULL dereference.

CVE-2022-48643

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter atnf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter:nf_tables: do not le...

CVE-2022-48661

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated stringarray is left unfreed. Free it on error path.

CVE-2022-48668

In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached regionso can risk temporarily corrupting the file data. Thisfixes xfstest generic/031 I also decided to merge a minor cleanup ...

CVE-2022-48725

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the errorpath.

CVE-2022-48730

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by auser and used as an array index. Prevent the contentsof kernel memory from being leaked to userspace via speculati...

CVE-2022-48745

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset pollingdeactivation flow, in order to prevent a race condition which occurswhen del_timer() is called and timer ...

CVE-2022-48751

In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused byaccessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 00000000000000...

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmwarewhen using the variable services at runtime. The culprit appears to be acall to QueryVariableInfo...

CVE-2022-48787

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of thefirmware files failed to parse), we end up unbinding by callingdevice_release_driver(), which calls remove(), which then iniwlwifi calls iwl_d...

CVE-2022-48811

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state,it calls release_resources() which frees the napi structures needlessly.Instead, have __ibmvnic_open() only cle...

CVE-2022-48867

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at thetime the interrupt is freed:idxd_dmaengine_drv_remove() ->drv_disable_wq() ->idxd_wq_free_irq() ->idxd...

CVE-2022-48872

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() untilmap->fl->lock is taken in fastrpc_free_map(), another thread can callfastrpc_map_lookup() and get a refer...

CVE-2022-48932

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-bandaccess issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch...

CVE-2022-48971

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later,bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in tex...

CVE-2022-48980

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() The SJA1105 family has 45 L2 policing table entries(SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110(SJA1110_MAX_L2_POLICING_COUNT). Keeping the table st...

CVE-2022-49031

In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace:a...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupthandlers can be called at any time. If such a call happens while the ISPis powered down, the SoC will hang ...

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning incheck_flush_dependency is being triggered. This is due to ice driverworkqueue being allocated with the WQ_MEM_RECLAIM flag...

CVE-2023-52750

In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectlybyte-swap NOP when compiling for big-endian, and the resulting series ofbytes happened to match t...

CVE-2023-52779

In the Linux kernel, the following vulnerability has been resolved: fs: Pass AT_GETATTR_NOSEC flag to getattr interface function When vfs_getattr_nosec() calls a filesystem's getattr interface functionthen the 'nosec' should propagate into this function so thatvfs_getattr_nosec() can again be calle...

CVE-2023-52895

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's onlyapplicable for multishot requests. For a multishot request, we can safelyignore a spurious wake...

CVE-2024-26850

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Architectures like powerpc add debug checks to ensure we find only devmapPUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM.This patch marks the ptes used f...

CVE-2024-36281

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to becleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointerdereference....

CVE-2024-36909

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resu...

CVE-2024-36966

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may nothave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,it will be mistaken for fscache mo...

CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came inwith the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybeit something like all worker thread...

CVE-2024-38539

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041)km...

CVE-2024-38554

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" inax25_dev_device_down(). When the ax25 device is shutting down, theax25_dev_device_down() drops the reference coun...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot inthe ddp_comp array but mtk_drm_crtc_create() never seemed toinitialize it in the test case I ran. For me, this caused...

CVE-2024-38624

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression:vbo = 2 * vbo + skip

CVE-2024-39470

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointerthat may be caused by calling update_events_attr which will performsome operations on the me...

CVE-2024-40938

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered whentrying to link a root mount point. This cannot work in practice becausethis directory is mounted, but the VFS check is done after the ...

CVE-2024-41053

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcd_abort_one racing issue When ufshcd_abort_one is racing with the completion ISR, the completed tagof the request's mq_hctx pointer will be set to NULL by ISR. Returnsuccess when request is completed by IS...

CVE-2024-43836

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and PoDL, butonly one of the netlink attributes is specified. The c33 or PoDL PSEcapabilities are already validated in the e...

CVE-2024-44945

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.

CVE-2024-44951

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same timeas a packet is about to be transmitted on channel B, we observe with alogic analyzer that the received packet on cha...

CVE-2024-44963

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail tocreate a delayed reference we don't deal with the error and just do aBUG_ON(). The error most likely to ...

CVE-2024-44982

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but notcleaned up. This ends up leaking the pin_count on the GEM object andcauses a splat during DRM file c...

CVE-2024-44997

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on,turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv w...

CVE-2024-46683

In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current designanything locking the fence should then also hold a ref to the queue toprevent the queue from being freed. However, current...