9872 matches found
CVE-2017-9986
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "dou...
CVE-2018-10074
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
CVE-2021-47150
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it shouldfree the memory allocated for the queues, otherwise it causesmemory leak. And if the memory allocated for the queue...
CVE-2021-47192
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero afterofflinining device") The problem is that after iSCSI recovery, iscsi...
CVE-2021-47206
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2021-47215
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contextsthat require some attention, to communicate their resync informationto the HW.Here we fix list corruptions, by protecting th...
CVE-2021-47261
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQfragments buffer cq->buf, or the temporary cq->resize_buf that is filledduring CQ resize operation. Howev...
CVE-2021-47302
In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning theTX ring. Failure to do so can cause invalid memory accesses. If igc_poll() runswhile the controller is being reset this...
CVE-2021-47303
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program release there is nohook to call map_poke_untrack(). However, on program release, the aux memory(and poke ...
CVE-2021-47305
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. Inthe error path, we weren't calling dma_fence_put() so all those fencesgot leaked. Also, in the krealloc_arr...
CVE-2021-47325
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling pathsof arm_smmu_iova_to_phys_hard(). When those error scenarios occur, thefunction forgets...
CVE-2021-47332
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer tofree_pages_exact(). Add a proper NULL check for avoiding possibleOops.
CVE-2021-47333
In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function.A device might be attached to root complex directly, in this case,bus->self(bridge) will be N...
CVE-2021-47361
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: If ida_simple_get() fails then this code calls put_device(carrier)but we haven't yet called get_device(carrier) and probably thatleads to a use after free. After device...
CVE-2021-47397
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL beforeusing it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in r...
CVE-2021-47398
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsignedlong long' and printed with %llx. Change %llx to %p to print the securedpointer.
CVE-2021-47417
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts.
CVE-2021-47422
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should becalled, otherwise the 'op' allocated in single_open() will be leaked.
CVE-2021-47431
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched withcorrespoding gart_enbale function in SRIOV case. This willlead to gart.bo pin_count leak on driver unload.
CVE-2021-47463
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() Check for a NULL page->mapping before dereferencing the mapping inpage_is_secretmem(), as the page's mapping can be nullified while gup()is running, e.g....
CVE-2021-47481
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but anerrant set to desc_size in reg_create() causes a crash: BUG: unable to handle page fault for address: ...
CVE-2021-47540
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_moderoutine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find...
CVE-2021-47553
In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of Ccode before finally leaving the kernel. When KASAN is in use, poisonedshadow is left around for each of the ac...
CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already calledby register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust againstmultipl...
CVE-2021-47594
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treversesall the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching the...
CVE-2021-47640
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24and PAGE_SHIFT is 12. It not only causes false positives butalso false negative as shown the following text. Fix i...
CVE-2021-47643
In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: free before error exiting Fix leak in error path.
CVE-2022-48673
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completedwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does notwait for it is done, but destroy...
CVE-2022-48741
In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recentlyintroduced warning message working.
CVE-2022-48814
In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_fre...
CVE-2022-48822
In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called fromffs_func_disable as part of composition switch and at thesame time ffs_epfile_release get called from userspace.ffs_epfile_release wi...
CVE-2022-48848
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd record -e all -M 10 -p osnoise --poll Resulted in the following kernel warning: ------------[ cut here ]------------WARNING: CPU: 0 PID: 1217 at...
CVE-2022-48860
In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcountincremented in this function. Calling of_node_put() to avoid therefcount leak. As the remove function do.
CVE-2022-48868
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded anddisabled when the driver is removed. When the driver is removed itassumes that the workqueue was ena...
CVE-2022-48875
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when adeauthentication is ongoing. Here a trace triggering the race with the hostapd testmulti_ap_fronthaul_on_ap: (...
CVE-2022-48916
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel paniccall trace/kernel log is shown in Eagle Stream platform (Sapphire RapidsCPU) during booting: pc...
CVE-2022-48950
In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after theevent is free()'d. There are two related but distinct cases: the task_work was already queued before destroying the event; destroyi...
CVE-2022-48994
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),indirect call targets are validated against the expected functionpointer prototype to make s...
CVE-2022-49071
In the Linux kernel, the following vulnerability has been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL.Other functions such as mipi_dbi_poweron_reset_conditional() only doa NULL pointer check and will otherwise deref...
CVE-2022-49138
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multipletimes for the same handle, the device is registered multiple times whichleads to memory corruptions. Th...
CVE-2022-49194
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and isaware that the relaxed variants are just normal loads and stores andthis is causing problems l...
CVE-2022-49202
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problemwas in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->devs...
CVE-2022-49203
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix double free during GPU reset on DC streams [Why]The issue only occurs during the GPU reset code path. We first backup the current state prior to commiting 0 streamsinternally from DM to DC. This state backup co...
CVE-2022-49222
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: anx7625: Fix overflow issue on reading EDID The length of EDID block can be longer than 256 bytes, so we should useint instead of u8 for the edid_pos variable.
CVE-2022-49225
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921s: fix a possible memory leak in mt7921_load_patch Always release fw data at the end of mt7921_load_patch routine.
CVE-2022-49237
In the Linux kernel, the following vulnerability has been resolved: ath11k: add missing of_node_put() to avoid leak The node pointer is returned by of_find_node_by_type()or of_parse_phandle() with refcount incremented. Callingof_node_put() to aovid the refcount leak.
CVE-2022-49249
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds accesson platforms like aarch64 where sizeof(long) is 8 compared to enum sizewhich is 4 bytes. ...
CVE-2022-49250
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing compander for aux AUX interpolator does not have compander, so check before accessingcompander data for this. Without this checkan array of out bounds access will be made incomp_enabled[] array...
CVE-2022-49262
In the Linux kernel, the following vulnerability has been resolved: crypto: octeontx2 - remove CONFIG_DM_CRYPT check No issues were found while using the driver with dm-crypt enabled. SoCONFIG_DM_CRYPT check in the driver can be removed. This also fixes the NULL pointer dereference in driver releas...
CVE-2022-49384
In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes thatfree io_acct_set in md_free and md_stop.