9842 matches found
CVE-2022-49828
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], andit solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, th...
CVE-2022-49849
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in dev_args_match_device syzkaller found a failed assertion: assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to (u64...
CVE-2022-49852
In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, whichmay be finally leaked to userspace. This is a security hole. Fix itby clearing the s[12] array in thread_struct when fork....
CVE-2022-49884
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper andcall the new helper during VM/vCPU creation. There are raceconditions possible due to kvm_gfn_to_pfn_cach...
CVE-2022-49893
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously assignedto that region hold references to it. Trigger those references todrop by detaching all targets...
CVE-2022-49912
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in error paths of qgroup self tests In the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,if we fail to add the tree ref, remove the extent item or remove theextent ref, we are returning f...
CVE-2023-52980
In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queue_size to fix overflow When validating drafted SPDK ublk target, in a case thatassigning large queue depth to multiqueue ublk device,ublk target would run into a weird incorrect state. Duringrounds of rev...
CVE-2023-52982
In the Linux kernel, the following vulnerability has been resolved: fscache: Use wait_on_bit() to wait for the freeing of relinquished volume The freeing of relinquished volume will wake up the pending volumeacquisition by using wake_up_bit(), however it is mismatched withwait_var_event() used in f...
CVE-2023-53004
In the Linux kernel, the following vulnerability has been resolved: ovl: fix tmpfile leak Missed an error cleanup.
CVE-2024-42233
In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set fromhandle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte).After a pte_unmap(vmf->...
CVE-2024-50097
In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so onthese platforms fec_ptp_init() is not called and the related membersin fep are not initialized. However, fec_p...
CVE-2024-50266
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on theLenovo ThinkPad X13s, for example, when streaming video in firefox: video_cc_mvs0_clk status stuck a...
CVE-2024-57985
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global '__scm' on probe failures If SCM driver fails the probe, it should not leave global '__scm'variable assigned, because external users of this driver will assume theprobe finished successfully. For...
CVE-2024-57987
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, itwill hit the NULL point accessed. Add a null point check to avoid theKernel Oops.
CVE-2024-58065
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check The devm_kzalloc() function returns NULL on error, not error pointers.Fix the check.
CVE-2024-58074
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Grab intel_display from the encoder to avoid potential oopsies Grab the intel_display from 'encoder' rather than 'state'in the encoder hooks to avoid the massive footgun that isintel_sanitize_encoder(), which passes NULL ...
CVE-2025-21746
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmousedriver binds to the pass-through port. However synaptics sub-drivertries to access psmouse instanc...
CVE-2025-21788
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDP_PASS then we leak thememory allocated by am65_cpsw_build_skb(). It is pointless to allocate SKB memory before running the XDPpr...
CVE-2025-21882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed,causing a leak. Add the missing free and reset the vport scheduling node pointer toNULL.
CVE-2025-21952
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an interrupt context,locking battery_mutex in it was causing a kernel panic.Fix it by moving the critical se...
CVE-2025-37930
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences onlyever get signaled through nouveau_fence_signal(). However, in at leastone other place, nouveau_fence_do...
CVE-2022-49819
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: fix potential memory leak in octep_device_setup() When occur unsupported_dev and mbox init errors, it did not free oct->confand iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.Add kfree() for...
CVE-2022-49932
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvm_init() only after all setup is complete, as kvm_init() exposes/dev/kvm to userspace and thus allows userspace to create VMs (and callother ioctls). E.g....
CVE-2023-52921
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsingloop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security.
CVE-2023-53055
In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encryptedinodes were evicted; otherwise it cannot safely destroy the keyring.Since inodes that are in-use by the Lan...
CVE-2023-53115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() Don't allocate memory again when IOC is being reinitialized.
CVE-2024-43875
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_b...
CVE-2024-49570
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commitafd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format")exposes potential UAFs in the xe_bo_move trace event. Fix those by avoiding derefere...
CVE-2024-56612
In the Linux kernel, the following vulnerability has been resolved: mm/gup: handle NULL pages in unpin_user_pages() The recent addition of "pofs" (pages or folios) handling to gup has aflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**array. That's not the case, as I discove...
CVE-2024-57976
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG]When testing with COW fixup marked as BUG_ON() (this is involved with thenew pin_user_pages*() change, which should not result new out-of-banddirty pages), I hit a cr...
CVE-2024-58021
In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in winwing_init_led() is not checked.Add NULL check in winwing_init_led(), to handle kernel NULLpointer...
CVE-2025-37928
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP andtry_verify_in_tasklet are enabled.[ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-buf...
CVE-2025-37983
In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair,if we are that far OOM, the odds of failing at that particularallocation are low...
CVE-2022-49817
In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This patch ca...
CVE-2024-56554
In the Linux kernel, the following vulnerability has been resolved: binder: fix freeze UAF in binder_release_work() When a binder reference is cleaned up, any freeze work queued in theassociated process should also be removed. Otherwise, the reference isfreed while its ref->freeze.work is still ...
CVE-2024-57989
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but thisreturned value is not checked.
CVE-2024-58004
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens whenwe do not remove cpu latency request on error path and freecorresponding memory. [ 30.634378] l7 kernel: list...
CVE-2025-21717
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands tonothing on !CONFIG_D...
CVE-2025-21778
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap() of persistent ring buffer When trying to mmap a trace instance buffer that is attached toreserve_mem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8#PF: supervisor read a...
CVE-2025-21789
In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bitsystem") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("...
CVE-2025-21942
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang likebelow. They are both stack by locking an extent. This suggests someoneforget to unlock an extent. ...
CVE-2025-21954
In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but notTX. It is not safe to forward/redirect an RX unreadable netmem packetinto the device's TX path, as the device may call dma-...
CVE-2025-37907
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling.When a thread aborts currently executing jobs due to a fault,it first locks the global lock protecting submitted_jobs (#1). After th...
CVE-2025-37948
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influencewhat the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgat...
CVE-2025-37963
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typicallydisabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigat...
CVE-2024-43877
In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used toaccess 'dma->SGarray[dma->SG_length - 1]', which will cause out ofbounds access. Add check to return early...
CVE-2024-50270
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows.Specifically, 'score_goal_diff_bp' calculation can overflow when 'score'is high. The calculation is ...
CVE-2024-52560
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the mi_enum_attr() function interface with an additionalparameter, struct ntfs_inode *ni, to allow marking the inodeas bad as soon as an error is dete...
CVE-2024-53186
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling inksmbd_conn_handler_loop() and the freeing of ksmbd_conn in theworkqueue handler handle_ksmbd_work(). This leads to a UAF. KASA...
CVE-2024-57927
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf ofnfs, it creates a new write request and calls nfs_netfs_init_request() toinitialise it, but w...