9994 matches found
CVE-2018-1095
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system...
CVE-2018-7754
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssif_info->client early During probe ssif_info->client is dereferenced in error path. However,it is set when some of the error checking has already been done. Thiscauses following kernel crash if an err...
CVE-2021-47102
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line:upper = info->upper_dev;We access upper_dev field, which is related only for particular events(e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memorya...
CVE-2021-47229
In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START registerwhen previous transfer has not yet completed (which is indicated by value 1in PIO_START) causes an Exter...
CVE-2021-47293
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip...
CVE-2021-47301
In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning theTX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runswhile the controller is reset this can l...
CVE-2021-47380
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() atregistration that will cause NULL pointer dereference sincecorresponding data is not initialized yet. The pa...
CVE-2021-47391
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests The FSM can run in a circle allowing rdma_resolve_ip() to be called twiceon the same id_priv. While this cannot happen without going through thework, it viola...
CVE-2021-47403
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was onlyreleased once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initi...
CVE-2021-47465
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code inC") kvm_start_guest() became idle_kvm_start_guest(). The old codeallocated a stack frame on the ...
CVE-2021-47520
In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe.Especially, the can_frame cf which aliases skb memory is dereferencedjust after the call netif_receive_skb(skb). ...
CVE-2021-47563
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are sharedbetween ndo_bpf op and VSI rebuild flow. The latter takes place forexample when user changes queue count on an interface v...
CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflowsocket lock held. If such call hits mptcp_sockopt_sync_all() thensubsequently __mptcp_sockopt_sync() could try to loc...
CVE-2021-47614
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLEinfo list. Add the chunk entry to the PBLE info list only after successful setting ofthe SD in irdma_hmc_sd_...
CVE-2021-47637
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks:[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132[ 77.028820] Call Trace:[ 77.029027] schedule+0x8c/0x1b0[ 77.029067] mutex_lock+0x50...
CVE-2021-47648
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1x_remove()' Add a missing 'host1x_channel_list_free()' call in the remove function,as already done in the error handling path of the probe function.
CVE-2022-3238
A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-48665
In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a largecapacity partition. For example, if storage with sector size of 512 bytes and partitioncapacity is larger than 2TB, ...
CVE-2022-48863
In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg),but then it updates dup variable by strsep(&dup, "|").As a result when it calls kfree(dup), the dup variable contains NULL. F...
CVE-2022-48919
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we calldeactivate_locked_super() which eventually will call delayed_free() whichwill free the context.In this sit...
CVE-2022-49084
In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straightto skb_reserve(). However, build_skb() can fail under memory pressure.This results in a kernel panic because the skb to ...
CVE-2022-49098
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to performsome operations when a panic event is detected. Since vmbus can be builtas module, it is required that ...
CVE-2022-49183
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear inbetween, it is now leaking a reference to the old ct entry. That'sbecause tcf_ct_skb_nfct_cached() returns f...
CVE-2022-49196
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've calleddevice_unregister(&host_bridge->dev). But the unregister may have freedphb, because pcibios_free_...
CVE-2022-49206
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fixthe error unwind flow to free that memory to avoid a memory leak.
CVE-2022-49241
In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe The device_node pointer is returned by of_parse_phandle() with refcountincremented. We should use of_node_put() on it when done. This function only calls of_node_put() i...
CVE-2022-49281
In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for theshare and thus their own handle for a cached directory.When we umount such a share we much make sure to release the pinned do...
CVE-2022-49410
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fieldsof variable ref_field, which is allocated in the previous function callto create_hist_field(). Function in...
CVE-2022-49447
In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing of_node_put after of_find_compatible_node of_find_compatible_node will increment the refcount of the returneddevice_node. Calling of_node_put() to avoid the refcount leak
CVE-2022-49472
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structureand the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data ...
CVE-2022-49491
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platform_get_resource()returns NULL, move calling resource_size() after devm_ioremap_resource() thatwill check 'res' t...
CVE-2023-52499
In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476FSP2 system: kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0)BUG: Unable to handle kernel instr...
CVE-2023-52503
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session There is a potential race condition in amdtee_close_session that maycause use-after-free in amdtee_open_session. For instance, if a sessionhas refcount == 1, and...
CVE-2023-52523
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an sk_msg program user can steer messagessent from one TCP socket (s1) to actually egress from another TCPsocket (s2): tcp_bpf_sendmsg(...
CVE-2023-52527
In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet ispartially filled (e.g. something like send(MSG_MORE) happened previously)when appending to an IPv4...
CVE-2023-52531
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for:sizeof(struct iwl_nvm_data) +sizeof(struct ieee80211_channel) +sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_dat...
CVE-2023-52732
In the Linux kernel, the following vulnerability has been resolved: ceph: blocklist the kclient when receiving corrupted snap trace When received corrupted snap trace we don't know what exactly hashappened in MDS side. And we shouldn't continue IOs and metadatasaccess to MDS, which may corrupt or g...
CVE-2023-52976
In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferencedwithout checking it for NULL. This patch adds a check that falls back on allocating a new page incase ...
CVE-2023-53016
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1].While rfcomm_sock_connect acquires the sk lock and waits forthe rfcomm lock, rfcomm_sock_release could have...
CVE-2023-53079
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path whenEEH happens. Since the vport's promisc settings(uc, mc and all) infirmware are reset after EEH, mlx5 driver will try to de...
CVE-2023-53102
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw ice_qp_dis() intends to stop a given queue pair that is a target of xskpool attach/detach. One of the steps is to disable interrupts on thesequeues. It currently is broken in a way that ...
CVE-2023-53105
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix cleanup null-ptr deref on encap lock During module is unloaded while a peer tc flow is still offloaded,first the peer uplink rep profile is changed to a nic profile, and soneigh encap lock is destroyed. Next during u...
CVE-2023-53108
In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger.These bytes are not used by the iucv module, but written bythe z/VM hypervisor in case a CPU is deconfigured. Reported as:BUG dma-kmalloc-64 (Not tainted...
CVE-2023-53124
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by eithersas_end_device_alloc() or sas_expander_alloc(), all of which may returnNULL. So we need...
CVE-2023-6560
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.
CVE-2024-26914
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why]MAX_SURFACES is per stream, while MAX_PLANES is per asic. Thempc_combine is an array that records all the planes per asic. ThereforeMAX_PLANES should be used as the array s...
CVE-2024-27412
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which caseclient->irq will be 0. bq27xxx_battery_i2c_probe() already hasan if (client->irq) check wrapping the request_th...
CVE-2024-35804
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the targetgfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. Thisfixes a bug where KVM effe...
CVE-2024-35871
In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new threadin user context. For a kernel thread, childregs->gp is never used sincethe kernel gp is not touched by switch_to. For a ...