9873 matches found
CVE-2022-3104
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
CVE-2023-0469
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.
CVE-2023-5197
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be...
CVE-2024-40902
In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to thekernel log in hex format as a form of debugging. But when that xattrsize is bigger than the expected size, printi...
CVE-2024-42312
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership()can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values ofi_uid/i_gid on /proc/sy...
CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up devicewith a really large number of slots, which causes memory allocationfailure in input_mt_init_slots...
CVE-2024-47719
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignmentbecomes really big and ALIGN() overflows which corrupts the selected arearange during allo...
CVE-2020-36782
In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented onreturn in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM referencecount even ...
CVE-2021-47315
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lin...
CVE-2021-47646
In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). Thelatter was then reverted by commit ebc6...
CVE-2022-28796
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
CVE-2022-48743
In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading tointermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length ...
CVE-2022-49011
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returnsa pci device with refcount increment, when finish using it,the caller must decrement the reference count b...
CVE-2022-49049
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix panic when growing a memfd_secret When one tries to grow an existing memfd_secret with ftruncate, one getsa panic [1]. For example, doing the following reliably induces thepanic: fd = memfd_secret(); ftruncate(fd,...
CVE-2022-49227
In the Linux kernel, the following vulnerability has been resolved: igc: avoid kernel warning when changing RX ring parameters Calling ethtool changing the RX ring parameters like this: $ ethtool -G eth0 rx 1024 on igc triggers kernel warnings like this: [ 225.198467] ------------[ cut here ]------...
CVE-2022-49332
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rportbefore dereference.
CVE-2022-49378
In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true ifmodparam efx_separate_tx_channels=1 is used. In that cases, somechannels only have RX queues and others only...
CVE-2022-49413
In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case ofwriteback just starts submitting bios associated with a differentcgroup) bfq_merge_bio() can operate with stale cgro...
CVE-2022-49596
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_min_snd_mss. While reading sysctl_tcp_min_snd_mss, it can be changed concurrently.Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49695
In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine whenthe NIC is running in XDP mode. The issue can be triggered redirectingtraffic into the igb NIC and then clos...
CVE-2023-52481
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On anaffected Cortex-A520 core, a speculatively executed unprivileged loadmight leak data from a ...
CVE-2023-52586
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblankenable/disable operations happening from different threads to preventrace conditions while registering/unregistering the ...
CVE-2023-53026
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page sizefor it, we iterate over the given sglist to split each entry to smaller,aligned to the selected page size, DM...
CVE-2024-24860
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVE-2024-26896
In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 0...
CVE-2024-38553
In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to thecommit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoiddeadlocks"). The root cause of the...
CVE-2024-38564
In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce properattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create usesbpf_prog_get and relies on bpf_pr...
CVE-2024-39469
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page readfails is incorrect, as in the old ext2 implementation, and if thefolio/page cannot be rea...
CVE-2024-39496
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can racewith a device replace operation and then trigger a use-after-free on thedevice that was just rep...
CVE-2024-42292
In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, sowill cause OOB memory access issue if variable MODALIAS is not the lastone within its @env parameter, fi...
CVE-2024-43873
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: seqpacket_allow is not initialized when socket iscreated. Thus if features are never set, it will beread uninitialized. if VIRTIO_VSOCK_F_S...
CVE-2024-43910
In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR toa global function as an argument. The adverse effects of this is thatBPF helper...
CVE-2024-46711
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addressesnot related to the initial subflow (ID0), because the source anddestination addresses of the initial ...
CVE-2024-46867
In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, ifthe bo put happens to be the last ref, since bo destruction wants tograb the same spinlock and sleeping locks. Fi...
CVE-2024-47672
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that wasrecently converted from just a message), that can be hit if wewait for TX queues to become empty after...
CVE-2024-47726
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal,otherwise, previous direct write IO may overwrite data in theblock which may be reused by other inode.
CVE-2024-47738
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either Like the commit ab9177d83c04 ("wifi: mac80211: don't use rate mask forscanning"), ignore incorrect settings to avoid no supported rate warningreported by syzbot. The syzb...
CVE-2024-49867
In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: Park the cleaner kthread - this doesn't destroy the kthread, it basicallyhalts...
CVE-2024-49886
In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds".kasan report:[ 19.411889] ==================================================================[ 19...
CVE-2024-50126
In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCUread-side critical section there. Never seen on x86 butfound on a KASAN-enabled arm64 system when investiga...
CVE-2024-50167
In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skbin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.
CVE-2024-50180
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf.These variables are obtained from strbuf1.The strbuf1 array contains digit charactersand a space if the array contains non-digit...
CVE-2024-50287
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line()blindly rescales the buffer even when scaled_witdh is equal tozero. If this ever happens, this will cause a divisi...
CVE-2024-55639
In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used atseveral driver locations. So passing this node to of_node_put() afterthe first use is wrong. Mov...
CVE-2024-56598
In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds dueto a bad filesystem. Added a check with appopriate returnof error code in that case.
CVE-2024-56716
In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash.
CVE-2024-56775
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why]The mechanism to backup and restore plane states doesn't maintainrefcount, which can cause issues if the refcount of the plane changesin between backup and restore operations, su...
CVE-2024-58005
In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)[ 10.848132][ T1] ------------[ cut here ]------------[ 10....
CVE-2024-58085
In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(),for one can write a very very long line without new line character. To fixthis warning, I use __GFP_NOW...
CVE-2025-21811
In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfs_lookup_dirty_data_buffers(), which iterates through the buffersattached to dirty data folios/pages, accesses the attached buffers withoutlocking the folios/pages. Fo...