10174 matches found
CVE-2022-49966
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as itdoesn't need to make forward progress under memory pressure. Marking thisworkqueue as WQ_MEM_RECLAIM ...
CVE-2022-50046
In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the functionfails to grab the object xprt, it simply returns 0, forgetting todecrease the reference count ...
CVE-2023-52706
In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIOhog structures never being freed.
CVE-2023-53009
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svmif the initialization is not complete and application iswritting on the memory. Adding sync to wait for theinitialization completion ...
CVE-2023-53080
In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL onoverflow. Also remove a redundant u32 cast assigning umem->npgs.
CVE-2023-53135
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding functionwalk_stackframe randomly reads the stack and then, when KASAN is enabled,it can lead to the following ba...
CVE-2024-41026
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causesa kernel panic when this size exceeds the sg_miter's length. Limit the number of tra...
CVE-2024-42257
In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name isnot NUL terminated. The other strings were marked in commit 072ebb3bffe6("ext4: add nonstring annotations to ext4.h")....
CVE-2024-43875
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_b...
CVE-2024-44978
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put candestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d09...
CVE-2024-44980
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done bydisplay itself. However this is a bigger refactor that needs to be doneon both i915 and xe. For now, just fix the leak: unreferenced ...
CVE-2024-50241
In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early.cleanup_async_copy() will reference these fields if an error occursin nfsd4_copy(). If they are not correctly initialized,...
CVE-2024-50277
In the Linux kernel, the following vulnerability has been resolved: dm: fix a crash if blk_alloc_disk fails If blk_alloc_disk fails, the variable md->disk is set to an error value.cleanup_mapped_device will see that md->disk is non-NULL and it willattempt to access it, causing a crash on this...
CVE-2024-55642
In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned blockdevice always execute a zone report whenever a write BIO to a zonefails. The intent of this is to...
CVE-2024-56740
In the Linux kernel, the following vulnerability has been resolved: nfs/localio: must clear res.replen in nfs_local_read_done Otherwise memory corruption can occur due to NFSv3 LOCALIO readsleaving garbage in res.replen: nfs3_read_done() copies that into server->read_hdrsize; from therenfs3_proc...
CVE-2025-21709
In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dup_mmap() failures and uprobe registering If a memory allocation fails during dup_mmap(), the maple tree can be leftin an unsafe state for other iterators besides the exit path. All thelocks are dropp...
CVE-2025-21713
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used bydifferent iommu group, the spapr_tce_set_window() returns -EPERMand the subsequent cleanup leads to ...
CVE-2025-21817
In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several->store() callbacks(update_nr_requests, wbt, scheduler) to allocatememory with GFP_KERNEL which may run into d...
CVE-2025-21897
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is calledwithout preceding balance_scx()") added a workaround to handle the cas...
CVE-2025-37935
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it willjump to release_desc and refill the high word of the SDP on the 4GB RFB.Subsequently, mtk_rx_clean will pr...
CVE-2025-37940
In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced,the loop in ftrace_graph_set_hash() may take a lot of time to execute.This may trigger the softlockup wat...
CVE-2025-38086
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to callmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()utilises a local buffer called "buff", which is initialis...
CVE-2001-1400
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
CVE-2004-1057
Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.
CVE-2005-1589
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local user...
CVE-2006-5173
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a S...
CVE-2006-5749
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
CVE-2008-1294
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
CVE-2009-1243
net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure....
CVE-2011-4916
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
CVE-2012-6703
Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted...
CVE-2013-3230
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3237
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-4127
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.
CVE-2014-2889
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.
CVE-2021-47278
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pci_generic: Fix possible use-after-free in mhi_pci_remove() This driver's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be...
CVE-2021-47570
In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: fix a memory leak in rtw_wx_read32() Free "ptmp" before returning -EINVAL.
CVE-2021-47668
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe.Especially, the can_frame cf which aliases skb memory is accessedafter the netif_rx_ni() in:stats->rx_bytes += cf->len;...
CVE-2022-48803
In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bounddefined in phy-j721e-wiz.c. Add a sentinel entry to preventthe following global-out-of-bounds error reported by e...
CVE-2022-48874
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex isunlocked in fastrpc_map_lookup and the reference count increasing(fastrpc_map_get) in fastrpc_map_f...
CVE-2022-49198
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb Got crash when doing pressure test of mptcp: ===========================================================================dst_release: dst:ffffa06ce6e5c058...
CVE-2022-49391
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no needto free it explicitly in the remove function.
CVE-2022-49425
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit.Dereferencing it (cur->page in this case) could load an out-of-bounds/undefinedvalue making it u...
CVE-2022-49452
In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dma_unmap The TSO header was DMA unmapped before the virtual address was retrievedand then used to free the buffer. This meant that we were actuallyremoving the DMA map and then trying...
CVE-2022-49456
In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcu_read_lock in bond_ethtool_get_ts_info() asdiscussed [1], I didn't notice it could be called via setsockopt,which doesn't hold rcu lock, as syzbot pointed: stack backtrace:CPU...
CVE-2022-49464
In the Linux kernel, the following vulnerability has been resolved: erofs: fix buffer copy overflow of ztailpacking feature I got some KASAN report as below: [ 46.959738] ==================================================================[ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_tra...
CVE-2022-49763
In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrs_offset field in first...
CVE-2022-49784
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/uncore: Fix memory leak for events array When a CPU comes online, the per-CPU NB and LLC uncore contexts arefreed but not the events array within the context structure. Thiscauses a memory leak as identified by the kme...