2811 matches found
CVE-2022-49282
In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fs_quota_sync() cnt should be passed to sb_has_quota_active() instead of type to checkactive quota properly. Moreover, when the type is -1, the compiler with enough inline knowledgecan discard s...
CVE-2022-49300
In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbd_alloc_config() and module removal When nbd module is being removing, nbd_alloc_config() may becalled concurrently by nbd_genl_connect(), although try_module_get()will return false, but nbd_alloc_config() d...
CVE-2022-49344
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without other'slock held and check if its receive queue is full. Here we need touse unix_recvq_full_lockless() instead of unix...
CVE-2022-49375
In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2022-49412
In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment wedecide two queues are worth to merge (and set bic->stable_merge_bfqq)and the moment bfq_setup_merge() is calle...
CVE-2022-49511
In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: fix the pagelist corruption Easily hit the below list corruption: list_add corruption. prev->next should be next (ffffffffc0ceb090), butwas ffffec604507edc8. (prev=ffffec604507edc8).WARNING: CPU: 65 PID: 3959 at li...
CVE-2022-49545
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pendingwork, which would eventually access the rawmidi runtime object that isbeing released. For fixing...
CVE-2022-49574
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_recovery. While reading sysctl_tcp_recovery, it can be changed concurrently.Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49578
In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chanceof data-race. So, all readers and writers need some basic protection toavoid load/store-tearing.
CVE-2024-57910
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from atriggered buffer, but it does not set an initial value for the singledata element, which is an u16 alig...
CVE-2024-57932
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installedand the interface is up. As such, the NDO XDP XMIT callback shouldreturn early if either of these conditions...
CVE-2024-58085
In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(),for one can write a very very long line without new line character. To fixthis warning, I use __GFP_NOW...
CVE-2025-21796
In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be releasedsimultaneously. However, acl_access will still retain a pointer pointingto the released posix_acl, whi...
CVE-2025-21867
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. Thecause of the issue was that eth_skb_pkt_type() accessed skb's datathat didn't contain an Ethernet head...
CVE-2025-21898
In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}produce zero and skip stddev computation in that case. For now don't care about rec->counte...
CVE-2025-21916
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1].This time the issue stems from a commit authored by me (2eabb655a968("usb: atm: cxacru: fix endpoint che...
CVE-2025-22005
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everythingwhen it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh")moved fib_n...
CVE-2025-22126
In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(),list_for_each_entry_safe is used, and this can race with deletint thenext mddev, causing UAF: t1:spin_lock//lis...
CVE-2022-49155
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx][ 12.338...
CVE-2022-49156
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can putthe thread to sleep. The thread that originates the call is in interruptcontext. The combination of the two trigg...
CVE-2022-49301
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' inusb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inlin...
CVE-2022-49302
In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2022-49305
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() There is a deadlock in ieee80211_beacons_stop(), which is shown below: (Thread 1) | (Thread 2)| ieee80211_send_beacon()ieee80211_beacons_stop() | mod_timer()spin_...
CVE-2022-49330
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug,added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe iftcp_snd_cwnd(tp) &g...
CVE-2022-49343
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-treestored inside a directory. That can easily lead to the kernel corruptingtree nodes that were already verified under its hands...
CVE-2022-49368
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via ethtool_get_rxnfc().Check that it is valid to prevent an out of bounds read.
CVE-2022-49372
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_rtx_synack() can be called from process context Laurent reported the enclosed report [1] This bug triggers with following coditions: Kernel built with CONFIG_DEBUG_PREEMPT=y A new passive FastOpen TCP socket is created.Thi...
CVE-2022-49373
In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() in some error paths.
CVE-2022-49515
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined inthe array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSANto report a shift-out-of-boun...
CVE-2022-49549
In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, thepreviously allocated threshold banks array @bp will be leaked becausethe call to mce_threshold_r...
CVE-2022-49575
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49593
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_interval. While reading sysctl_tcp_probe_interval, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49600
In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49625
In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling toefx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in whatspecific circumstances, it has...
CVE-2022-49629
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently.Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49630
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49642
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driverfor Tegra194 where random system crashes have been observed [0]. Theproblem occurs when the split header fe...
CVE-2022-49671
In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. Whencm_init_listen() fails it doesn't free it, leading to memory leak. Add the missing error unwind.
CVE-2022-49687
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warningwhen using virtio_net: ip link set eth0 up echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem) <resume...
CVE-2022-49728
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in __ip6_append_data Resurrect ubsan overflow checks and ubsan report this warning,fix it by change the variable [length] type to size_t. UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:148...
CVE-2022-49732
In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")has moved the inet_csk_has_ulp(sk) check from sk_psock_init() tothe new tcp_bpf_update_proto() function. ...
CVE-2024-48873
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so check itbefore using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 ("Dereference null...
CVE-2024-53687
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all thecores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/s...
CVE-2024-54455
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpu_bo_list() Check if ctx is not NULL before accessing its fields.
CVE-2024-57806
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enablesthe feature. With the config CONFIG_BTRFS_ASSERT enabled, an assertionfailure occurs regarding t...
CVE-2024-57924
In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh()method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd andna...
CVE-2024-57945
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as:((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).And the struct page's va can be ...
CVE-2024-57981
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, theenqueue pointer is advanced to the subsequent link TRB and no further.If the command is later ab...
CVE-2024-58090
In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103...
CVE-2025-21652
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan andlinkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan andmacvlan. If the linkwatch work is trig...