9873 matches found
CVE-2022-49642
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driverfor Tegra194 where random system crashes have been observed [0]. Theproblem occurs when the split header fe...
CVE-2022-49666
In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit")the kernel now validate the addr against high_memory value. This resultsin the below BUG_ON wi...
CVE-2024-47408
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset inproposal msg is from the remote client and can not be fully trusted.Once the value of smcd_v2_ext_o...
CVE-2021-47053
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seemto be free'ing pad. Fix these. Addresses-Coverity: ("Resource leak")
CVE-2021-47065
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, thefollowing array overrun is logged: ===============================================================...
CVE-2021-47400
In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3_nic_net_open repeatedly hns3_nic_net_open() is not allowed to called repeatly, but thereis no checking for this. When doing device reset and setup tcconcurrently, there is a small oppotunity to cal...
CVE-2021-47501
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptorsusing debugfs there was a crashdue to NULL pointer dereference in i40e_dbg_dump_desc.Added a check to i40e_dbg_dump_desc that che...
CVE-2022-48836
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrongendpoint type. There was a check for the number of endpoints, but notfor the type of endpoint. Fix it by replacing old...
CVE-2022-48884
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commandstill command interface is reinitialized. Such command failure is beinglogged to command stats. This results in NUL...
CVE-2022-49123
In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0kernel: [25398.421509] ath11k_pci 0000:01:00.0: failed to flush ...
CVE-2022-49145
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, donot attempt to access the "Revision" element of that package, becauseit may not be present then. Bug...
CVE-2022-49291
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against theconcurrent calls of PCM hw_params and hw_free ioctls, which may resultin a UAF. Since the existing P...
CVE-2022-49296
In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync.2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()-->ceph_mdsc_do_request(openc)finish_open(file, dentry, ceph_...
CVE-2022-49297
In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds.Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884"echo 0 > /proc/sy...
CVE-2022-49329
In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get aNULL pointer dereference when accessing controldevice's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL ...
CVE-2022-49330
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug,added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe iftcp_snd_cwnd(tp) &g...
CVE-2022-49349
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows:EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continueext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478ext4_get_fir...
CVE-2022-49372
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_rtx_synack() can be called from process context Laurent reported the enclosed report [1] This bug triggers with following coditions: Kernel built with CONFIG_DEBUG_PREEMPT=y A new passive FastOpen TCP socket is created.Thi...
CVE-2022-49379
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout wasnon-zero [1]. This was because ip_auto_config() initcall times outwaiting for the netwo...
CVE-2022-49573
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49575
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49626
In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was readafter being freed was vf->pci_dev: it was freed from pci_disable_sriovand later read in efx_ef10_sriov_free_vf_...
CVE-2022-49710
In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then usesfind_next_zero_bit_le on the allocated region. find_next_zero_bit_leaccesses the bitmap using unsigned lon...
CVE-2022-49732
In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")has moved the inet_csk_has_ulp(sk) check from sk_psock_init() tothe new tcp_bpf_update_proto() function. ...
CVE-2023-50431
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
CVE-2023-52502
In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup whileholding a lock should happen before rel...
CVE-2023-52509
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise,ravb_tx_timeout_work() is possible to use the freed priv afterravb_remove() was called like below: CPU0 CPU1ravb_tx_...
CVE-2023-52569
In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index iteminto the delayed node's tree, we can just release all the resources wehave allocated/acquire...
CVE-2023-52609
In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages ona remote address space from Task B. For this, Task A pins the remote mmvia mmget_not_zero() first. This can race ...
CVE-2023-52689
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutexshould be locked while accessing it.
CVE-2023-52740
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip theinterrupt_exit_not_reentrant static branch condition concurrently withthe interrupt exit code wh...
CVE-2023-52781
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor foraccessing a family of related descriptors. Function 'usb_get_bos_descriptor()' encounters an ...
CVE-2024-26676
In the Linux kernel, the following vulnerability has been resolved: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. syzbot reported a warning [0] in __unix_gc() with a repro, whichcreates a socketpair and sends one socket's fd to itself using thepeer. socketpair(AF_UNIX, SOCK_STREAM...
CVE-2024-26881
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so thehdev->ptp is NULL, but the hardware can receive 1588 messages,and set the HNS3_RXD_TS_VLD_B bit, so, i...
CVE-2024-35982
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmitthe local translation table then it must be resized to fit inside allfragments (when enabled) or a si...
CVE-2024-36972
In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() andqueue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets,and then if the socket h...
CVE-2024-40948
In the Linux kernel, the following vulnerability has been resolved: mm/page_table_check: fix crash on ZONE_DEVICE Not all pages may apply to pgtable check. One example is ZONE_DEVICEpages: they map PFNs directly, and they don't allocate page_ext at alleven if there's struct page around. One may ref...
CVE-2024-42074
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: add a null check for chip_pdev structure When acp platform device creation is skipped, chip->chip_pdev value willremain NULL. Add NULL check for chip->chip_pdev structure insnd_acp_resume() function to avoid n...
CVE-2024-42141
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg()error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/...
CVE-2024-43828
In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to anuninitialized extent_status struct. ext4_ext_determine_insert_hole() doesnot detect the replay and calls ext4_es_f...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only ifthe parent object does not have a parent itself. That is, nesting is notsupported. Aggregation happens in two cases: Wi...
CVE-2024-43879
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled incfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, r...
CVE-2024-46854
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the bufferfollowing the data may be leaked. Avoid this by extending all packets toETH_ZLEN, ensuring nothing is leaked in the padding. Thi...
CVE-2024-47754
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c.Which leads to a kernel crash when fb is NULL.
CVE-2024-49568
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/eid_cnt/ism_gid_cnt in proposal msg are from the remote clientand can not be fully trusted...
CVE-2024-49946
In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler.However, some protocols need to acquire the socket lock, andpackets might be stored in the socket backlog is the...
CVE-2024-50013
In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmapdirectory entry, 'bh' will not be released and reassigned, whichwill cause a memory leak.
CVE-2024-50059
In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndevfunction, then &sndev->check_link_status_work is bound ...
CVE-2024-50077
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if eitherCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()returns early and does not set iso_i...
CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()for the same controller. So it's better to nullify it after release onerror path in order to avoid ...