Lucene search

K

9933 matches found

CVE
CVE
added 2025/05/20 5:15 p.m.19 views

CVE-2025-37966

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is notavailable, the kernel crashes: Oops - illegal instruction [#1][snip]epc : set_tagged_addr_ctrl+0x112/0x15a...

6.4AI score0.00027EPSS
CVE
CVE
added 2025/06/18 10:15 a.m.19 views

CVE-2025-38061

In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwisestrn_len() will access memory outside of the user given buffer).

6.8AI score0.00035EPSS
CVE
CVE
added 2025/07/03 8:15 a.m.19 views

CVE-2025-38095

In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation.It is different with what the comment is originally aiming so Nullpointer dereference can be happened if memory...

6.6AI score0.00045EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38112

In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk residesin a sockmap. After the last sk_psock_put() (which usually happens whensocket is removed from sockmap), sk-&gt...

7.1AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38113

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leavingtheir cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu()dereferences these NULL pointers, causing...

7AI score0.00026EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38118

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete This reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add toavoid crashes like bellow: ==================================================================BUG: KA...

6.9AI score0.00026EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38120

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zeroout the remainder, else we leak those bits into the next match round map. The early fix was incomplete and ...

7.1AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38122

In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()did not check for this case before dereferencing the returned pointer. Add a missing NULL chec...

7.1AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38125

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring EST If the ptp_rate recorded earlier in the driver happens to be 0, thisbogus value will propagate up to EST configuration, where it willtrigger a division by 0. Prev...

7AI score0.00024EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38129

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862Read of size 8 at addr ffff8880...

7.2AI score0.00024EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1(perf enable) load modulecscfg_load_config_sets()activate config. // sysfs(sys_active_cnt == 1).....

7.2AI score0.00026EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38142

In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensoris not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT),but its result was used...

7.2AI score0.00026EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38153

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) inaqc111 driver, caused by incomplete sanitation of usb read calls'results. This problem is quite similar...

6.8AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38160

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently,raspberrypi_clk_register() does not check for this case, which resultsin a NULL pointer dereference. ...

7.1AI score0.00047EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38161

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is thelast resource to be destroyed some SW resources were already cleanedregardless of the failure. Now pro...

7.2AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38167

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. Thispointer may be NULL. To handle the NULL error effectively, it is importantto implement an error handler. This will ...

7.1AI score0.00035EPSS
CVE
CVE
added 2025/07/03 9:15 a.m.19 views

CVE-2025-38173

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests.Just return 0.

7.2AI score0.00035EPSS
CVE
CVE
added 2025/07/04 2:15 p.m.19 views

CVE-2025-38180

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(),leading to imbalance and UAF.

6.6AI score0.00035EPSS
CVE
CVE
added 2025/07/04 2:15 p.m.19 views

CVE-2025-38199

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation rx_stats for each arsta is allocated when adding a station.arsta->rx_stats will be freed when a station is removed. Redundant allocations are occurring when the s...

6.5AI score0.00026EPSS
CVE
CVE
added 2025/07/04 2:15 p.m.19 views

CVE-2025-38232

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsdand cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race betw...

6.3AI score0.00024EPSS
CVE
CVE
added 2025/07/09 11:15 a.m.19 views

CVE-2025-38245

In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register()looks up a duplicated ...

6.5AI score0.00035EPSS
CVE
CVE
added 2025/07/09 11:15 a.m.19 views

CVE-2025-38249

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned fromsnd_usb_ctl_msg() is used directly for memory allocation withoutvalidation. This length is c...

6.5AI score0.00035EPSS
CVE
CVE
added 2025/07/09 11:15 a.m.19 views

CVE-2025-38258

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write memcg_path_store() assigns a newly allocated memory buffer tofilter->memcg_path, without deallocating the previously allocated andassigned memory...

6.5AI score0.00025EPSS
CVE
CVE
added 2025/07/09 11:15 a.m.19 views

CVE-2025-38259

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanupin final error paths and in unbind (mi...

