9872 matches found
CVE-2022-49261
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vm_access A missing bounds check in vm_access() can lead to an out-of-bounds reador write in the adjacent memory area, since the len attribute is notvalidated before the memcpy later in t...
CVE-2022-49324
In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Add the missing of_node_put() to release the refcount incrementedby of_find_compatible_node().
CVE-2022-49336
In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as wewould otherwise try to remove the mapping twice, corrupting the involveddata structures.
CVE-2022-49352
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows:EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memoryEXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: m...
CVE-2022-49400
In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this:do_md_stop|__md_stop (pers->free(); mddev->private=NULL)|md_free (free mddev)__md_stop sets mddev->private to NULL after ...
CVE-2022-49421
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we shoulduse of_node_put() on it when not need anymore. Add missing of_node_put() toavoid refcount...
CVE-2022-49444
In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if (info->secstrings[strhdr->sh_size - 1] != '\0') { BUG: unable to handle page fault for address: ffffc90000aa...
CVE-2022-49522
In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) andlimit the maximum segment size based on the DMA engine's capabilities. Thisis needed to avoid w...
CVE-2022-49556
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybeless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the datathat PSP firmwar...
CVE-2022-49560
In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap.This was triggered by reproducer calling truncute with size 0,which causes the following trace: BUG: KASAN: slab-out-of-bounds in ex...
CVE-2022-49613
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() callsserial8250_console_setup() before .dev is set to uart_port. Therefore,it will not call pm_runtime_get_sync(). Later, when ...
CVE-2022-49667
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"),resolve case, when there is several aggregation groups in the same bond.bond_3ad_unbind_slave will inva...
CVE-2022-49676
In the Linux kernel, the following vulnerability has been resolved: memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_nod...
CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid hasbeen obtained. Just move the version check earlier.
CVE-2022-49722
In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled,when it requests a reset. If PF driver assumes that VF is disabled,while VF still has queues configured, VF may unmap...
CVE-2022-49724
In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this splat when the driveris unbound: WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irqTrying to free already-free IRQ 65Call Trace:war...
CVE-2022-49749
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflowby depending on the values of the given parameters including the ic_clk.For example...
CVE-2022-49890
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() tocomplete the memory allocation of tmpbuf, if we have completedthe memory allocation of tmpbu...
CVE-2023-22997
In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-52681
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, weshould ensure that we free it again when the superblock goes away.
CVE-2023-52702
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() old_meter needs to be free after it is detached regardless of whetherthe new meter is successfully attached.
CVE-2023-52737
In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locksa file range in the inode's io tree. This however can lead to a deadlockif we have a concurrent fs...
CVE-2023-52780
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checksleads to kernel crashes.First the page pool is only available if the bm is not used.The page pool is also not allocated wh...
CVE-2023-52790
In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can besmaller than IO_TLB_SEGSIZE, but the free list is initialized with theassumption that...
CVE-2023-52829
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected valuein case some errors happen. As a result out-of-bound write may occur tosoc-&g...
CVE-2023-52851
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL inmlx5_mkey_cache_init(), delete the call tomlx5r_umr_resource_cleanup() (which f...
CVE-2023-52852
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace:__memcpy+0x128/0x250f2fs_read_multi_pages+0x940/0xf7cf2fs_mpage_readpages+0x5a8/0x624f2fs_readahead+0x5c/0x110page_cache_ra_unbounded+0x1b8/0x590do_sync_mmap_readahead+0...
CVE-2023-52860
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplugcallbacks after the device has been unregistered, leading to firew...
CVE-2023-52871
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, evena failed probe call would modify the global drv_data pointer. So checkif drv_data is valid befor...
CVE-2023-53086
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb orsdio devices. This patch fixes the crash reported below: [ 21.946627] wlp0s3u1i3: authenticate wi...
CVE-2023-53095
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removedfrom an object. The locking rules here are a bit unclear but it lookscurrently like res->bo assignment is protected ...
CVE-2023-53103
In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails syzbot reported a warning[1] where the bond device itself is a slave andwe try to enslave a non-ethernet device as the first slave which failsbut then in the err...
CVE-2023-53117
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
CVE-2024-26683
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: detect stuck ECSA element in probe resp We recently added some validation that we don't try toconnect to an AP that is currently in a channel switchprocess, since that might want the channel to be quietor we might n...
CVE-2024-26692
In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression whenmaximum write size is set by the server to an unexpected value which isnot a multiple o...
CVE-2024-26781
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/...
CVE-2024-35792
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize callas the latter can free the request.
CVE-2024-35856
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter dan...
CVE-2024-35914
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parentshaving no common ancestor") added an error bail out path. However thispath does not drop the remount protection th...
CVE-2024-35971
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there areany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()implementation is guarded by l...
CVE-2024-36001
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGHor O_*SYNC or RWF_*SYNC was specified, write-through caching is performedon a buffered ...
CVE-2024-38606
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL)feature on a QAT device by sending the ICP_QAT_FW_TL_START message tothe firmware. This triggers the FW to start wr...
CVE-2024-39492
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown The return value of pm_runtime_get_sync() in cmdq_mbox_shutdown()will return 1 when pm runtime state is active, and we don't want toget the warning message in th...
CVE-2024-40947
In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010PGD 42f873067 P4D 0Oops: 0000 [#1] SMP NOPTICPU: 5 PID: 1286325 Com...
CVE-2024-41004
In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock(get a reference) those event file reference in module init function,and unlock and delete it in module ex...
CVE-2024-42091
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform orwhen running as a VF. While the former is unlikely, the latteris valid (future) use case and will cause NPD when some...
CVE-2024-42137
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closedserdev") will cause below regression issue: BT can't be enabled after below steps:cold...
CVE-2024-43818
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no suchdevice, ACPI table error, reference count drop to 0, etc).Existing check just emit error messag...
CVE-2024-43859
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fs_file_open() chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011fscrypt_set_bio_crypt_ctx+0x78/0x1e8f2fs_grab_...
CVE-2024-43864
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the oldone when updating CT entry. But if failed to allocate a new one, eg.exceed the max number firmware can s...