9871 matches found
CVE-2022-48784
In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race wherethe exact same deadlock (see the original commit referencedbelow) can still happen if cfg80211_destroy_ifaces() alr...
CVE-2022-48797
In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption withhis Gaudi accelerator test load: "All the details are in the bug, but the bottom line is that someh...
CVE-2022-48833
In the Linux kernel, the following vulnerability has been resolved: btrfs: skip reserved bytes warning on unmount after log cleanup failure After the recent changes made by commit c2e39305299f01 ("btrfs: clearextent buffer uptodate when we fail to write it") and its followup fix,commit 651740a50241...
CVE-2022-48844
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leakit contents.
CVE-2022-48880
In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, therequest should be freed via ssam_request_sync_free(). Currently it isleaked instead. Fix ...
CVE-2022-48924
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32):comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s)...
CVE-2022-48927
In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels +timestamp channel. On other side we have an array allocated only forphysical chann...
CVE-2022-48970
In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() 0 , and Paolo diagnosedthe root cause: in unix_diag_get_exact(), the newly allocated skb does nothave sk. 2 We must get the u...
CVE-2022-48982
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to beregistered twice causing the following kernel panic: [ 71.986122] Call Trace:[ 71.986124] [ 71.986125] block...
CVE-2022-49064
In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakageoccurs in cachefiles_open_file(), Cachefiles will complain "Inodealready in use" when later another cookie with the s...
CVE-2022-49234
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chipnotifications. On a system like this: .-----. .-----. .-----.| sw1 +---+ sw2 +---+ sw3 |'-1-2-' '-1-2-' '-1-2-' Before t...
CVE-2022-49380
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable C...
CVE-2022-49417
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULLpointer. Coverity CID: 1497650
CVE-2022-49428
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inline_dots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215765 It will cause a kernel panic with steps: mkdir mnt mount tmp40.img mnt ls mnt folio_mark_dirty+0x...
CVE-2022-49458
In the Linux kernel, the following vulnerability has been resolved: drm/msm: don't free the IRQ if it was not requested As msm_drm_uninit() is called from the msm_drm_init() error path,additional care should be necessary as not to call the free_irq() forthe IRQ that was not requested before (becaus...
CVE-2022-49479
In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skbgetting added to the status tracking idr after that idr has already beencleaned up, which wi...
CVE-2022-49540
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keepingonline cpumask stable. The transient online mask results in belowcalltrace. [ 0.324121] CPU1: Booted secondary proce...
CVE-2022-49550
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: provide block_invalidate_folio to fix memory leak The ntfs3 filesystem lacks the 'invalidate_folio' method and it causesmemory leak. If you write to the filesystem and then unmount it, thecached written data are not freed...
CVE-2022-49558
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path whichunregisters the hooks, then the NETDEV_UNREGISTER event is triggeredwhich unregisters the hooks again. [ 5...
CVE-2022-49842
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60Read of size 8 at addr ffff888008655050 by task rmmod/387CPU: 2 PID: 387 Comm: rmmodHardware name:...
CVE-2023-52682
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to callf2fs_wait_on_block_writeback() to wait for GCed page writebackin IPU write path. Thread A GC-Thread- f2fs_gc- do_ga...
CVE-2023-52701
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb->mark syzbot found arm64 builds would crash in sock_recv_mark()when CONFIG_HARDENED_USERCOPY=y x86 and powerpc are not detecting the issue becausethey define user_access_begin.This will b...
CVE-2023-52705
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the secondsuperblock, underflows when the argument device size is less than 4096bytes. Therefore, when us...
CVE-2023-52765
In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has beenregistered that means that it is also bound t...
CVE-2023-52782
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Ensure the skb is available in metadata mapping to skbs before tracking themetadata index for detecting undelivered CQEs. If the metadata index is putin the t...
CVE-2023-52792
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error incxl_region_attach()") tried to avoid 'eiw' initialization errors when->nr_targets ex...
CVE-2023-52848
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop meta_inode's page cache in f2fs_put_super() syzbot reports a kernel bug as below: F2FS-fs (loop1): detect filesystem reference count leak during umount, type: 10, count: 1kernel BUG at fs/f2fs/super.c:1639!CPU: 0 ...
CVE-2023-52879
In the Linux kernel, the following vulnerability has been resolved: tracing: Have trace_event_file have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' > kprobe_events exec 5>>events/kprobes/sched/enable > kprobe_events exec 5>&- The ab...
CVE-2023-52906
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has avalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalidcombination according to the comment ab...
CVE-2023-52985
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fecdriver tries to power down the phy which leads to crash of the kerneland non-responsible kernel with the follo...
CVE-2023-53000
In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from__nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) { /* error or continue */ } @...
CVE-2023-53044
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error fromdm_stats_init() if it fails. Update alloc_dev() to fail ifdm_stats_init() does. Otherwise, a NULL pointer dereferenc...
CVE-2023-53047
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that maylead to use-after-free. For instance, in amdtee_open_session() aftersess->sess_mask is set, and before set...
CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
CVE-2024-33847
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: mkfs.f2fs -O extra_attr,compression -f /dev/vdb mount /dev/vdb /mnt/f2fs touch /mnt/f2fs/file f2fs_io set...
CVE-2024-36965
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to theSystem Companion Processor, and it's not granted that both the SRAM(L2TCM) size that is defined in the de...
CVE-2024-38547
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries()is followed with a dereference of mycs->yuv_scaler_binary after thefollo...
CVE-2024-38566
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is validand non-NULL when 'socket' pointer itself is trusted and non-NULL.That may not be the case when socket was just creat...
CVE-2024-38569
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through followingcmd [1], but the driver does not check whether the array index is out ofbounds when writing ...
CVE-2024-39465
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parentdirectory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc tags]
CVE-2024-39510
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restorecommand: ==================================================================BUG: KASAN...
CVE-2024-40918
In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problemswith random segmentation faults for many years. Systems with earlierprocessors are much more stable....
CVE-2024-41003
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reg_set_min_max corruption of fake_reg Juan reported that after doing some changes to buzzer [0] and implementinga new fuzzing strategy guided by coverage, they noticed the following inone of the probes: [...]13: (79) r6 =...
CVE-2024-41033
In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat() is flushing stats, which can sleep, in itsRCU read section (see 1 ). This is done in the workingset_test_recent()step (which checks if the folio's evict...
CVE-2024-42088
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Commit e70b8dd26711 ("ASoC: mediatek: mt8195: Remove afe-dai componentand rework codec link") removed the codec entry for the ETDM1_OUT_BEdai link entirely instea...
CVE-2024-42113
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.Thus there will be kernel panic in wx_alloc_q_vectors() to allocatequeue vectors.
CVE-2024-42128
In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register()so they are automatically unregistered after module's remove() is done.led_classdev_unregister() ca...
CVE-2024-42256
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will callcifs_prepare_write() which will make cifs repick the server for the opbefore renegotiating credits; it then calls cifs_iss...
CVE-2024-42293
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Fix lockless walks with static and dynamic page-table folding Lina reports random oopsen originating from the fast GUP code when16K pages are used with 4-level page-tables, the fourth level beingfolded at runtime due to ...
CVE-2024-42319
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with conditionpm_runtime_get_sync()