9994 matches found
CVE-2016-10764
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
CVE-2016-5400
Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs...
CVE-2016-9777
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioa...
CVE-2017-18200
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.
CVE-2021-47100
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko,the system crashed. The log as follows:[ 141.087026] BUG: unable to handle kernel paging re...
CVE-2021-47111
In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the threadreturns (which can be triggered by the frontend) before the call tokthread_stop done as part of the backend tear...
CVE-2021-47182
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: The allocation length field of the MODE SENSE(10) command is 16-bits,occupying bytes 7 and 8 of the CDB....
CVE-2021-47252
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the timethe OGM was queued for transmission and when the OGM is actuallytransmitted by the worker. But WARN_ON must be...
CVE-2021-47281
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open()should have managed the concurrent accesses. It looks as if it'schecking the already existing timer instance at the begi...
CVE-2021-47288
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() whileaddressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:...
CVE-2021-47297
In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the objectmsg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsgwhich is defined in ___sys_sendmsg. So we cann't just judgemsg-...
CVE-2021-47314
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for privatestructure. Fix this by using resource-managed allocation.
CVE-2021-47395
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotaproutine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at ...
CVE-2021-47410
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driverdisconnects from a device, devm_memunmap_pages anddevm_release_mem_region calls in svm_migrate_fini are redundant. It causes be...
CVE-2021-47612
In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails thennfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]CPU: 0 PID: 25 ...
CVE-2021-47636
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds infollowing process: ubifs_wbuf_write_nolock():aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_le...
CVE-2021-47642
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However,given the 'static' scope of nvidia_setup_i2c_bus() it lookslike that can't happen after examiniing the call ...
CVE-2022-3110
An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.
CVE-2022-48670
In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit()is called, which causes refcount for device to be decremented and.release callback will be triggered. Because ad...
CVE-2022-48694
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQafter QP is in error target the wrong CQ. This causes theib_drain_sq to hang with no completion. Fix this to generate complet...
CVE-2022-48788
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queuestate before preparing the AER command and scheduling io_work, in orderto fully prevent a...
CVE-2022-48805
In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can betriggered by a malicious (or defective) USB device, in particular: The metadata array (hdr_off..hd...
CVE-2022-48909
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_workif (sk->sk_state == SMC_INIT)send_clc_confirimtcp_abort();...sk.sk_state = SMC_ACTIVEsmc_close_activesw...
CVE-2022-49027
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver()failed. Call destroy_workqueue() when pci_register_driver() failed toprevent the resource leak. Similar to the ...
CVE-2022-49137
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path inamdgpu_cs_fence_to_handle_ioctl(). When info->in.what falls intodefault case, the function simply returns -EINVAL, forgetti...
CVE-2022-49164
In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes aproblem in treclaim where a SLB miss can occur on thethread_struct->ckpt_regs while SCRATCH0 is live with the ...
CVE-2022-49232
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()is assigned to mode and is passed to drm_mode_probed_add() directly ...
CVE-2022-49286
In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ exposure of the chip->tpm_mutex was remo...
CVE-2022-49315
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() There is a deadlock in rtllib_beacons_stop(), which is shownbelow: (Thread 1) | (Thread 2)| rtllib_send_beacon()rtllib_beacons_stop() | mod_timer()spin_lock_irqsave(...
CVE-2022-49418
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. Send along the already-allocated fattr along with nfs4_fs_locations, anddrop the memcpy of fattr. We end up growing two more allocations, but thisfixes up a crash as: ...
CVE-2022-49422
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resourcesare leaking. Add the needed error handling path to fix the leak.
CVE-2022-49448
In the Linux kernel, the following vulnerability has been resolved: soc: bcm: Check for NULL return of devm_kzalloc() As the potential failure of allocation, devm_kzalloc() may return NULL. Thenthe 'pd->pmb' and the follow lines of code may bring null pointer dereference. Therefore, it is better...
CVE-2022-49497
In the Linux kernel, the following vulnerability has been resolved: net: remove two BUG() from skb_checksum_help() I have a syzbot report that managed to get a crash in skb_checksum_help() If syzbot can trigger these BUG(), it makes sense to replacethem with more friendly WARN_ON_ONCE() since skb_c...
CVE-2022-49498
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the assignment of pointer cardbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.Althoug...
CVE-2022-49501
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()")sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix i...
CVE-2022-49517
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() withrefcount incremented in this function.Calling of_node_put() to avoid the refcount leak.
CVE-2022-49569
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers In case a IRQ based transfer times out the bcm2835_spi_handle_err()function is called. Since commit 1513ceee70f2 ("spi: bcm2835: Dropdma_pending f...
CVE-2022-49621
In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fix refcount leak bug In pmac_cpufreq_init_MacRISC3(), we need to add correspondingof_node_put() for the three node pointers whose refcount havebeen incremented by of_find_node_by_name().
CVE-2022-49640
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec_minmax(). A sysctl variable is accessed concurrently, and there is always a chanceof data-race. So, all readers and writers need some basic protection toavoid load/store-tearing. This patch ...
CVE-2022-49649
In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue xenvif_rx_next_skb() is expecting the rx queue not being empty, butin case the loop in xenvif_rx_action() is doing multiple iterations,the availability of anot...
CVE-2022-49701
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed forevery CRQ connection event such as reset and LPM. This exposes the driverto a couple issu...
CVE-2023-1032
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
CVE-2023-38429
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
CVE-2023-52512
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO indexvalidity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVAC...
CVE-2023-52742
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: Azero-length control-OUT transfer was treated as a read instead of awrite. In modern kernels this error provokes a WARNI...
CVE-2023-52816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int'[ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu[ 567.61450...
CVE-2023-52856
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, callsdrm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only for connectorsexplicit...
CVE-2023-53086
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb orsdio devices. This patch fixes the crash reported below: [ 21.946627] wlp0s3u1i3: authenticate wi...
CVE-2023-53117
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
CVE-2024-26721
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPSregister") defines a new macro to calculate the DSC PPS registeraddresses with PPS number as a...