6925 matches found
CVE-2021-47440
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory,this will results in null pointer dereference later when readingor writing register: general protectio...
CVE-2021-47471
In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference crash on unload The mxsfb->crtc.funcs may already be NULL when unloading the driver,in which case calling mxsfb_irq_disable() via drm_irq_uninstall() frommxsfb_unload() leads to NULL poin...
CVE-2021-47562
In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's settingexposed a hidden bug that could occur in case when Rx queue count differfrom Tx queue count. Currently vsi->txq_map's size is e...
CVE-2022-48646
In the Linux kernel, the following vulnerability has been resolved: sfc/siena: fix null pointer dereference in efx_hard_start_xmit Like in previous patch for sfc, prevent potential (but unlikely) NULLpointer dereference.
CVE-2022-48691
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance torelease the hooks. BUG: memory leakunreferenced object 0xffff88810180b100 (size 96):comm "...
CVE-2022-48724
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware nodeunconditionally allocated"). For tear down scenario, fn is only freedafter fail to allocate ir_d...
CVE-2022-48728
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0PGD 0 P4D 0Oops: 0002 [#1] SMP NOPTIWorkqueue: ev...
CVE-2022-48748
In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled,untagged or priority-tagged ingress frame will go to check pvid state.If the port state is forwarding and th...
CVE-2022-48857
In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is inmissing usb_kill_urb() calls on error handling path of ->probe function. port100_send_complete() access...
CVE-2022-48860
In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcountincremented in this function. Calling of_node_put() to avoid therefcount leak. As the remove function do.
CVE-2022-48920
In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transactioncommit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c...
CVE-2022-48928
In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, asalready done in the...
CVE-2022-48930
In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushingsystem_long_wq is deadlock-prone and since that call is redundant with apreceding cancel_work_sync()
CVE-2022-48957
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened indpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().
CVE-2022-48972
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008RIP: 0010:cfg802154_netdev_notifier_call+0x1...
CVE-2022-49005
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the usual one, maxis the number of steps rather than the maximum value. This means that ourcheck in snd_soc_put_volsw_sx() needs to...
CVE-2022-49019
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointerpriv->rx_bd_v is possible for the case of its allocation failure innixge_hw_dma_bd_init(). Move for() loop with priv->...
CVE-2022-49082
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...
CVE-2022-49117
In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in ill_acc_of_setup() of_node_put(np) needs to be called when pdev == NULL.
CVE-2022-49208
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? It appears that "info-...
CVE-2022-49221
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purposeand expect DP source return correct checksum. During drm edid read,correct edid checksum is calculated and stored...
CVE-2022-49324
In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Add the missing of_node_put() to release the refcount incrementedby of_find_compatible_node().
CVE-2022-49480
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe of_find_device_by_node() takes reference, we should use put_device()to release it. when devm_kzalloc() fails, it doesn't have aput_device(), it will cause refcount leak.Add missin...
CVE-2022-49676
In the Linux kernel, the following vulnerability has been resolved: memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_nod...
CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid hasbeen obtained. Just move the version check earlier.
CVE-2022-49892
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found fromvmcore that perf had registered two ops with the same contentsuccessively, both dynamic. After unregistering th...
CVE-2023-52613
In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need-ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones...
CVE-2023-52850
In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU isdone by genpd. Check whether the .reset op is defined before calling itto avoid NULL pointer derefer...
CVE-2023-52870
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order toavoid NULL pointer dereference.
CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree nodeblock by calling __nilfs_btree_get_block() against an invalid virtualblock address, it returns -ENO...
CVE-2024-24864
A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVE-2024-26692
In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression whenmaximum write size is set by the server to an unexpected value which isnot a multiple o...
CVE-2024-35784
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdepsplat with fiemap and pagefaulting with my new extent lock replacementlock. This deadlock exists with our norm...
CVE-2024-40969
In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thaw_super due to readonly, whichcauses a deadlock like below. f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread bdev_freeze freeze_supe...
CVE-2024-42071
In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be carefulabout how we call napi_consume_skb(), specifically we need tocall it with budget==0 to signal to it that we're not in asafe...
CVE-2024-42109
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:95...
CVE-2024-42264
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...
CVE-2024-43845
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updatingchecksum of '..' directory entry of a moved directory. This is indeedtrue as we pass on-stack diriter.fi to...
CVE-2024-43852
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL(4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then wehave read one element bey...
CVE-2024-44953
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work,and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0...
CVE-2024-47721
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn'timplemented, but driver expects number of handlers isNU...
CVE-2024-49869
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate structname_cache_entry with __counted_by()") we annotated the variable lengtharray "name" from th...
CVE-2024-50094
In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated fromnetpoll_send_udp(). The netconsole sends a message and then netpollinvokes the driver's NAPI function with a budget of zero. It i...
CVE-2024-50149
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job threadresulting in UAF. It is only safe for free job to naturally be called bythe scheduler. Rather free job in TDR, add to pending list. (che...
CVE-2024-50173
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our second loop,because it points to the previously iterated list_head, not a validgroup. Get the ptdev o...
CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to64 for the video capture queue. But video capture used a must_blankarray that was still sized for 32 ...
CVE-2025-21798
In the Linux kernel, the following vulnerability has been resolved: firewire: test: Fix potential null dereference in firewire kunit test kunit_kzalloc() may return a NULL pointer, dereferencing it withoutNULL check may lead to NULL dereference.Add a NULL check for test_state.
CVE-2025-22031
In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion When BIOS neglects to assign bus numbers to PCI bridges, the kernelattempts to correct that during PCI device enumeration. If it runs outof bus numbers, no pci_bus i...
CVE-2025-22051
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to thedriver cause a NULL dereference Oops as the bus_interfaceis set to NULL on disconnect. This problem was introd...
CVE-2007-2875
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.