4367 matches found
CVE-2024-49869
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate structname_cache_entry with __counted_by()") we annotated the variable lengtharray "name" from th...
CVE-2024-53192
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member hws in struct clk_hw_onecell_data is annotatedwith the counted_by() attribute. This means that when memory isallocated for this...
CVE-2024-56617
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate andbuild ca...
CVE-2024-56740
In the Linux kernel, the following vulnerability has been resolved: nfs/localio: must clear res.replen in nfs_local_read_done Otherwise memory corruption can occur due to NFSv3 LOCALIO readsleaving garbage in res.replen: nfs3_read_done() copies that into server->read_hdrsize; from therenfs3_proc...
CVE-2022-48871
In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo) based ondefault RX FIFO depth, e.g. 16. Later during serial startup theqcom_geni_serial_port_set...
CVE-2022-48959
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(),priv->regions is not released.
CVE-2022-49009
In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checkedto avoid NULL poineter dereference.
CVE-2024-44978
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put candestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d09...
CVE-2024-44980
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done bydisplay itself. However this is a bigger refactor that needs to be doneon both i915 and xe. For now, just fix the leak: unreferenced ...
CVE-2024-46769
In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name.This can return a NULL pointer on failure but this returned valueis not checked.
CVE-2024-47708
In the Linux kernel, the following vulnerability has been resolved: netkit: Assign missing bpf_net_context During the introduction of struct bpf_net_context handling forXDP-redirect, the netkit driver has been missed, which also requires itbecause NETKIT_REDIRECT invokes skb_do_redirect() which is ...
CVE-2024-49943
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be runningconcurrently with an async queue destroy, therefore dereferencing thequeue ptr to check wedge status after t...
CVE-2024-50092
In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the bufferfor userdata. However, this is not an issue since userdata will be sentin the next iteration. Current warning message: --------...
CVE-2024-50113
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for selfID sequence"), the enumeration over self ID sequence was refactored withsome helper functions with KUn...
CVE-2024-50144
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix unbalanced rpm put() with fence_fini() Currently we can call fence_fini() twice if something goes wrong whensending the GuC CT for the tlb request, since we signal the fence andreturn an error, leading to the caller als...
CVE-2024-50284
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannotbe stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed,so check error for xa_store() to fix it.
CVE-2024-53080
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when convertinggroup handle to group object") we need to use the XArray's internallocking when retrieving a vm pointer ...
CVE-2024-53205
In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULLbut this returned value is not checked.
CVE-2022-48897
In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------kernel BUG at mm/page_table_check.c:119!Internal error: Oops - BUG: ...
CVE-2022-48996
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() Commit da87878010e5 ("mm/damon/sysfs: support online inputs update") made'damon_sysfs_set_schemes()' to be called for running DAMON...
CVE-2022-49018
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: pac...
CVE-2022-49030
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entrieswill overflow u32 when mapping producer page and data pages. Onlycasting max_entries to size_t is not enough, becaus...
CVE-2023-52684
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping tothe relevant labels where memory allocated for the SCM calls would befreed.
CVE-2024-38584
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() In the prueth_probe() function, if one of the calls to emac_phy_connect()fails due to of_phy_connect() returning NULL, then the subsequent call tophy_attached_in...
CVE-2024-40950
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: fix misused mapping_large_folio_support() for anon folios When I did a large folios split test, a WARNING "[ 5059.122759][ T166]Cannot split file folio to non-0 order" was triggered. But the test casesare only for ...
CVE-2024-42275
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix error code in drm_client_buffer_vmap_local() This function accidentally returns zero/success on the failure path.It leads to locking issues and an uninitialized *map_copy in thecaller.
CVE-2024-44936
In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper")reworked the driver to use devm. While at it, the i2c_set_clientdatawas dropped along with t...
CVE-2024-47676
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens becausevmf_anon_prepare() could drop the per-VMA lock and allow the current VMAto be freed before hugetlb_vma_unlock_read()...
CVE-2024-47694
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix UMR pd cleanup on error flow of driver init The cited commit moves the pd allocation from functionmlx5r_umr_resource_cleanup() to a new function mlx5r_umr_cleanup().So the fix in commit [1] is broken. In error flow, wi...
CVE-2024-47724
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")from Feb 28, 2024 (linux-next), leads to the following Smatch staticchecker warning: drivers/net/wireless/at...
CVE-2024-49956
In the Linux kernel, the following vulnerability has been resolved: gfs2: fix double destroy_workqueue error When gfs2_fill_super() fails, destroy_workqueue() is called withingfs2_gl_hash_clear(), and the subsequent code path callsdestroy_workqueue() on the same work queue again. This issue can be ...
CVE-2024-50094
In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated fromnetpoll_send_udp(). The netconsole sends a message and then netpollinvokes the driver's NAPI function with a budget of zero. It i...
CVE-2024-50204
In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into thenamespace rbtree until after the copy succeeded. Calling free_mnt_ns()will try to remove the copy from the rbtree which is...
CVE-2024-53199
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in imx_audmix_probe() is not checked.Add NULL check in imx_audmix_probe(), to handle kernel NULLpoint...
CVE-2024-38631
In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for averagecurrent and voltage measurements. The device itself hasonly 4 channels, but in sysfs there are "fake"channels for the ave...
CVE-2024-47680
In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fs_bdev_support_discard() shows, f2fs checks ifthe target block devices support discard by callingbdev_max_discard_sectors() and bdev_is_zoned(). This chec...
CVE-2024-49872
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix memfd_pin_folios alloc race panic If memfd_pin_folios tries to create a hugetlb page, but someone elsealready did, then folio gets the value -EEXIST here: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) ...
CVE-2024-49964
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pagesif the pages were not already faulted in, because the folio refcount forpages created by memfd_alloc_fo...
CVE-2024-49979
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly. Va...
CVE-2024-50122
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race betweenthe pwrctl platform device rescanning the bus and host controller probefunctions. The latter nee...
CVE-2024-50123
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmaplink fd. Fix it by adding the missing BPF_LINK_TYPE invocation forsockmap link Also add comments for ...
CVE-2024-50254
In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether thebits are dynamically allocated. However, the check is incorrect and maycause a kmemleak as ...
CVE-2024-56696
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() kunit_kzalloc() may return a NULL pointer, dereferencing it withoutNULL check may lead to NULL dereference.Add NULL checks for all the kunit_kzalloc() in sound_kun...
CVE-2022-49008
In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdevis down, and all callers of can327_feed_frame_to_netdev() did not freealloc...
CVE-2024-49873
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemap_get_folios_contig THP panic Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfd_pin_folios with hugetlbpages and THP. The hugetlb bugs only bite when the page is not yetfa...
CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to64 for the video capture queue. But video capture used a must_blankarray that was still sized for 32 ...
CVE-2024-42266
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cow_file_range_inline() honor locked_page on error The btrfs buffered write path runs through __extent_writepage() whichhas some tricky return value handling for writepage_delalloc().Specifically, when that returns 1, w...
CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without anypermission checks. As a result, this was allowing possible denial ofservice. We now only allow the DRM mast...
CVE-2024-47729
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user bindscompletion, thus we can deadlock. Avoid this by using reserved copyengine for user binds on fa...
CVE-2024-49941
In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In gpiod_get_label(), it is possible that srcu_dereference_check() mayreturn a NULL pointer, leading to a scenario where label->str is accessedwithout verifyin...