4371 matches found
CVE-2024-46789
In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the followingwarning always occurs,This is because the following call stack occurred:mem_pool_allock...
CVE-2024-46838
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in filemappings without holding the mmap lock, these BUG_ON()s are wrong - getrid of them. We could also re...
CVE-2024-49873
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemap_get_folios_contig THP panic Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfd_pin_folios with hugetlbpages and THP. The hugetlb bugs only bite when the page is not yetfa...
CVE-2024-49941
In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In gpiod_get_label(), it is possible that srcu_dereference_check() mayreturn a NULL pointer, leading to a scenario where label->str is accessedwithout verifyin...
CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Ben Greear reports following splat:------------[ cut here ]------------net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at m...
CVE-2024-50266
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on theLenovo ThinkPad X13s, for example, when streaming video in firefox: video_cc_mvs0_clk status stuck a...
CVE-2024-56669
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS,leading to potential memory leaks and kernel crashes. Specifically,CACHE_TAG_DEVTLB type cache tags may still rema...
CVE-2021-47088
In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in'dbgfs_target_ids_read()' while holding the corresponding'kdamond_lock'. However, it also destructs the mo...
CVE-2021-47121
In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocatedlink_support won't be assigned to the correspondingstructure. So simply free allocated pointer in caseof error.
CVE-2021-47133
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver. ====================unreferenced object 0xffff88810228ada0 (size 32):comm "insmod", pid 3968, jiffies 4295056001 (age 775.792...
CVE-2021-47151
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid thereference leak.
CVE-2021-47190
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id isencountered and this causes a memory leak. Modify the function to returna success/error value and then free the m...
CVE-2021-47195
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers onSPI buses") introduced a per-controller mutex. But mutex_unlock() ofsaid lock is called after the controller is alr...
CVE-2021-47243
In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt andcake_tcph_may_drop) could read one byte out of bounds. When the lengthis 1, the execution flow gets into the lo...
CVE-2021-47266
In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoibinterfaces"), if the IPoIB device is moved to non-initial netns,destroying that netns lets the de...
CVE-2021-47290
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core:Make completion affinity configurable") makes target_complete_cmd() queuework on a CPU based on se_tpg-...
CVE-2021-47306
In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot beused after free_netdev() call. Using fp after free_netdev()can cause UAF bug. Fix it by moving free_netdev() after error message. TURBOchannel adapter")
CVE-2021-47318
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Avoid use-after-free for scale_freq_data Currently topology_scale_freq_tick() (which gets called fromscheduler_tick()) may end up using a pointer to "structscale_freq_data", which was previously cleared bytopology_cl...
CVE-2021-47363
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed apossible division by zero while replacing a resilient group [1]. Thedivision by zero occurs when t...
CVE-2021-47512
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: prevent dismantle issue For some reason, fq_pie_destroy() did not copyworking code from pie_destroy() and other qdiscs,thus causing elusive bug. Before calling del_timer_sync(&q->adapt_timer),we need to ensure...
CVE-2021-47601
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returnsNULL so fix this condition to avoid a NULL dereference.
CVE-2021-47617
In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs fromall other hotplug events in that it is sticky: It can only be clearedafter turning off slot power. ...
CVE-2022-48725
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the errorpath.
CVE-2022-48731
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() toadd ZONE_DEVICE memory, if requested free mem region's end pfn werehuge(e.g., 0x400000000), the node_end_pfn() w...
CVE-2022-48745
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset pollingdeactivation flow, in order to prevent a race condition which occurswhen del_timer() is called and timer ...
CVE-2022-48784
In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race wherethe exact same deadlock (see the original commit referencedbelow) can still happen if cfg80211_destroy_ifaces() alr...
CVE-2022-48797
In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption withhis Gaudi accelerator test load: "All the details are in the bug, but the bottom line is that someh...
CVE-2022-48807
In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFOLAG unlink notification as for a NETDEV_UNREGISTER call. This iscausing a problem though, since the netdev_no...
CVE-2022-48813
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() wil...
CVE-2022-48892
In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to berestricted on asymmetric systems"), the setting and clearing ofuser_cpus_ptr are done under pi_lock for arm64...
CVE-2022-48896
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, itreturns a PCI device with refcount incremented, when finishusing it, the caller must decrement the reference count bycalling pci_dev_put()....
CVE-2022-48908
In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. thevariable 'ci' is required. However, the definition of'com20020pci_id_table' reveals that this field is...
CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues todelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5("net-sysfs: update the queue ...
CVE-2023-52896
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while anotherone is trying to disable quotas, we can end up hitting a race that resultsin th...
CVE-2023-52906
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has avalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalidcombination according to the comment ab...
CVE-2024-23196
A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVE-2024-26732
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unixsupport of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socketsk_peek_off field), there is real...
CVE-2024-27409
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory asthe HDMA controller register. If the doorbell register is toggled befo...
CVE-2024-35834
In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to producedescriptor to XSK Rx queue.
CVE-2024-38636
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catchedduring zbd/010 test as below: ./check zbd/010zbd/010 (test gap zone support with F2FS) [failed]runtime...
CVE-2024-41029
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmemdata than the main attribute itself.For example if nvme_config::root_only was set, the cell attrib...
CVE-2024-41033
In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat() is flushing stats, which can sleep, in itsRCU read section (see 1 ). This is done in the workingset_test_recent()step (which checks if the folio's evict...
CVE-2024-42088
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Commit e70b8dd26711 ("ASoC: mediatek: mt8195: Remove afe-dai componentand rework codec link") removed the codec entry for the ETDM1_OUT_BEdai link entirely instea...
CVE-2024-42150
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: remove separate irq request for MSI and INTx When using MSI or INTx interrupts, request_irq() for pdev->irq willconflict with request_threaded_irq() for txgbe->misc.irq, to causesystem crash. So remove txgbe_reque...
CVE-2024-42317
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...
CVE-2024-43827
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.
CVE-2024-44973
In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deepinside do_slab_free to the wrapper functions outside. This is a nicechange, but unfortunately it missed one spot ...
CVE-2024-44979
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault andaccess counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a...
CVE-2024-45017
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...
CVE-2024-46701
In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations tosimple_offset_dir_operations, every rename happened will fill new dentryto dest dir's maple tree(&SHMEM_I(inode)-&...