CVE-2024-36021

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink...

CVE-2024-36914

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY]dynamic memory safety error detector (KASAN) catches and generates errormessages "BUG: KASAN: slab-out-of-bounds" as writeback connector does notsupport certain featu...

CVE-2024-38543

In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if thephysical memory has run out. As a result, if src_pfns or dst_pfns isdereferenced, the null pointer...

CVE-2024-38560

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes fromuserspace to that buffer. Later, we use sscanf on this buffer but we don'tensure that the string is terminat...

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"),each iostat instance is added to blkcg percpu list, so blkcg_reset_stats()can't reset the stat instance b...

CVE-2024-39505

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komeda_pipeline_get_state() may return an error-valued pointer, thuscheck the pointer for negative or null value before dereferencing.

CVE-2024-40944

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix bug with call depth tracking The call to cc_platform_has() triggers a fault and system crash if call depthtracking is active because the GS segment has been reset by load_segments() andGS_BASE is now 0 but call depth...

CVE-2024-40968

In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used toaccess the configuration space of the peripheral PCIe devicesof the mips processor after the PCIe link surprise down, it cangen...

CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and usedunchecked, so verify that the value doesn't exceed maximum allowed valuebefore using it.

CVE-2024-41047

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removingthe driver") introduced a new PF state "__I40E_IN_REMOVE" to blockmodifying the XDP program while the driver is ...

CVE-2024-41088

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stopsprocessing messages, and the interrupt routine does not return,running indefinitely even after killing the running ap...

CVE-2024-42248

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for of_node The pdev->dev.of_node can be NULL if the "serial" node is absent.Add a NULL check to return an error in such cases.

CVE-2024-43860

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just countsnumber of phandles. But phandles may be empty. So of_parse_phandle() inthe parsing loop...

CVE-2024-44972

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG]For subpage + zoned case, the following workload can lead to rsv dataleak at unmount time: mkfs.btrfs -f -s 4k $dev mount $dev $mnt fsstress -w -n 8 -d $mnt -s ...

CVE-2024-45028

In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling__free_pages(test->highmem) will result in a NULL dereference. Alsochange the error code to -ENOMEM...

CVE-2024-46726

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW]Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation willnever overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues re...

CVE-2024-46844

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I haveencountered cases where it's still printed; initializeit in all possible cases in setup_one_line().

CVE-2024-46847

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference inpurge_fragmented_block") extended the 'vmap_block' structure to contain a'cpu' field which is set at alloc...

CVE-2024-48875

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS="-O rst" to force the usage ofthe RAID stripe-tree, we get the following splat from lockdep: BTRFS info (device sdd): dev_re...

CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completionhas to be stopped for avoiding to complete this requeued request, otheruse-after-free can be triggered. Fix t...

CVE-2024-49861

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map(like in case of .rodata), it was still possible to write into it froma BPF program side through specific helpers having A...

CVE-2024-49915

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw This commit addresses a potential null pointer dereference issue in thedcn32_init_hw function. The issue could occur when dc->clk_mgr isnull. The fix adds a check to e...

CVE-2024-50206

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers mustonly touch as many descriptors, otherwise it ends up corrupting unrelatedmemory. Fix the l...

CVE-2024-50274

In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpf_get_link_ksettings When the device control plane is removed or the platformrunning device control plane is rebooted, a reset is detectedon the driver. On driver reset, it releases the resources andw...

CVE-2024-53062

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: protect driver against spectre Frequency range is set from sysfs via frequency_range_store(),being vulnerable to spectre, as reported by smatch: drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn:...

CVE-2024-53189

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan The channels array in the cfg80211_scan_request has a __counted_byattribute attached to it, which points to the n_channels variable. Thisattribute is used in bound...

CVE-2024-56579

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered,otherwise video_drvdata() may return NULL in the open() file ops, and ledto oops.

CVE-2024-56613

In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description]When running the hackbench program of LTP, the following memory leak isreported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 100...

CVE-2024-56725

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Add error pointer check after calling otx2_mbox_get_rsp().

CVE-2024-56753

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module This commit addresses an omission in the previous patch related to thecleaner shader support for GFX9 hardware. Specifically, it adds thenecessary deinitializa...

CVE-2024-56784

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How]Array indices out of bound caused memory corruption. Adding checks toensure that array index stays in bound.

CVE-2024-57895

In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is cominglike the following. [ 113.215316] ------------[ cut here ]------------[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/...

CVE-2024-58016

In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entrywith writes handled by handle_policy_update(), triggering a warningin kmalloc. Check the size specified for write buffers be...

CVE-2024-58078

In the Linux kernel, the following vulnerability has been resolved: misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors misc_minor_alloc was allocating id using ida for minor only in case ofMISC_DYNAMIC_MINOR but misc_minor_free was always freeing idsusing ida_free causing a misma...

CVE-2025-21816

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target atthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timershandling tasks ...

CVE-2025-21833

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation whendomain_remove_dev_pasid can't find the pasid. In case it neverthelesshappens we must avoid using a NULL pointer.

CVE-2025-21888

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associatedumem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the codeincorrectly takes the wrong bran...

CVE-2025-21924

In the Linux kernel, the following vulnerability has been resolved: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error During the initialization of ptp, hclge_ptp_get_cycle might return an errorand returned directly without unregister clock and free it. T...

CVE-2025-21931

In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages tobe offlined) add page poison checks in do_migrate_range in order to makeoffline hwpoisoned ...

CVE-2025-22070

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had adefault ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a sub...

CVE-2025-22083

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without avhost_scsi_clear_endpoint between them, we can hit multiple bugsfound by Haoran Zhang: Use-after-fre...

CVE-2025-22106

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info in thevmxnet3_reset_work() code path as vmxnet3_rq_destroy()is not invoked in this code path. So, we get below message with abacktrace. Mis...

CVE-2025-23133

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be processedaccording to the following steps: update new channel list to cfg80211 and queue reg_work. cfg80...

CVE-2025-23141

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle arather extreme edge case where "accepting" APIC events, i.e. processingpending...

CVE-2025-23147

In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has notbeen probed yet. In such cases, the master calls i3c_master_queue_ibi()to queue an IBI work task, leadi...

CVE-2025-23157

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times duringmanipulated payload from video firmware. In such case, if codecs_countcan get incremented to v...

CVE-2025-37755

In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle page_pool_dev_alloc_pages error page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046("ne...

CVE-2025-37769

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value.If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. (cherry picked from co...

CVE-2025-37775

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to d...

CVE-2025-37787

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULLpointer when unbinding this driver:https://lore.kernel.org/netdev/Z_lRkMlTJ1K...