9994 matches found
CVE-2023-52899
In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will betriggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_compl...
CVE-2023-52912
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows:[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278![ 377.706215] invalid opcode: 0000 [#1] PREE...
CVE-2023-53042
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY]Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as apipe commit can cause underflow.
CVE-2023-53095
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removedfrom an object. The locking rules here are a bit unclear but it lookscurrently like res->bo assignment is protected ...
CVE-2024-26723
In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a laginterface. The issue can be reproduced like this:ip link add name bond0 type bond miimon 100 mode balance-xo...
CVE-2024-26753
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less thansizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes fromstack variable leads stack overflow. Clang re...
CVE-2024-26823
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirksapplicable to ACPI-based platforms was lost. As a result, systems such asHIP07 lose their GICv4 f...
CVE-2024-26841
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & callingclear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative count!...
CVE-2024-26902
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned longoverflowed_ctrs, use BIT() instead. This panic happens when running'perf record -e branches' on sophgo sg2042. ...
CVE-2024-27408
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory asthe eDMA controller register. If the doorbell register is toggled befo...
CVE-2024-27411
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly.This is likely not as big an issue on systems where the NVGPU...
CVE-2024-35825
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TXset to 65536, it has been observed that we receive short packets,which come at interval of 5-10 seconds someti...
CVE-2024-35956
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all usebtrfs_subvolume_reserve_metadata() to reserve metadata for the changesdone to the parent subvolume's ...
CVE-2024-35961
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, thedriver will report the error to user via devlink. This will triggera WARN_ON, since mlx5 is calling devlink_register...
CVE-2024-35968
In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCIreset on itself via pci_reset_function() in the context of the driver'shealth thread. However, pdsc_...
CVE-2024-35994
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fieldsfor request and response buffers, uefisecapp expects them both to be ina single memory reg...
CVE-2024-36887
In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaroundfor sporadic MDI error on Meteor Lake systems"). The referenced commitused usleep_range inside the PHY acc...
CVE-2024-36892
In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object freeingseparately") splits single and bulk object freeing in two functionsslab_free() and slab_free_bulk...
CVE-2024-36910
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is shared. Caller...
CVE-2024-37354
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys inbtrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)-------...
CVE-2024-38593
In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fix receiving the timestamp in the frame for lan8841 The blamed commit started to use the ptp workqueue to get the secondpart of the timestamp. And when the port was set down, then thisworkqueue is stopped. But if the ...
CVE-2024-38594
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: move the EST lock to struct stmmac_priv Reinitialize the whole EST structure would also reset the mutexlock which is embedded in the EST structure, and then triggerthe following warning. To address this, move the lock ...
CVE-2024-38607
In the Linux kernel, the following vulnerability has been resolved: macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" The via-macii ADB driver calls request_irq() after disabling hardinterrupts. But disabling interrupts isn't necessary here because theVIA shift register ...
CVE-2024-38620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use soremove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...
CVE-2024-39462
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
CVE-2024-40999
In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the firstdescriptor in multi-buffer packets.In case of an invalid descriptor, a reset will occur.A new reset reason for RX dat...
CVE-2024-41074
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the requestcorresponding to the random id. And the request may have not been read yet. Note that when the...
CVE-2024-41087
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jumpto the err_out label, which will call devres_release_group().devres_release_group() will trigger a call to ata_host...
CVE-2024-42241
In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can't be supported by xarr...
CVE-2024-43824
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, usethe cached pci_epf_test::epc_features value to avoid the NULL check....
CVE-2024-43825
In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended.It could result in an out-of-bounds access when the time is zero. Here are more details: ...
CVE-2024-43829
In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error ifit fails in order to avoid NULL pointer dereference.
CVE-2024-44988
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID couldbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).
CVE-2024-45011
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that thedriver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN an...
CVE-2024-46674
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thuserror path "undo_platform_dev_alloc" is entirely bogus. It drops thereference count from ...
CVE-2024-46680
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, whenrunning the load/unload test over multiple iterations. modprobe btnxpuart hciconfig hci0 reset...
CVE-2024-46796
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned-EINVAL, we need to call cifs_get_writable_path() before retrying itas the reference of @cfile was alread...
CVE-2024-46798
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, CONFIG_KASAN=y CONFIG_KASAN_GENERIC=y CONFIG_KASAN_INLINE=y CONFIG_KASAN_VMALLOC=y CONFIG_FRAME_WARN=4096 kernel detects that snd...
CVE-2024-46829
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In thegood case it returns with the lock held and in the deadlock case it emits awarning and goes into an endle...
CVE-2024-47751
In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared topcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would leadto an overflow. Thus, fix co...
CVE-2024-49908
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) This commit adds a null check for the 'afb' variable in theamdgpu_dm_update_cursor function. Previously, 'afb' was assumed to benull at line 8388, but was us...
CVE-2024-49940
In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. Whenthe session refcount drops to 0, l2tp_session_free drops the tunnelrefcount if session->tunnel is non-NULL. How...
CVE-2024-50020
In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() This patch addresses an issue with improper reference count handling in theice_sriov_set_msix_vec_count() function. First, the function calls ice_get_vf_by_id...
CVE-2024-50178
In the Linux kernel, the following vulnerability has been resolved: cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Use raw_smp_processor_id() instead of plain smp_processor_id() indo_service_request(), otherwise we may get some errors with the driverenabled: BUG: using smp_p...
CVE-2024-53049
In the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof 'modprobe slub_kunit' will have a warning as shown below. The root causeis that __kmalloc_cache_noprof was directly used, which resulted in noalloc_tag being allocat...
CVE-2024-56702
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries thesemantics that the pointer will be non-NULL. However, in certain cases,a raw tracepoint argument may end up being ...
CVE-2024-57921
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously,the tester found a system hang / race condition issue withthe multi-display configuration setting. Adding a lo...
CVE-2024-58056
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Fix ida_free call while not allocated In the rproc_alloc() function, on error, put_device(&rproc->dev) iscalled, leading to the call of the rproc_type_release() function.An error can occurs before ida_alloc is ...
CVE-2024-58061
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARN_ON, but thatshould remain since internally we want to know about bugsthat may cause this. Prevent deactivating all links in thedebugfs wr...
CVE-2025-21750
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on myMacBookPro14,3. The property doesn't exist and 'tmp' remainsuninitialized, so we pass a rando...