4367 matches found
CVE-2024-41086
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation bch2_sb_downgrade_validate() wasn't checking for a downgrade entryextending past the end of the superblock section for_each_downgrade_entry() is used in to_text() and needs to work onmalf...
CVE-2024-42100
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common In order to set the rate range of a hw sunxi_ccu_probe callshw_to_ccu_common() assuming all entries in desc->ccu_clks are containedin a ccu_common struct. T...
CVE-2024-42109
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:95...
CVE-2024-42118
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY]resource_stream_to_stream_idx returns an array index and it return -1when not found; however, -1 is not a valid array index number. [HOW]When this happens, call ASSER...
CVE-2024-42239
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finishexecuting,...
CVE-2024-42261
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handlearray the rest of the driver will not handle that well. Fix it by checking handle w...
CVE-2024-42300
In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in z_erofs_get_gbuf() In z_erofs_get_gbuf(), the current task may be migrated to anotherCPU between z_erofs_gbuf_id() and spin_lock(&gbuf->lock). Therefore, z_erofs_put_gbuf() will trigger the following issuewhic...
CVE-2024-43838
In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrectly used the insn->imm field for all overflow check,which is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case,not the general jump instruct...
CVE-2024-44951
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same timeas a packet is about to be transmitted on channel B, we observe with alogic analyzer that the received packet on cha...
CVE-2024-44967
In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2Cadapter when the underlying Linux device goes away. But the connectorstill refers to it, so this cleanup leaves behind...
CVE-2024-44993
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3d_csd_job_run() When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3[ 387.903868] index 7 ...
CVE-2024-45004
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload inthe blob field so that every subsequent read (export) will simplyconvert this field to hex and send it to u...
CVE-2024-45012
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit aBUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187!invalid opcode: 0000 ...
CVE-2024-46687
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG]There is an internal report that KASAN is reporting use-after-free, withthe following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_b...
CVE-2024-46788
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called with theinterface_lock held. This means that the kthread variable could beunexpectedly changed causin...
CVE-2024-46792
In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code alloweduserspace to access any virtual memory address.
CVE-2024-46827
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an associationrequest containing an Extended HE Capabilities InformationElement with an invalid MCS-NSS, it triggers a firmwarecrash. ...
CVE-2024-50175
In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw DataInterfaces RDIs could be driven by different virtual channels VCs on theCSIPHY input driving the vi...
CVE-2024-50177
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0,this causes calculation logic to trigger overflow for an unsigned inttriggering the kernel's UBSAN check as belo...
CVE-2024-50217
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Mounting btrfs from two images (which have the same one fsid and twodifferent dev_uuids) in certain executing order may trigger an UAF forvariable 'devic...
CVE-2024-50276
In the Linux kernel, the following vulnerability has been resolved: net: vertexcom: mse102x: Fix possible double free of TX skb The scope of the TX skb is wider than just mse102x_tx_frame_spi(),so in case the TX skb room needs to be expanded, we should free thethe temporary skb instead of the origi...
CVE-2024-56541
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(),ath12k_mac_destroy() un-registers ah->hw from mac80211 and freesthe ah->hw as well as all the ar's in it. After ...
CVE-2024-56655
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcucallbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding,while transaction mute...
CVE-2021-47316
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry andd_really_is_positive(dentry), but that looks like overkill to me--zerostatus shou...
CVE-2021-47568
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memleak in get_file_stream_info() Fix memleak in get_file_stream_info()
CVE-2021-47570
In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: fix a memory leak in rtw_wx_read32() Free "ptmp" before returning -EINVAL.
CVE-2022-48722
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Onlyieee802154_wake_queue() is called manually. We then leak the skbstructure. Free the skb structure upon error before ret...
CVE-2022-48749
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, itis used before the check. Initialize the "base" variable after the sanity check to avoid apossible NU...
CVE-2022-48753
In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in disk_register_independent_access_ranges kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be cal...
CVE-2022-48755
In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 Johan reported the below crash with test_bpf on ppc64 e5500: test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1Oops: Exception in kerne...
CVE-2022-48800
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: remove deadlock due to throttling failing to make progress A soft lockup bug in kcompactd was reported in a private bugzilla withthe following visible in dmesg; watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompa...
CVE-2022-48815
In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() w...
CVE-2022-48869
In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bugin the gadgetfs driver, involving processes concurrently mounting andunmounting the gadgetfs filesystem. I...
CVE-2022-48881
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should releasethe reference by calling pci_dev_put() after use. Call pci_dev_put() inthe error path to fix this.
CVE-2022-48906
In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number ofDATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FINtimeout calculation: ======...
CVE-2022-48981
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove errant put in error path drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEMobject getting prematurely freed leading to a later use-after-free.
CVE-2022-49004
In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table.With VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area:if the stack is alloc...
CVE-2023-52645
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it ispossible that a race condition occurs if g...
CVE-2023-52688
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free theallocated resources. Currently it is not freeing the core pdevcreate resources. Avoid this issue by calling the core p...
CVE-2023-52706
In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIOhog structures never being freed.
CVE-2023-52745
In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink willmultiple tx and rx queues, but some devices doesn't support more than 1tx and 1 rx queues. This causes to a cr...
CVE-2023-52746
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) {return -EOPNOTSUPP;} @type is then used as an array index and can be usedas a Spectre v1 gadget. if (nla_le...
CVE-2023-52748
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’:fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between1 and 7 bytes i...
CVE-2023-52761
In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") addedsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches toshadow_stack temporarily before switching...
CVE-2023-52839
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: [ 444.364395...
CVE-2023-52897
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG]There are some reports from the mailing list that since v6.1 kernel, theWARN_ON() inside btrfs_qgroup_account_extent() gets triggered duringrescan: WARNING: CPU:...
CVE-2023-52909
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating aregular NFSv4 file") added the ability to cache an open fd over acompound. There are a couple of pr...
CVE-2024-32936
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that. This can lead to kernel cra...
CVE-2024-35834
In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to producedescriptor to XSK Rx queue.
CVE-2024-37026
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possiblefor a migration job to be stuck behind a fault if migration exec queueshares engines with use...