CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashingon pin state setting, as well as for the intended state changes to takeeffect.

CVE-2024-46785

In the Linux kernel, the following vulnerability has been resolved: eventfs: Use list_del_rcu() for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracefs[1], the reason is that thevariable 'ei_child' is set to LIST_POISON1, that means the list wasremoved in...

CVE-2024-46793

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Componentvia COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy,DAILINK_COMP_AR...

CVE-2024-46869

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is usedto store internal data.

CVE-2024-47702

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/data_end/data_meta syzbot reported a kernel crash due tocommit 1f1e864b6555 ("bpf: Handle sign-extenstin ctx member accesses").The reason is due to sign-extension of 32-bit l...

CVE-2024-49932

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if thefilesystem is backed by a RAID stripe tree we can get ENOENT (e.g. due topreallocated extents not being mappe...

CVE-2024-49976

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", sincecommit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearingof kthread in stop_kthread()"...

CVE-2024-56534

In the Linux kernel, the following vulnerability has been resolved: isofs: avoid memory leak in iocharset A memleak was found as below: unreferenced object 0xffff0000d10164d8 (size 8):comm "pool-udisksd", pid 108217, jiffies 4295408555hex dump (first 8 bytes):75 74 66 38 00 cc cc cc utf8....backtra...

CVE-2021-47279

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.

CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...

CVE-2021-47533

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before acommit") introduced a wait on the previous commit done on a given HVSFIFO. However, we never cleared ...

CVE-2022-48719

In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock:ffffffff8d4dd370 (&tbl->lock){+...

CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018[1274934.746891] CPU: 3 PID: 5549 Comm: ...

CVE-2022-48966

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkedingto ...

CVE-2023-52770

In the Linux kernel, the following vulnerability has been resolved: f2fs: split initial and dynamic conditions for extent_cache Let's allocate the extent_cache tree without dynamic conditions to avoid amissing condition causing a panic as below. create a file w/ a compressed flag disable the compre...

CVE-2023-52807

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesceinfo, but if the kernel adds a new mode or a new state,out-of-bounds access may occu...

CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While theexpectation is that a PCI device can escalate to link reset to recoverfrom an AER event, the same...

CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirelyfreed (other kernel module instance of the same PCI device have had keptthe reference to that pin), and kernel modul...

CVE-2024-42111

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG]Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277Read of ...

CVE-2024-42112

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still beinghandled in the device remove routine, before free IRQs. So isb memoryis still read after it is freed. Thus move wx...

CVE-2024-42303

In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case oferror.

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...

CVE-2024-43827

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.

CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer morereliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers ho...

CVE-2024-44976

In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashingin pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fixmax_segment_size with PAGE_SIZE == 64K"). For example: kerne...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...

CVE-2024-45029

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to amutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid c...

CVE-2024-46690

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirmingfl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()tests fl_lmops ...

CVE-2024-46712

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them usingaccelerated apis. Without 3d the entire content of dumb buffers staysin the guest making all of the extra work ...

CVE-2024-46850

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipecontext passed to dcn35_set_drr() is a member of this resource context. If dc_state...

CVE-2024-49876

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on arandom system wq, which will outlive the driver instance. With badtiming we can teardown the driver with one or more work wo...

CVE-2024-49984

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, itdoesn't check the remaining info_cnt. The following splat will bereported when the value of ret * nele...

CVE-2024-50174

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal arraywhen entries are being simultaneously added and removed. However thereis still a race betwee...

CVE-2024-50294

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it beingqueued for connection and the I/O thread picking up the call, the abortwill be prioritised over the connection...

CVE-2024-56537

In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer inzynqmp_disp_create_layers

CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSIdomain will be missing, which causes a NULL pointer dereference inmsi_create_device_irq_domain(). Av...

CVE-2022-48729

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the followingpanic happens: RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1]Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41...

CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearingthe chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028PGD 0 P4D 0Oops: 0000 [#1] ...

CVE-2022-48762

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data andaddr register indices from ex->type rather than ex->data. As ex->type willcontain EX_TYPE_L...

CVE-2022-48782

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problemroute.c:425:4: warning: Use of memory after it is freedtrace_mctp_key_acquire(key);^~~~~~~~~~~~~~~~~~~~~~~~~~~When mctp_key_add() fails, key is freed but then is la...

CVE-2022-48886

In the Linux kernel, the following vulnerability has been resolved: ice: Add check for kzalloc Add the check for the return value of kzalloc in order to avoidNULL pointer dereference.Moreover, use the goto-label to share the clean code.

CVE-2022-48948

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transferrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),data stage handler for OUT transfer uses memcpy to ...

CVE-2022-48955

In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated intb_xdomain_alloc_out_hopid() is not released. Addtb_xdomain_release_out_hopid() to the error path to release ida...

CVE-2022-48977

In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointerdereference in can_rx_register()") we need to check for a missinginitialization of ml_priv in the receive pa...

CVE-2022-48979

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How]LinkCapacitySupport array is indexed with the number of voltage states andnot the number of max DPPs. Fix the error by changing the arraydeclaration to use t...

CVE-2022-48986

In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix gup_pud_range() for dax For dax pud, pud_huge() returns true on x86. So the function works as longas hugetlb is configured. However, dax doesn't depend on hugetlb.Commit 414fd080d125 ("mm/gup: fix gup_pmd_range() for da...

CVE-2022-49013

In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources,the memory pointed to by prio_head in stream out is not released. The memory leak information is as follo...

CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(),and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in tipc_crypt...

CVE-2022-49032

In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call...