9933 matches found
CVE-2025-38427
In the Linux kernel, the following vulnerability has been resolved: video: screen_info: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screen_info framebuffers. Fixesinvalid access to I/O memory. Resources behind a PCI host bridge can be relocated by a certain offs...
CVE-2025-38440
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dimpointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it assumesrq->dim or sq-...
CVE-2025-38450
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Add a NULL check for msta->vif before accessing its members to preventa kernel panic in AP mode deployment. This also fix the issue reportedi...
CVE-2025-38475
In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inet_sock type confusion. syzbot reported weird splats [0][1] in cipso_v4_sock_setattr() whilefreeing inet_sk(sk)->inet_opt. The address was freed multiple times even though it was read-only memory. ...
CVE-2022-50009
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data There is issue as follows when test f2fs atomic write:F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblockF2FS-fs (loop0): invalid crc_offset: 0F2FS-fs (loop0): f2fs...
CVE-2022-50013
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das [email protected] reported, syzkallerfound a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295Call Trace:write_a...
CVE-2022-50071
In the Linux kernel, the following vulnerability has been resolved: mptcp: move subflow cleanup in mptcp_destroy_common() If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATEeBPF program, the MPTCP protocol ends-up leaking all the subflows:the related cleanup happens in __mptcp_destr...
CVE-2025-38016
In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request willgo through it after hid_bpf_destroy_device() has been called. This leadsto a bug that unplugging certain types of ...
CVE-2025-38093
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when itreaches high temperatures. With certain high GPU loads it is possible toreach the critical hardware shutdown tempe...
CVE-2025-38144
In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() devm_ioremap() returns NULL on error. Currently, lenovo_se30_wdt_probe()does not check for this case, which results in a NUL...
CVE-2025-38171
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Fix workqueue error handling in probe The create_singlethread_workqueue() doesn't return error pointers, itreturns NULL. Also cleanup the workqueue on the error paths.
CVE-2025-38209
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 ("nvme-fabrics: reset admin connection for secureconcatenation") modified nvme_tcp_setup_ctrl() to callnvme_tcp_configure_admin_queue() twice. The fi...
CVE-2025-38224
In the Linux kernel, the following vulnerability has been resolved: can: kvaser_pciefd: refine error prone echo_skb_max handling logic echo_skb_max should define the supported upper limit of echo_skb[]allocated inside the netdevice's priv. The corresponding size valueprovided by this driver to allo...
CVE-2025-38247
In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does requirefinish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr()does not change that. As the result, we can...
CVE-2025-38276
In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanningentries") introduced a new function, wait_entry_unlocked_exclusive(),which waits for the current ent...
CVE-2025-38371
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which canlead to GPU hangs and NULL pointer dereference in an interrupt contextas shown in the following trace: [ 314...
CVE-2025-38382
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the nextlabel we have an undefined value of victim_name.len, since we haven'tinitialized it before we did the goto. Thi...
CVE-2025-38384
In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinandcleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8):com...
CVE-2025-38385
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB devicedisconnect: WARNING: CPU: 0 PID...
CVE-2025-38389
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a testunbinds the i915 driver on a ring submission platform: [239.330153] ------------[ cut here ]------------ [2...
CVE-2025-38414
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 GCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crashon some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to...
CVE-2025-38435
In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored,and the context of v8-v31 are damanged.Correctly save/restore v8-v31 to avoid breaking userspace.
CVE-2025-38446
In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data When num_parents is 4, __clk_register() occurs an out-of-boundswhen accessing parent_names member. Use ARRAY_SIZE() instead ofhardcode number here. BUG: KASAN: globa...
CVE-2025-38451
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix statscollection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardl...
CVE-2025-38452
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Add check for the return value of rcar_gen4_ptp_alloc()to prevent potential null pointer dereference.
CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hita request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-...
CVE-2025-38499
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose somethinghidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo"may be a ...
CVE-2022-49955
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware)cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page (2fff01a8) - exploit atte...
CVE-2022-49975
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout anyskbs, that is, the flow->head is null.The root cause, as the [2] says, is because that bpf_prog_test_run_s...
CVE-2022-50082
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows:------------[ cut here ]------------WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0RIP: 0010:ext4_iomap_beg...
CVE-2022-50119
In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch whendriver_set_override fails. Fix this by adding a put_device() to the error path.
CVE-2022-50130
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() beforeinitializing info->fix.smem_len. It is set to zero by theframebuffer_alloc() function. It will tr...
CVE-2025-38012
In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new()returns an error value (e.g. bpf_for_each() macro ignores error returns fromnew()). bpf...
CVE-2025-38032
In the Linux kernel, the following vulnerability has been resolved: mr: consolidate the ipmr_can_free_table() checks. Guoyu Yin reported a splat in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline]WARNING: CPU: 2 PID: 14564 a...
CVE-2025-38054
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements inthe freq_in[] and signal_out[] arrays, causing NULL pointerdereferences and triggering a kernel Oops (p...
CVE-2025-38150
In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578__mutex_lock+0x106/0xe80 kernel/locking/mut...
CVE-2025-38252
In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragileassumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3device, n...
CVE-2025-38266
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multipleaddresses") introduced an access to the 'soc' field of structmtk_pinctrl in mtk_eint_do...
CVE-2025-38271
In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnl_create_link() At the time rtnl_create_link() is running, dev->netdev_ops is NULL,we must not use netdev_lock_ops() or risk a NULL deref ifCONFIG_NET_SHAPER is defined. Use netif_set_group() inst...
CVE-2025-38308
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified beforebeing used. As 'template' is already known whenavs_hw_constraints_init() is fired, drop the search ...
CVE-2025-38309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(),however during vm creation we can call this on the error path, beforehaving actually initialised the svm state, leading to vari...
CVE-2025-38355
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt->wqthat we use to complete asynchronous removal of some GGTT nodes,this happends as part of the managed-d...
CVE-2025-38356
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly using CT safe mode, whichis based on a delayed work, but usually we are able to stop thisonce we have IRQ fully operational. However, if we ...
CVE-2025-38383
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ==================================================================BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show r...
CVE-2025-38402
In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading tocast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethtool ...
CVE-2025-38407
In the Linux kernel, the following vulnerability has been resolved: riscv: cpu_ops_sbi: Use static array for boot_data Since commit 6b9f29b81b15 ("riscv: Enable pcpu page first chunkallocator"), if NUMA is enabled, the page percpu allocator may be usedon very sparse configurations, or when requeste...
CVE-2025-38421
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead toa double free when unloading amd-pmf. This is because dev->buf wasfreed but never set to NULL and is again fr...
CVE-2025-38454
In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Use pr_warn() instead of dev_warn() when 'pdev' is NULL to avoid apotential NULL pointer dereference.
CVE-2025-38484
In the Linux kernel, the following vulnerability has been resolved: iio: backend: fix out-of-bound write The buffer is set to 80 character. If a caller write more characters,count is truncated to the max available space in "simple_write_to_buffer".But afterwards a string terminator is written to th...
CVE-2022-49970
In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------kernel BUG at kernel/bpf/cgroup.c:925!invalid opcode: 0000 [#1] PREEMPT SMP NOPTICPU: 1 ...