9871 matches found
CVE-2021-47349
In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...
CVE-2021-47533
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before acommit") introduced a wait on the previous commit done on a given HVSFIFO. However, we never cleared ...
CVE-2022-48719
In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock:ffffffff8d4dd370 (&tbl->lock){+...
CVE-2022-48795
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018[1274934.746891] CPU: 3 PID: 5549 Comm: ...
CVE-2022-48966
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkedingto ...
CVE-2022-49403
In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must toautomatically release strarray when the device disappears. Without this fix we have a memory l...
CVE-2022-49500
In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack parameters can nolonger be used for DMA and now leads to kernel panic. It happens at several places for the wl1251 (e.g. whenaccessed throu...
CVE-2022-49809
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy ofskb, the new skb should be freed in the undersized/fragmented skberror handling path. Otherwise there is a memory l...
CVE-2022-49826
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(),ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() i...
CVE-2022-49881
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicatedusing kmemdup() and subsequently freed in regdb_fw_cb(). However,request_firmware_nowait() can fail without ...
CVE-2023-23002
In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-52770
In the Linux kernel, the following vulnerability has been resolved: f2fs: split initial and dynamic conditions for extent_cache Let's allocate the extent_cache tree without dynamic conditions to avoid amissing condition causing a panic as below. create a file w/ a compressed flag disable the compre...
CVE-2023-52807
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesceinfo, but if the kernel adds a new mode or a new state,out-of-bounds access may occu...
CVE-2023-52996
In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type)continue;if (type > RTAX_MAX)return false;...fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to preventcpu...
CVE-2023-53031
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEPand CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: pe...
CVE-2023-53043
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent If the controller is not marked as cache coherent, then kernel willtry to ensure coherency during dma-ops and that may cause data corruption.So, mark the PCIe node as...
CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after havingrefactored the passive socket initialization part: BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260Read o...
CVE-2024-26762
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While theexpectation is that a PCI device can escalate to link reset to recoverfrom an AER event, the same...
CVE-2024-35836
In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirelyfreed (other kernel module instance of the same PCI device have had keptthe reference to that pin), and kernel modul...
CVE-2024-42111
In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG]Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277Read of ...
CVE-2024-42112
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still beinghandled in the device remove routine, before free IRQs. So isb memoryis still read after it is freed. Thus move wx...
CVE-2024-42303
In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case oferror.
CVE-2024-42317
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...
CVE-2024-43827
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.
CVE-2024-44968
In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer morereliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers ho...
CVE-2024-44976
In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashingin pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fixmax_segment_size with PAGE_SIZE == 64K"). For example: kerne...
CVE-2024-45017
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...
CVE-2024-45029
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to amutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid c...
CVE-2024-46690
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirmingfl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()tests fl_lmops ...
CVE-2024-46712
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them usingaccelerated apis. Without 3d the entire content of dumb buffers staysin the guest making all of the extra work ...
CVE-2024-46850
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipecontext passed to dcn35_set_drr() is a member of this resource context. If dc_state...
CVE-2024-49876
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on arandom system wq, which will outlive the driver instance. With badtiming we can teardown the driver with one or more work wo...
CVE-2024-49984
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...
CVE-2024-49990
In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capabilitycheck. Add gsc structure check to avoid null pointer error.
CVE-2024-50034
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the factsthat when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel NULL pointer derefe...
CVE-2024-50161
In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, itdoesn't check the remaining info_cnt. The following splat will bereported when the value of ret * nele...
CVE-2024-50174
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal arraywhen entries are being simultaneously added and removed. However thereis still a race betwee...
CVE-2024-50294
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it beingqueued for connection and the I/O thread picking up the call, the abortwill be prioritised over the connection...
CVE-2024-56537
In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer inzynqmp_disp_create_layers
CVE-2024-56682
In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSIdomain will be missing, which causes a NULL pointer dereference inmsi_create_device_irq_domain(). Av...
CVE-2024-57799
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked beforeplatform_set_drvdata() is executed in ->probe(), leading to a NULLpointer dereference when us...
CVE-2024-57998
In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make surewe do not read a freq out of the opp->rates[] table when calledfrom the indexed variants:dev_pm_opp_f...
CVE-2024-58006
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() updateinbound map address") set_bar() was modified to support dynamicallychanging the backing p...
CVE-2024-58084
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitqcompletion variable initialization") introduced a write barrier in probefunction to store glob...
CVE-2025-21801
In the Linux kernel, the following vulnerability has been resolved: net: ravb: Fix missing rtnl lock in suspend/resume path Fix the suspend/resume path by ensuring the rtnl lock is held whererequired. Calls to ravb_open, ravb_close and wol operations must beperformed under the rtnl lock to prevent ...
CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITYattribute to receive HFI events from kernel space, encounters asegmentation faul...
CVE-2025-21874
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors,which should be done only ...
CVE-2025-21902
In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copyof the register values in an opregion. The ACPI implementation in theBIOS ensures that the opregion content...
CVE-2025-21929
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the rmmod operation for the intel_ishtp_hid driver, ause-after-free issue can occur in the hid_ishtp_cl_remove() function.The function hid_ishtp_cl_deinit...
CVE-2025-21946
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsdstruct size. If it is smaller, It could cause slab-out-of-bounds.And when validating sid, It need to check it inclu...