CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’:fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between1 and 7 bytes i...

CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") addedsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches toshadow_stack temporarily before switching...

CVE-2023-52839

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: [ 444.364395...

CVE-2023-52897

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG]There are some reports from the mailing list that since v6.1 kernel, theWARN_ON() inside btrfs_qgroup_account_extent() gets triggered duringrescan: WARNING: CPU:...

CVE-2023-52909

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating aregular NFSv4 file") added the ability to cache an open fd over acompound. There are a couple of pr...

CVE-2023-52979

In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' canbecome less than zero. This leads to the incorrect computation of 'len'and 'indexes' values which...

CVE-2023-52983

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"),bic->bfqq will be accessed in bic_set_bfqq(), however, in some contextbic->bfqq will be freed, and b...

CVE-2023-53029

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aurafree") uses the get/put_cpu() to protect the usage of percpu pointerin ->aura_freeptr() callback, b...

CVE-2023-53044

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error fromdm_stats_init() if it fails. Update alloc_dev() to fail ifdm_stats_init() does. Otherwise, a NULL pointer dereferenc...

CVE-2023-53062

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger thanthe actual socket buffer length. In such case the clonedskb passed up the network stack will leak kernel memory conten...

CVE-2023-53075

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_recRead of size 8 at addr ffff000199270ff0 by task modprobeCPU: 2 Comm: modprobeCall trace:kasan...

CVE-2023-53097

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. To make things simpler, justcall debugfs_lookup_and_remove(...

CVE-2023-53123

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when theybelong to a multi-function device. In particular on an SR-IOV device VFsmay be removed and ...

CVE-2023-53131

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever gettingcalled. If that happens the svc_rqst will not be cleaned up.

CVE-2023-53146

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].bufis null and msg[i].len is zero, former checks on msg[i].buf would bepassed. Malicious data finally reach d...

CVE-2024-32936

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that. This can lead to kernel cra...

CVE-2024-35834

In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to producedescriptor to XSK Rx queue.

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possiblefor a migration job to be stuck behind a fault if migration exec queueshares engines with use...

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG]Since v6.8 there are rare kernel crashes reported by various people,the common factor is bad page status error messages like this: BUG: Bad page state in proces...

CVE-2024-38557

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of itsrepresentors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor load...

CVE-2024-40955

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$dis...

CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification:If a UD request packet is detected with an invalid length, the requestshall be an invalid request and it shall be silently dropped by...

CVE-2024-42251

In the Linux kernel, the following vulnerability has been resolved: mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------[ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275![ 275.268526][ T433...

CVE-2024-42257

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name isnot NUL terminated. The other strings were marked in commit 072ebb3bffe6("ext4: add nonstring annotations to ext4.h")....

CVE-2024-45023

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible,however, if valid data only lands in slow disks, and a new normal diskis still in recovery, unrec...

CVE-2024-46699

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable preemption while updating GPU stats We forgot to disable preemption around the write_seqcount_begin/end() pairwhile updating GPU stats: [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.is...

CVE-2024-46703

In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms thatdont use PM dom...

CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs oncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAMchunk. v2: Always use 2M pages for last chunk (Fei Y...

CVE-2024-46764

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btf_name_valid_section() If the length of the name string is 1 and the value of name[0] is NULLbyte, an OOB vulnerability occurs in btf_name_valid_section() and thereturn value is true, so the inv...

CVE-2024-46808

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range [Why & How]ASSERT if return NULL from kcalloc.

CVE-2024-46825

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() isnormally called with input from the firmware, so it should useIWL_FW_CHECK() instead of WARN_ON().

CVE-2024-46831

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checkingthe return code of vcap_del_rule.

CVE-2024-46870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why]DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - whichworks fine for ASIC without IPS, ...

CVE-2024-47683

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why]Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOP...

CVE-2024-47688

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix a potential null-ptr-deref in module_add_driver() Inject fault while probing of-fpga-region, if kasprintf() fails inmodule_add_driver(), the second sysfs_remove_link() in exit path will causenull-ptr-deref as below...

CVE-2024-47733

In the Linux kernel, the following vulnerability has been resolved: netfs: Delete subtree of 'fs/netfs' when netfs module exits In netfs_init() or fscache_proc_init(), we create dentry under 'fs/netfs',but in netfs_exit(), we only delete the proc entry of 'fs/netfs' withoutdeleting its subtree. Thi...

CVE-2024-49932

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if thefilesystem is backed by a RAID stripe tree we can get ENOENT (e.g. due topreallocated extents not being mappe...

CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled.__dev_queue_xmit has the following: /* Disable...

CVE-2024-50289

In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch:drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability ...

CVE-2024-50291

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index wasfor a valid buffer. Add this check.

CVE-2024-53238

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: adjust the position to init iso data anchor MediaTek iso data anchor init should be moved to where MediaTekclaims iso data interface.If there is an unexpected BT usb disconnect during setup flow,it will cause a NU...

CVE-2024-57990

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of boundsread and write.

CVE-2025-21876

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit ("iommu/vt-d: Allocate DMAR fault interruptslocally") moved the call to enable_drhd_fault_handling() to a codepath that does not hold any lock while traversing the drhd list. Fixit by en...

CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it ispossible for a server reboot to triggeer an open reclaim, with can againrace with the application ...

CVE-2025-21906

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then wedo call iwl_mvm_roc_finished() here, but that won't do anythingat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.Se...

CVE-2025-21915

In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, whichincludes both driver_override_sh...

CVE-2025-22084

In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includesdevm_serdev_device_open()) before setting the client ops viaserdev_device_set_client_ops(). This ordering can trigger...

CVE-2025-22098

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Instead of attempting the same mutex twice, lock and unlock it. This bug has been detected by the Clang thread-safety analyzer.

CVE-2025-22099

In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init devm_kasprintf() calls can return null pointers on failure.But some return values were not checked in zynqmp_audio_init(). Add NULL check in zynqmp_audio_init(), avoid re...

CVE-2025-22110

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error It is possible that ctx in nfqnl_build_packet_message() could be usedbefore it is properly initialize, which is only initializedby nfqnl_get_sk_secctx(). T...