9842 matches found
CVE-2022-49857
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() When prestera_sdma_switch_init() failed, the memory pointed to bysw->rxtx isn't released. Fix it. Only be compiled, not be tested.
CVE-2022-49867
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_wwan_dellink IOSM driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This p...
CVE-2022-49896
In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak When a cxl_nvdimm object goes through a ->remove() event (devicephysically removed, nvdimm-bridge disabled, or nvdimm device disabled),then any associated regions must also be di...
CVE-2022-49899
In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_keystructs as the payloads of "struct key" objects contained in a"struct key" keyring has outlived its ...
CVE-2023-52929
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after dev_set_name() If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does notput this. While a minimal fix for this would be to add the gpiod_put()call, we can do better if we split device...
CVE-2023-52995
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140(ra)' of vfs_write results in the followingcrash: [ 32.092235] Unable to handle kernel access to user memory without uaccess routines at virtual address 00aaa...
CVE-2023-53048
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discover_identity message Since both source and sink device can send discover_identity message inPD3, kernel may dump below warning: ------------[ cut here ]------------WARNING: CPU: 0 PID:...
CVE-2023-53069
In the Linux kernel, the following vulnerability has been resolved: octeontx2-vf: Add missing free for alloc_percpu Add the free_percpu for the allocated "vf->hw.lmt_info" in order to avoidmemory leak, same as the "pf->hw.lmt_info" indrivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c.
CVE-2023-53080
In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL onoverflow. Also remove a redundant u32 cast assigning umem->npgs.
CVE-2023-53109
In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroomin their xmit path. This patch takes care of three tunnels xmit, and also thecore LL_RESERVED_SPACE() and L...
CVE-2024-38631
In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for averagecurrent and voltage measurements. The device itself hasonly 4 channels, but in sysfs there are "fake"channels for the ave...
CVE-2024-47680
In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fs_bdev_support_discard() shows, f2fs checks ifthe target block devices support discard by callingbdev_max_discard_sectors() and bdev_is_zoned(). This chec...
CVE-2024-49872
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix memfd_pin_folios alloc race panic If memfd_pin_folios tries to create a hugetlb page, but someone elsealready did, then folio gets the value -EEXIST here: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) ...
CVE-2024-49964
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pagesif the pages were not already faulted in, because the folio refcount forpages created by memfd_alloc_fo...
CVE-2024-49979
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly. Va...
CVE-2024-50122
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race betweenthe pwrctl platform device rescanning the bus and host controller probefunctions. The latter nee...
CVE-2024-50123
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmaplink fd. Fix it by adding the missing BPF_LINK_TYPE invocation forsockmap link Also add comments for ...
CVE-2024-50254
In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether thebits are dynamically allocated. However, the check is incorrect and maycause a kmemleak as ...
CVE-2024-56696
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() kunit_kzalloc() may return a NULL pointer, dereferencing it withoutNULL check may lead to NULL dereference.Add NULL checks for all the kunit_kzalloc() in sound_kun...
CVE-2024-57975
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG]With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crashwith the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, st...
CVE-2024-57988
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but thisreturned value in btbcm_get_board_name() is not checked.Add NULL check in btbcm_get_board_name(), to handle kern...
CVE-2024-58066
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check The devm_kzalloc() function doesn't return error pointers, it returnsNULL on error. Update the check to match.
CVE-2024-58073
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Similar to the r_pipe sspp protect, add a check to protectthe pipe state prints to avoid NULL ptr dereference for cases whenthe state is dumped without a correspondin...
CVE-2025-21896
In the Linux kernel, the following vulnerability has been resolved: fuse: revert back to __readahead_folio() for readahead In commit 3eab9d7bc2f4 ("fuse: convert readahead to use folios"), thelogic was converted to using the new folio readahead code, which dropsthe reference on the folio once it is...
CVE-2025-21921
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case anethtool netlink command targets a specific phydev within a netdev'stopology. It takes as a par...
CVE-2025-37848
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix PM related deadlocks in MS IOCTLs Prevent runtime resume/suspend while MS IOCTLs are in progress.Failed suspend will call ivpu_ms_cleanup() that would try to acquirefile_priv->ms_lock, which is already held by th...
CVE-2025-37863
In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a datalayer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed,only in...
CVE-2025-37968
In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once tolock a mutex and once to unlock it. Even though the code setting the flagis designed to prev...
CVE-2008-3077
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vuln...
CVE-2011-4098
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.
CVE-2022-49008
In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdevis down, and all callers of can327_feed_frame_to_netdev() did not freealloc...
CVE-2022-49744
In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork() without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin errormarkers. T...
CVE-2022-49745
In the Linux kernel, the following vulnerability has been resolved: fpga: m10bmc-sec: Fix probe rollback Handle probe error rollbacks properly to avoid leaks.
CVE-2022-49760
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_protection()". Playing with virtio-mem and background snapshots (using uffd-wp) onhugetlb in QEMU, I mana...
CVE-2022-49762
In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find().Because the ATTR_RECORDs are next to each other, kernel can get the nextATTR_RECORD from end address of current AT...
CVE-2022-49765
In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for trans_fd Shamelessly copying the explanation from Tetsuo Handa's suggestedpatch[1] (slightly reworded):syzbot is reporting inconsistent lock state in p9_req_put()[2],for p9_tag_remove() from p9_...
CVE-2022-49784
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/uncore: Fix memory leak for events array When a CPU comes online, the per-CPU NB and LLC uncore contexts arefreed but not the events array within the context structure. Thiscauses a memory leak as identified by the kme...
CVE-2022-49808
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba ("net: dsa: introduce tagger-ownedstorage for private and shared data"), we had a call totag_ops->disconnect(dst) issued from d...
CVE-2022-49814
In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCMsockets its RX path takes mux->rx_lock to protect more than justskb queue. However, kcm_recvmsg() still only grabs...
CVE-2022-49854
In the Linux kernel, the following vulnerability has been resolved: mctp: Fix an error handling path in mctp_init() If mctp_neigh_init() return error, the routes resources shouldbe released in the error handling path. Otherwise some resourcesleak.
CVE-2022-49866
In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhi_mbim_dellink MHI driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This pat...
CVE-2022-49877
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running test_sockmap selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0Cal...
CVE-2022-49883
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM willaccess 16 gprs to 32-bit smram image, causing out-ouf-bound ramaccess. On 32 bit host, t...
CVE-2022-49886
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This includeseverything from kernel stacks to kernel text. Handlingexceptions on arbitrary accesses to kernel memor...
CVE-2022-49894
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix region HPA ordering validation Some regions may not have any address space allocated. Skip them whenvalidating HPA order otherwise a crash like the following may result: devm_cxl_add_region: cxl_acpi cxl_acpi.0: dec...
CVE-2022-49904
In the Linux kernel, the following vulnerability has been resolved: net, neigh: Fix null-ptr-deref in neigh_table_clear() When IPv6 module gets initialized but hits an error in the middle,kenel panic with: KASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f]CPU: 1 PID: 361 Comm: i...
CVE-2022-49907
In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changingsignificant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds ...
CVE-2023-52981
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference countingaround the request object was broken. Fix it up. The context based search manages the spinloc...
CVE-2023-53009
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svmif the initialization is not complete and application iswritting on the memory. Adding sync to wait for theinitialization completion ...
CVE-2023-53088
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passivesocket initialization, the mptcp listener shutdown path is proneto an UaF issue. BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0...