10174 matches found
CVE-2024-42275
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix error code in drm_client_buffer_vmap_local() This function accidentally returns zero/success on the failure path.It leads to locking issues and an uninitialized *map_copy in thecaller.
CVE-2024-58062
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference When iterating over the links of a vif, we need to make sure that thepointer is valid (in other words - that the link exists) beforedereferncing it.Use for_each_vif_active_link tha...
CVE-2025-21901
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_startcallbacks will be called when the device is in detached state.This can cause a crash due to NULL pointer dereference asthe r...
CVE-2025-21921
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case anethtool netlink command targets a specific phydev within a netdev'stopology. It takes as a par...
CVE-2025-21940
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrencewhen calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
CVE-2025-21958
In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirmed conntrackentries (ct) within ovs_ct_commit(). However, if the conntrack entrydoes not have the label...
CVE-2025-37894
In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to bereturned from the functions __inet_lookup_established() and__inet6_lookup_established(). This can cause a cr...
CVE-2025-37955
In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently revealsthat there is a mem leak on the error path of virtnet_xsk_pool_enable(): unreferenced object 0xffff888...
CVE-2025-37965
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why]"BUG: sleeping function called from invalid context" error.after:"drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()" The populate_dml_plane_cfg_from_plane...
CVE-2025-38010
In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses bias_pad_enable as a reference count tomanage the shared bias pad for all UTMI PHYs. However, during systemsuspension with connected ...
CVE-2025-38011
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is acceptedand then waiting to take vm lock is interrupted and return, it causesmemory leaking and below warning backtrace. C...
CVE-2025-38024
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace:__dump_stack lib/dump_stack.c:94 [inline]dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120print_address_description mm/kasan/report.c:378 [inline]print_report+0...
CVE-2025-38040
In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform usingatmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738in_atomic(...
CVE-2025-38177
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendlyto its callers, like fq_codel_dequeue(). Let's make it idempotentto ease qdisc_tree_reduce_backlog() callers' life: update_vf(...
CVE-1999-1285
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
CVE-2001-1395
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
CVE-2006-3635
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.
CVE-2012-4467
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.
CVE-2013-1956
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.
CVE-2020-36790
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number
CVE-2022-48782
In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problemroute.c:425:4: warning: Use of memory after it is freedtrace_mctp_key_acquire(key);^~~~~~~~~~~~~~~~~~~~~~~~~~~When mctp_key_add() fails, key is freed but then is la...
CVE-2022-48963
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_muxis not released.
CVE-2022-49079
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone btrfs_can_activate_zone() can be called with the device_list_mutex alreadyheld, which will lead to a deadlock: insert_dev_extents() // Takes device_list_mu...
CVE-2022-49765
In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for trans_fd Shamelessly copying the explanation from Tetsuo Handa's suggestedpatch[1] (slightly reworded):syzbot is reporting inconsistent lock state in p9_req_put()[2],for p9_tag_remove() from p9_...
CVE-2022-49803
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmemleak reports this issue: unreferenced object 0xffff8881bac872d0 (size 8):comm "sh", pid 58603, jiffies 4481524462 (age 68.065s)hex dump (first 8 bytes):04 00 00 00 de ad be e...
CVE-2022-49811
In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe()iterator to prevent a use after free.
CVE-2022-49877
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running test_sockmap selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0Cal...
CVE-2022-49899
In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_keystructs as the payloads of "struct key" objects contained in a"struct key" keyring has outlived its ...
CVE-2022-49943
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in thegadget core managed to cause an obscure and slightly bizarre lockdepviolation. In abbreviated form: ==========...
CVE-2022-50000
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequencenormally happens in order: gc_step work is stopped to disable any further stats/del requests. Al...
CVE-2022-50027
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails toissue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq requ...
CVE-2022-50037
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, howeverthe kernel should still take care not to leak the CCS state from theprevious user. (cherry picked from commit 353819d85f87b...
CVE-2022-50055
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherentmemory for VF mailbox.Free DMA regions for both ASQ and ARQ in case error happens duringconfiguration of ASQ/ARQ registers.Wit...
CVE-2022-50076
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64):comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s)hex dump (first 32 bytes):80 5a d0 11...
CVE-2022-50085
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm testlvconvert-raid.sh. The reason for the warning is that mddev->raid_disksis greater than rs->raid_disks, so ...
CVE-2022-50139
In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned byof_get_child_by_name() which has increased the refcount.
CVE-2022-50149
In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in __driver_attach In __driver_attach function, There are also AA deadlock problem,like the commit b232b02bf3c2 ("driver core: fix deadlock in__device_attach"). stack like commit b232b02bf3c2 ("d...
CVE-2022-50191
In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned byof_get_child_by_name() which has increased the refcount.
CVE-2022-50220
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which maysleep. On disconnect, completion of the work was originally awaited in->ndo_stop(). But in 2003, that was...
CVE-2023-52914
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to arequest leak. This will eventually stall the ring exit process aswell.
CVE-2023-53061
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix thisby adding the missing posix_acl_release().
CVE-2023-53115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() Don't allocate memory again when IOC is being reinitialized.
CVE-2023-53144
In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6....
CVE-2024-45024
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb vs. core-mm PT locking We recently made GUP's common page table walking code to also walk hugetlbVMAs without most hugetlb special-casing, preparing for the future ofhaving less hugetlb-specific page table w...
CVE-2024-46684
In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for theAUX vector when an architecture has ELF_HWCAP2 defined. Prior to thecommit 10e29251be0e ("...
CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without anypermission checks. As a result, this was allowing possible denial ofservice. We now only allow the DRM mast...
CVE-2024-56668
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain The qi_batch is allocated when assigning cache tag for a domain. Whilefor nested parent domain, it is missed. Hence, when trying to map pagesto the nested parent, NULL...
CVE-2024-57905
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from atriggered buffer, but it has a hole between the sample (unsigned int)and the timestamp. This hole is ne...
CVE-2024-57988
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but thisreturned value in btbcm_get_board_name() is not checked.Add NULL check in btbcm_get_board_name(), to handle kern...
CVE-2025-21803
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(),and the later one may call the preempt_schedule_common() function,resulting in a thread switch and causing the CPU to be...