CVE-2021-46996

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object name if userdata allocation fails.

CVE-2021-47077

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace:[ 14.042061] [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf][ 14.042117] qed_link_update+0x5c/0x80 [qed][ 14.0421...

CVE-2021-47162

In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list ifthe frag_list already has skbs from elsewhere, such as this skb wascreated by pskb_copy() where the frag_lis...

CVE-2021-47247

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lockremoval from TC filter update path and properly handle concurrent encapentry insertion/de...

CVE-2021-47483

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed,the 'blk' which is supposed to assign to 'rbnode->block' will be freed,so 'rbnode->block' points a...

CVE-2022-48424

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

CVE-2022-48637

In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxt_tx_int() handsover the ownership of the completed skb to the PTP worker.The skb should not be used afterwards, as the worker mayrun ...

CVE-2022-48662

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference toprotect its i915->gem.contexts.list iteration. However, this requiresthat we do not remove t...

CVE-2022-49309

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() There is a deadlock in rtw_surveydone_event_callback(),which is shown below: (Thread 1) | (Thread 2)| _set_timer()rtw_surveydone_event_callback()| mod_tim...

CVE-2022-49351

In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_tse_mdio_create Every iteration of for_each_child_of_node() decrementsthe reference count of the previous node.When break from a for_each_child_of_node() loop,we need to explicitly call of_n...

CVE-2022-49839

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crashtrying to delete the device in transport_remove_device() called fromsas_remove_host(). Unable to h...

CVE-2022-49923

In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb whennxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()run succeeds, the skb will not be fre...

CVE-2023-32247

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-s...

CVE-2023-3357

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.

CVE-2023-52590

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does notchange. Change ocfs2 rename code to avoid touching renamed directory ifits parent does not change a...

CVE-2023-52931

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vm_xa table makes it visible to userspace, whichcould try to race with us to close the vm. So we need to take our extrareference before putting it in the table. (cher...

CVE-2023-52938

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused bythe driver attempting to resume ports that were not yetregistered.

CVE-2024-26706

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessinguser space memory, may exhibit random data corruption if the compiler decidesto use a different reg...

CVE-2024-39468

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid suchdeadlock.

CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquiresa spin_lock. This is problematic for RT kernels because spin_locks aresleeping locks in this configuration, whi...

CVE-2024-42156

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert aclear-key into a protected- or secure-key.

CVE-2024-42224

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIObusses") mv88e6xxx_default_mdio_bus() has checked that thereturn value of list_first_entry() is non-NULL. This ...

CVE-2024-42311

In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/...

CVE-2024-44950

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out andRHR interrupts can happen. In this case, the IRQ handler will try to readfrom the FIFO thru...

CVE-2024-44957

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called byeventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), whichgets called under spin_lock_irqsave(). We can't use a m...

CVE-2024-44962

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted.If the timer happens to be modified at this moment, it leads to thekernel call t...

CVE-2024-45003

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects allreclaimable inodes and mark them with I_FREEING flag at first, at thattime, other processes will b...

CVE-2024-46707

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_SGI _EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured withGICv3 and that the host is not capable of GICv2 emulation,a write to any of the ICC_SGI _EL1 registers i...

CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is madefrom __create_missing_ancestors(..) and 'ent->old' is NULL inaa_replace_profiles(..).In that cas...

CVE-2024-46780

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtimefor modifications/repairs, but they are also regularly swapped, replacedduring resizing, an...

CVE-2024-47727

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio()function checks if the #VE exception occurred in the kernel and rejectsthe operation if it did not. However, userspace can dec...

CVE-2024-49852

In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops tozero. The nport->release release function is _efc_nport_free() which frees"npor...

CVE-2024-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in alloc_flex_gd() Wesley reported an issue: ==================================================================EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks------------[ cut here ]-------...

CVE-2024-49931

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix array out-of-bound access in SoC stats Currently, the ath12k_soc_dp_stats::hal_reo_error array is defined with amaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()function access ath12k_soc_dp...

CVE-2024-49972

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails [Why]When DC state create DML memory allocation fails, memory is notdeallocated subsequently, resulting in uninitialized structurethat is not NULL. [How]Deallocate memory i...

CVE-2024-49986

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should notbe used after calling x86_android_tablet_remove(). When platform_device...

CVE-2024-50042

In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. Thisis caused by not reallocating some arrays. Reproducer:modprobe iceecho 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autopro...

CVE-2024-50231

In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() modprobe iio-test-gts and rmmod it, then the following memory leakoccurs: unreferenced object 0xffffff80c810be00 (size 64): comm "kunit_try_catch", pid 1654, ji...

CVE-2024-50285

In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too muchmemory through the "ksmbd_work_cache”. It will cause OOM issue.ksmbd has a credit mechanism but it can't ...

CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, sowhen SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,the client uses AES-128-CCM as the def...

CVE-2024-53230

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not inpolicy->cpus cpu mask and it will cause null pointer dereference,so check NULL for cppc_get_cpu_cost().

CVE-2024-53231

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not inpolicy->cpus cpu mask and it will cause null pointer dereference.

CVE-2024-56588

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, thedriver allocate memory space to save the register information and createdebugfs files to display ...

CVE-2024-56698

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If apartially completed request is handled, then thedwc3_request->num_queued_sgs no longer reflects the total ...

CVE-2024-58013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ==================================================================BUG: KASAN: slab-use-after-free in mgmt_remove_adv_moni...

CVE-2025-21714

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using__xa_cmpxchg() to make sure this is the only time we are destroying thisspecific mr. Without this change, we could try to in...

CVE-2025-21893

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collectorthread may destroy it at any time and so key_put() is not allowed to touchthe key after that point. The most key_put() is normally ...

CVE-2025-22038

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checkingif num_subauth is non-zero leads to an out-of-bounds read.This patch adds a validation step to ensure n...

CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregisterwhen the second channel sets up a session through the connection ofthe first channel. session that is freed thr...

CVE-2025-37803

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.