9994 matches found
CVE-2022-49128
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pm_runtime_put_sync pm_runtime_get_sync() will increase the rumtime PM countereven when it returns an error. Thus a pairing decrement is neededto prevent refcount leak. Fix this by replacing this API withpm_...
CVE-2022-49159
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. Whenqla2x00_async_iocb_timeout() starts to run it can be preempted by thenormal response path (via the firmware?). qla24xx_async_gpsc_...
CVE-2022-49168
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bio_endio() on the bio if it fails tosubmit, so cleaning up the bio just leads to a variety of use-after-freeand NULL pointer dereference bugs beca...
CVE-2022-49176
In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfq_dispatch_request KASAN reports a use-after-free report when doing normal scsi-mq test [69832.239032] ==================================================================[69832.241810] BUG: KASAN: use-af...
CVE-2022-49271
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() withsmb_query_info::flags=PASSTHRU_FSCTL andsmb_query_info::output_buffer_length=0, the following would return0x10 buffer = memdup_use...
CVE-2022-49293
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: initialize registers in nft_do_chain() Initialize registers to avoid stack leak into userspace.
CVE-2022-49377
In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx blk_mq_run_hw_queues() could be run when there isn't queued request andafter queue is cleaned up, at that time tagset is freed, because tagsetlifetime is covered by driver, and ...
CVE-2022-49432
In the Linux kernel, the following vulnerability has been resolved: powerpc/xics: fix refcount leak in icp_opal_init() The of_find_compatible_node() function returns a node pointer withrefcount incremented, use of_node_put() on it when done.
CVE-2022-49468
In the Linux kernel, the following vulnerability has been resolved: thermal/core: Fix memory leak in __thermal_cooling_device_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888010080000 (size 264312):comm "182", pid 102533, jiffies 4296434960 (age...
CVE-2022-49481
In the Linux kernel, the following vulnerability has been resolved: regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt of_node_get() returns a node with refcount incremented.Calling of_node_put() to drop the reference when not needed anymore.
CVE-2022-49482
In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.
CVE-2022-49495
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,we need check the return value. Patchwork: https://patchwork.freedesktop.org/...
CVE-2022-49521
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of areceived frame, the frame is dropped and resources are leaked. Fix by returning resources when ...
CVE-2022-49542
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hardlockup call trace hangs the system. Call Trace:_raw_spin_lock_irqsave+0x32/0x40lpfc_dmp_...
CVE-2022-49609
In the Linux kernel, the following vulnerability has been resolved: power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe of_find_matching_node_and_match() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_...
CVE-2022-49610
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest'sSPEC_CTRL value is written, and the vmenter. Balanced returns (matched by a preceding call) are usually ok, but it's...
CVE-2022-49627
In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in ima_init_crypto() On failure to allocate the SHA1 tfm, IMA fails to initialize and exitswithout freeing the ima_algo_array. Add the missing kfree() forima_algo_array to avoid the potential memory l...
CVE-2022-49648
In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 ("tracing: fix double free") said, the"double free" problem reported by clang static analyzer is: In p...
CVE-2022-49685
In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irq_work has completed before the trigger is freed. ==================================================================BUG: KASAN: use-after-free in irq_work_run_list...
CVE-2022-49713
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we shouldcall usb_put_hcd to free it when platform_get_resource()fails to prevent memory leak.goto error2 label instead error1 to fix this.
CVE-2022-49725
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setup_tx_descriptors After PF reset and ethtool -t there was call trace in dmesgsometimes leading to panic. When there was some time, around 5seconds, between reset and test there were no errors. Problem was...
CVE-2022-49727
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will beoverflow. To fix, we can follow what udpv6 does and subtract thetranshdrlen from the max.
CVE-2022-49778
In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud The page table check trigger BUG_ON() unexpectedly when collapse hugepage: ------------[ cut here ]------------kernel BUG at mm/page_table_check.c:82!Internal error: Oops ...
CVE-2023-52799
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks thereis an array out of bounds while getting element in tp->dm_stree. To addthe required check for out of bound w...
CVE-2023-52801
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and islinked to domains_itree, pages_nodes have to be properlyreinserted. Otherwise the doma...
CVE-2023-52939
In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"),hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcgcould be NULl, th...
CVE-2023-53089
In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4_xattr_delete_inode Syzbot reported a hung task problem: INFO: task syz-executor232:5073 blocked for more than 143 seconds.Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0"echo 0 > /proc/sys/kern...
CVE-2023-53103
In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails syzbot reported a warning[1] where the bond device itself is a slave andwe try to enslave a non-ethernet device as the first slave which failsbut then in the err...
CVE-2023-53112
In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to store EUmask internally in UAPI format") exposed a potential out-of-boundsaccess, reported by UBSAN a...
CVE-2024-26637
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing aath11k to crash when it tried to delete the entries later. Fix this byrelying on mac80211 to delete the e...
CVE-2024-26666
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix RCU use in TDLS fast-xmit This looks up the link under RCU protection, but isn'tguaranteed to actually have protection. Fix that.
CVE-2024-26677
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial numberas they can't be used as an RTT reference.
CVE-2024-27418
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, andwe may leak an skb if mctp_local_output fails in specific states; theskb ownership isn't transferred unti...
CVE-2024-35850
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-p...
CVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer offthe stack to avoid leaking stack data through debugfs in case thebuild-info reply is malformed.
CVE-2024-36898
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncingin software, and the line is subsequently reconfigured to enable edgedetection then the allocation of the kfifo to contain e...
CVE-2024-36937
In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will setup the redirect destination information in struct bpf_redirect_info (usingthe __bpf_xdp_redirect_map...
CVE-2024-36947
In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positivesin subtree. For the cases when its argument has been kept alive bythe pinning alone that's exactly the right thing to do, but herethe ar...
CVE-2024-36948
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_migrate: Cast to output precision before multiplying operands Addressing potential overflow in result of multiplication of two lowerprecision (u32) operands before widening it to higher precision(u64). -v2Fix commit messa...
CVE-2024-36969
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculationof the number of slices will cause a division by zero driver crash. Thisleaves the kernel in a state t...
CVE-2024-38550
In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL ifCONFIG_PLAT_ORION macro is not defined.Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtestin...
CVE-2024-38606
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL)feature on a QAT device by sending the ICP_QAT_FW_TL_START message tothe firmware. This triggers the FW to start wr...
CVE-2024-38634
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken,Since we run it in a separate work, the lock may not be taken atthe time of running. Make sure...
CVE-2024-40916
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRMcore adds an artificial 1024x786 mode to the connector. Unfortunatelysome variants of...
CVE-2024-40936
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating thememregion to avoid the memregion leaks.
CVE-2024-41046
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incrementedwhich results in the same skb being released multiple times.
CVE-2024-42085
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger systemto enter suspend status with below command:echo mem > /sys/power/stateT...
CVE-2024-42095
In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered,if this Erroneous interrupt is not cleared then it may leadsto storm of interrupts, therefore apply Errata i2310 solution....
CVE-2024-42120
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessingthe array. This fixes an OVERRUN issue reported by Coverity.
CVE-2024-42149
In the Linux kernel, the following vulnerability has been resolved: fs: don't misleadingly warn during thaw operations The block device may have been frozen before it was claimed by afilesystem. Concurrently another process might try to mount thatfrozen block device and has temporarily claimed the ...