CVE-2022-49450

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix listen() setting the bar too high for the prealloc rings AF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bumpup the sysctl), but whilst the preallocation circular buffers have 32 slotsin them, one o...

CVE-2022-49547

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between concurrent dio writes when low on free data space When reserving data space for a direct IO write we can end up deadlockingif we have multiple tasks attempting a write to the same file range, thereare mu...

CVE-2022-49571

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its readers.

CVE-2022-49714

In the Linux kernel, the following vulnerability has been resolved: irqchip/realtek-rtl: Fix refcount leak in map_interrupts of_find_node_by_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_node_put() in...

CVE-2022-49741

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatchingissues, e.g., missing ufx_free_usb_list, destroy_modedb label shouldonly include framebuffer_release, fb_...

CVE-2022-49742

In the Linux kernel, the following vulnerability has been resolved: f2fs: initialize locks earlier in f2fs_fill_super() syzbot is reporting lockdep warning at f2fs_handle_error() [1], forspin_lock(&sbi->error_lock) is called before spin_lock_init() is called.For safe locking in error handling, m...

CVE-2022-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows:EXT4-fs (loop0): Free/Dirty block detailsEXT4-fs (loop0): free_blocks=0EXT4-fs (loop0): dirty_blocks=0EXT4-fs (loop0): Block reservation detailsEXT4-fs ...

CVE-2023-52570

In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() Inject fault while probing mdpy.ko, if kstrdup() of create_dir() fails inkobject_add_internal() in kobject_init_and_add() in mdev_type_add()in parent_create_sysfs_fil...

CVE-2023-52826

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110_get_modes(), the return value of drm_mode_duplicate() isassigned to mode, which will lead to a NULL pointer dereference onfailure of drm_mode_duplicate()...

CVE-2023-52851

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL inmlx5_mkey_cache_init(), delete the call tomlx5r_umr_resource_cleanup() (which f...

CVE-2023-52863

In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the privateaxi_fan_control_data structure, might be called before the hwmondevice is registered. That will cause an "Unable ...

CVE-2023-53023

In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called fromlocal_cleanup(). This could happen when killing nfc daemon (e.g. neard)after detaching an nfc device.When detaching an nfc d...

CVE-2024-26716

In the Linux kernel, the following vulnerability has been resolved: usb: core: Prevent null pointer dereference in update_port_device_state Currently, the function update_port_device_state gets the usb_hub fromudev->parent by calling usb_hub_to_struct_hub.However, in case the actconfig or the ma...

CVE-2024-26730

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix access to temperature configuration registers The number of temperature configuration registers doesnot always match the total number of temperature registers.This can result in access errors reported if KASAN ...

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order tosilence such warnings (and also avoid potential errors due to unexpectedinterrupts): WARNING: CPU: 1 PI...

CVE-2024-35856

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter dan...

CVE-2024-36931

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf fromuserspace to that buffer. Later, we use scanf on this buffer but we don'tensure that the string is terminated ins...

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to theSystem Companion Processor, and it's not granted that both the SRAM(L2TCM) size that is defined in the de...

CVE-2024-38547

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries()is followed with a dereference of mycs->yuv_scaler_binary after thefollo...

CVE-2024-38568

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through followingcmd [1], but the driver does not check whether the array index is outof bounds when writing...

CVE-2024-38571

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c)as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to nullpointer dereference (if DEBUG...

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not beenperformed, leading to possible null pointer dereferences (which didhappen for me on RB1). Fix that.

CVE-2024-42155

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys isaccessible, this key material should only be visible to the callingprocess. So wipe all copies of protected- or sec...

CVE-2024-43887

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the lasttcp_ao_info. On the socket destruction tcp_ao_info ceases to bewith RCU grace period, while tcp-ao static branch is ...

CVE-2024-45013

In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")moves starting keep-alive from nvme_start_ctrl() intonvme_init_ctrl_finish(), but don't move stopping keep...

CVE-2024-45029

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to amutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid c...

CVE-2024-47676

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens becausevmf_anon_prepare() could drop the per-VMA lock and allow the current VMAto be freed before hugetlb_vma_unlock_read()...

CVE-2024-49943

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be runningconcurrently with an async queue destroy, therefore dereferencing thequeue ptr to check wedge status after t...

CVE-2024-49990

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capabilitycheck. Add gsc structure check to avoid null pointer error.

CVE-2024-50092

In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the bufferfor userdata. However, this is not an issue since userdata will be sentin the next iteration. Current warning message: --------...

CVE-2024-53080

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when convertinggroup handle to group object") we need to use the XArray's internallocking when retrieving a vm pointer ...

CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open()before setting the client ops via serdev_device_set_client_ops(). Thisordering can trigger a NULL pointer de...

CVE-2004-1234

load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.

CVE-2005-0504

Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.

CVE-2005-3180

The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.

CVE-2006-1863

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864.

CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

CVE-2007-3851

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

CVE-2007-5904

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.

CVE-2008-5701

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the sysc...

CVE-2009-3638

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

CVE-2009-4026

The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."

CVE-2011-1477

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

CVE-2011-4348

Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.

CVE-2011-4611

Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.

CVE-2011-4914

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via...

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

CVE-2013-3223

The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-7026

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system call...