10167 matches found
CVE-2022-49992
In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() tofetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/...
CVE-2022-50014
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, we knowthat FOLL_FORCE can be possibly dangerous, especially if there are racesthat can be exploited by...
CVE-2022-50056
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL.The bug happens because we don't initialize i_op for records in $Extend.
CVE-2022-50170
In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunit_filter_tests It's possible that memory allocation for 'filtered' will fail, but for thecopy of the suite to succeed. In this case, the copy could be leaked. Properly free 'copy...
CVE-2024-58240
In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's noreference counting, we just need to wait for the completion to wake usup and return its result. We shou...
CVE-2025-38398
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtd_nandbiterrs module for testing the driver occasionallyresults in weird things like below. swiotlb mapping fails with the following message: [ 85.926216] qcom_snand 79b0...
CVE-2025-38534
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is used by Ceph with local caching sets up anew request to write data just read to the cache. The request is startedand then lef...
CVE-2025-38554
In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a reproducer fora hard to hit UAF issue that became possible after VMAs were allowed to berecycled...
CVE-2025-38558
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized colormatching descriptor for frame-based format which was added incommit f5e7bdd34aca ("u...
CVE-2025-38589
In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). kernel test robot reported null-ptr-deref in neigh_flush_dev(). [0] The cited commit introduced per-netdev neighbour list and convertedneigh_flush_dev() to use it instead of the g...
CVE-2025-38592
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump usehdev->dump.head. However, dev_coredumpv can free the buffer. Fromdev_coredumpm_timeout documentati...
CVE-2025-38606
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtualinterfaces (vifs) and attempts to access the radio object (ar) viaarvif->deflink-...
CVE-2025-38607
In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump()does not know about that. This can lead to incorrect live registersand SCC computation. E.g. in the foll...
CVE-2025-38629
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocatedvia kasprintf(), but it misses NULL checks, which may lead to NULLdereference Oops. Let's add the proper NULL check.
CVE-2025-38633
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately aparent for numerous clocks, including those used by APB and AXI buses.Guodong Xu discovered that this clock got disabled...
CVE-2025-38638
In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6_rt_notify() inet6_rt_notify() can be called under RCU protection only.This means the route could be changed concurrentlyand rt6_fill_node() could return -EMSGSIZE. Re-size the skb when this happens a...
CVE-2025-38642
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably withoutchannel context support) we get a WARN_ON for changing theper-link setting of a monitor interface. Since we alrea...
CVE-2025-38649
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only asource device is enabled, the coresight_find_activated_sysfs_sink functionis r...
CVE-2025-38654
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device treeparsing is done before calling devm_pinctrl_register() to prevent usinguninitialized pin resource...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's inthe future"), the following program would immediately enter a busyloop in the kernel: int main() { int...
CVE-2025-38433
In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the __runtime_fixup_32 function does not handle the case where val iszero correctly (as might occur when patching a nommu kernel and referringto a physical address below the 4Gi...
CVE-2025-38442
In the Linux kernel, the following vulnerability has been resolved: block: reject bs > ps block devices when THP is disabled If THP is disabled and when a block device with logical block size >page size is present, the following null ptr deref panic happens duringboot: [ [13.2 mK AOSAN: null-...
CVE-2025-38504
In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have allocatedniovs on page pool destruction. Remove a misplaced warning checking thatall niovs are returned to zcrx on io_pp_zc_des...
CVE-2025-38509
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widthsbelow 20 MHz. In particular, 5 MHz and 10 MHz are not valid under theVHT specification and must be ...
CVE-2025-38519
In the Linux kernel, the following vulnerability has been resolved: mm/damon: fix divide by zero in damon_get_intervals_score() The current implementation allows having zero size regions with no specialreasons, but damon_get_intervals_score() gets crashed by divide by zerowhen the region size is ze...
CVE-2025-38564
In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment to anexisting buffer perf_mmap() tries to map the buffer read only into the pagetable. If that fails,...
CVE-2025-38567
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully callnfsd_file_acquire_local(), they will both get an extra reference to thenet to accompany the file reference stored in *...
CVE-2025-38570
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test.The UaF is in the __sk_mark_napi_id_once() call in xsk_bind(),NAPI has been freed. Looks like the device failed...
CVE-2025-38594
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attachpath") disables IOPF on device by removing the device from its IOMMU'sIOPF queue when the last IOPF-capable ...
CVE-2025-38600
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDSelements so this >= needs to be > to prevent an out of bounds access.
CVE-2025-38613
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl isshowing up as initialized data on the stack frame being copyied backto userspace in function board_inf...
CVE-2025-38620
In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabledkernel reports "BUG KASAN use-after-free" in blk_mq_free_tag_set(). TheBUG happens because zloop_ctl_remove() calls put_...
CVE-2025-38651
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix warning from KUnit tests get_id_range() expects a positive value as first argument butget_random_u8() can return 0. Fix this by clamping it. Validated by running the test in a for loop for 1000 times. Note that MAX() ...
CVE-2025-38655
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() whenretrieving the "pinmux" property in the group parser. This avoidsa potential NULL pointer dereference if the property ...
CVE-2025-38657
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() The "link_id" value comes from the user via debugfs. If it's largerthan BITS_PER_LONG then that would result in shift wrapping andpotentially an out of bounds acc...
CVE-2025-38658
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails Have nvmet_req_init() and req->execute() complete failed commands. Description of the problem:nvmet_req_init() calls __nvmet_req_complete() internally upon...
CVE-2025-38677
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: __dump_stack lib/dump_stack.c:94 [inline]dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120print_address_description mm/kasan/report.c:378 [inline]prin...
CVE-2025-38357
In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on truncate_folio_batch_exceptionals() The WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() tocapture whether the filesystem has removed all DAX entries or not. And the fix has been applie...
CVE-2025-38358
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and close_ctree() Syzbot reported an assertion failure due to an attempt to add a delayediput after we have set BTRFS_FS_STATE_NO_DELAYED_IPUT in the fs_infostate: WARNING: CPU: 0 PID: 6...
CVE-2025-38378
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe In probe appletb_kbd_probe() a "struct appletb_kbd *kbd" is allocatedvia devm_kzalloc() to store touch bar keyboard related data.Later on if backlight_device_get_by...
CVE-2025-38397
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following"suspicious RCU usage" warning in nvme_mpath_add_sysfs_link(): '''[ 5.024557][ T44] nvmet: Created nvm controller 1...
CVE-2025-38411
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix double put of request If a netfs request finishes during the pause loop, it will have the refthat belongs to the IN_PROGRESS flag removed at that point - however, if itthen goes to the final wait loop, that will also put...
CVE-2025-38518
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issuethat causes system oopses and panics when performing TLB flush usingINVLPGB. However, the problem is that that machine has mis...
CVE-2025-38536
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), whichreleases the node and can lead to a use-after-free bug.Previously, of_node_put(np) was called unconditiona...
CVE-2025-38580
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty toavoid adding an io_end that requires no conversion to thei_rsv_conversion_list, which in turn preve...
CVE-2025-38598
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu][ +0.000817] Read of size 8 at addr ffff88812eec8c58 by task amd_pci_unplug...
CVE-2025-38599
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id isset to IEEE80211_LINK_UNSPECIFIED
CVE-2025-38641
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value ofkmalloc and handling allocation failure properly.
CVE-2025-38647
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. Itlooks meaningless to hold wiphy lock on the early init stage so drop theassertion. WARNING: CPU...
CVE-2025-38678
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch ispossible. Unfortunately, netdev event path only removes the firstdevice that is found, leaving unregister...