6.7AI score0.00026EPSS
CVE
CVE
added 2025/07/09 11:15 a.m.19 views

CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution'sSR_SUM state is saved and the new thread has the old SR_SUM staterestored. The issue was seen under heavy load especia...

6.6AI score0.00028EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38275

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result ofdevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may returna NULL pointer and the caller only chec...

6.7AI score0.00026EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38283

In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt toperform device data migration, the address of the migrated data willbe NULL.The live ...

6.6AI score0.00025EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38285

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861Modules linked in:CPU: 3 UID: 0 PID: 5971 Co...

6.4AI score0.00035EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38289

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject indev_loss_tmo_callbk during driver unload or fatal error handling. Fix by reordering code to avoid ...

6.8AI score0.00035EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38292

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and booleanis_continuation is part of rxcb.Currently, after freeing the skb, the rxcb->is_continuation accessedagain which is w...

6.7AI score0.00024EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38293

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() onlyreinitializes the "arvifs" list head. This will cause thelist node immediately following the list head to become ani...

7AI score0.00034EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38310

In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthopaddress does not exceed the specified length. This can lead to thekernel reading uninitialized memory if user space pro...

6.4AI score0.00035EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.19 views

CVE-2025-38313

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but,in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocat...

6.5AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38320

In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() KASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth(). Call Trace:[ 97.283505] BUG: KASAN: stack-out-of-bounds in regs_get_kernel_stack_nth...

6.2AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38321

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move thedentries to a separate list to dput() them once the locks are dropped.This will result in a "Dentry still in use"...

6.4AI score0.00025EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38322

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000CPU: 23 UID: 0 PID: 0 Comm: swapper...

6.4AI score0.00024EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38323

In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error pathin lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(),lec_vcc_attach() and lec_...

6.4AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38326

In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that arewaiting to be transmitted to the aoe target. This queue was added aspart of the conversion to blk_mq. However, the queue...

6.4AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38333

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in get_new_segment() ------------[ cut here ]------------WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dcpc : new_curseg+0x5e8/0x6dcCall trace:new_curseg+0x5e8/0x6dcf2fs_allocate_data_...

6.5AI score0.00024EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute ofSouth Korea. I have been doing a research on ACPI and fo...

6.6AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38345

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ...

6.2AI score0.00035EPSS
CVE
CVE
added 2025/07/10 9:15 a.m.19 views

CVE-2025-38347

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds.Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0"echo 0 > /proc/sys/kerne...

6.5AI score0.00025EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-49949

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload isallocated in firmware_upload_register(). This data needs to be freedin fw_dev_release(). Create a new fw_upload_f...

6.5AI score0.00026EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-49963

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER) And it looks like we can also trigger this with gem_lmem_swapping, if wemodify the test to use slight...

6.8AI score0.00026EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-49980

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadgetdriver unregistration that can cause a use-after-free bug: BUG: KASAN: use-after-free in usb_udc_uevent+0x11...

6.5AI score0.00026EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-50002

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY Only set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered.Doing so guarantees that both ldev->pf[MLX5_LAG_P0].dev andldev->pf[MLX5_LAG_P1].dev have valid poin...

6AI score0.00028EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-50049

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), itdoesn't check whether the picked BE actually supports for the givenstream direction. Due to that, when an asymmetric ...

6.6AI score0.00027EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-50050

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflowsthe given buffer size, hence using this value may result in the bufferoverflow (although it's u...

7AI score0.00024EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-50166

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drainedto avoid deadlock in commit76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting ...

6.5AI score0.00024EPSS
CVE
CVE
added 2025/06/18 11:15 a.m.18 views

CVE-2022-50183

In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device nodepointer withrefcount incremented, we should use of_node_put() on it when done.Add missing of_node_put() to a...

6.5AI score0.00024EPSS
Total number of security vulnerabilities9933