10174 matches found
CVE-2022-50097
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' may large...
CVE-2022-50108
In the Linux kernel, the following vulnerability has been resolved: mfd: max77620: Fix refcount leak in max77620_initialise_fps of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount...
CVE-2022-50118
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clearpending PMI before resetting an overflown PMC") added a newfunction...
CVE-2022-50155
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with refcount incremented,we should use of_node_put() on it when not need anymore.Add missing of_node_put() to av...
CVE-2022-50156
In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings:drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()'data->block[1]' too small (33 vs 255)drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy...
CVE-2022-50160
In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50171
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decryptpackets during the softirq, it is not allowed to use mutex lock. Thekernel will report the following error: BUG: ...
CVE-2022-50209
In the Linux kernel, the following vulnerability has been resolved: meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcou...
CVE-2022-50218
In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function inisl29028_remove(). To keep the release order as mirroring the orderingin probe, the driver should use non-man...
CVE-2024-56612
In the Linux kernel, the following vulnerability has been resolved: mm/gup: handle NULL pages in unpin_user_pages() The recent addition of "pofs" (pages or folios) handling to gup has aflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**array. That's not the case, as I discove...
CVE-2024-58008
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trustedkeys can crash during en- and decryption of the blob encryption key viathe DCP crypto driver. Th...
CVE-2025-21952
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an interrupt context,locking battery_mutex in it was causing a kernel panic.Fix it by moving the critical se...
CVE-2025-38061
In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwisestrn_len() will access memory outside of the user given buffer).
CVE-2025-38067
In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior toregistration, however this is not currently enforced by the kernel. Thiscan result in a segfault on...
CVE-2025-38091
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How]Fix a false positive warning which occurs due to lack of correct checkswhen querying plane_id in DML21. This fixes the warning when performing amode1 reset (...
CVE-2025-38106
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Co...
CVE-2025-38120
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zeroout the remainder, else we leak those bits into the next match round map. The early fix was incomplete and ...
CVE-2025-38122
In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()did not check for this case before dereferencing the returned pointer. Add a missing NULL chec...
CVE-2025-38124
In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation afterpull from frag_list") detected invalid geometry in frag_list skbs andredirects them from skb_segment_list...
CVE-2025-38138
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently,udma_probe() does not check for this case, which results in a NULLpointer dereference. Add NULL check after devm_ka...
CVE-2025-38142
In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensoris not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT),but its result was used...
CVE-2025-38148
In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When runningone-step sync timestamping, the HW is configured to insert the TX timeinto the frame, so there is no r...
CVE-2025-38167
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. Thispointer may be NULL. To handle the NULL error effectively, it is importantto implement an error handler. This will ...
CVE-2025-38170
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME stateincorrectly, and a race with preemption can result in a task havingTIF_SME set and TIF_FOREIGN_FPS...
CVE-2025-38186
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Before the commit under the Fixes tag below, bnxt_ulp_stop() andbnxt_ulp_start() were always invoked in pairs. After that commit,the new bnxt_ulp_restart() can be i...
CVE-2025-38231
In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc throughnfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized,this can cau...
CVE-2025-38246
In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT featurein production: [56251.579676] list_add corruption. next->prev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740....
CVE-2025-38256
In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71![ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP[ 108.123672][ T14] Hardware nam...
CVE-2025-38260
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG]There is syzbot based reproducer that can crash the kernel, with thefollowing call trace: (With some debug output added) DEBUG: rescue=ibadroots parsedBTRFS: device...
CVE-2025-38268
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked toprevent a deadlock where the DisplayPort Alt Mode driver would beexecuting work and attempting to g...
CVE-2025-38275
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result ofdevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may returna NULL pointer and the caller only chec...
CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following warning appearsin kernel dmesg:[ 60.643604] verifier backtracking bug[ 60.643635] WARNING: CPU: 10 PID:...
CVE-2025-38304
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannotbe used for skipping to next entry of EIR_SERVICE_DATA.
CVE-2025-38315
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can juststart there instead of querying the EFI variable size. If the finalresult doesn't match what we expect also fa...
CVE-2025-38319
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() andatomctrl_initialize_mc_reg_table_v2_2() does not check the returnvalue of smu_atom_get_data_t...
CVE-2025-38326
In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that arewaiting to be transmitted to the aoe target. This queue was added aspart of the conversion to blk_mq. However, the queue...
CVE-2025-38328
In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack ofchecking whether jffs2_prealloc_raw_node_refs() completed successfully.Subsequent logic implie...
CVE-2025-38331
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to alsoprocess non-segmented TCP frames: we pass the skb->lento the "TOE/TSO" offloader and it will handle them. Without this quirk...
CVE-2025-38344
In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute ofSouth Korea. I have been doing a research on ACPI and fo...
CVE-2025-38365
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a race between renames and directory logging We have a race between a rename and directory inode logging that if ithappens and we crash/power fail before the rename completes, the next timethe filesystem is mounted, the ...
CVE-2025-38369
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted cantrigger a call trace or even a kernel panic when the parent process ...
CVE-2025-38393
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the samepage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit inpnfs_update_layout(), however the pnfs_layout...
CVE-2025-38401
In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA region, the request isnot prepared for data receiving, but msdc_start_data() proceedsthe DMA with previous setting.Since this will l...
CVE-2025-38406
In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do withthe driver's stack at this point etc., so the WARN_ON()doesn't add any value. Additionally, this is one of thetop syzbot repo...
CVE-2025-38416
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI device means we need toclean it up on error paths. This also opens some short window if devicestarts sending data, even bef...
CVE-2025-38422
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kband 64 Kb respectively. Adjust max size definitions and return correctEEPROM length based on dev...
CVE-2025-38424
In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being asynchronous external abort -- most likely due to trying to accessMMIO in bad ways. The crash further shows perf trying to do a user st...
CVE-2025-38425
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message lengthpassed from the device is '0' or greater than the maximum allowed bytes.
CVE-2025-38430
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, thenexamining the cstate can have undefined results. This patch adds a check that the rpc procedure ...
CVE-2025-38441
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offlo...