CVE-2021-46960

In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \otters.example.com crypt_message: Could not get encryption key[440700.386947] ------------[ cut here ...

CVE-2021-47013

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch ...

CVE-2024-26876

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe(before adv7511_cec_init) then cec_received_msg_tscould crash using uninitia...

CVE-2021-46992

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have toensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: ...

CVE-2021-47006

In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default::overflow_handler()") set a default event->overflow_handler inperf_event_alloc(), and r...

CVE-2021-47549

In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the rmmod sata_fsl.ko command is executed in the PPC64 GNU/Linux,a bug is reported: BUG: Unable to handle kernel data access on read at 0x80000800805b502cOops: Kernel...

CVE-2022-48626

In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after itwas freed in moxart_remove(), so fix this by saving the base register ofthe device and using it instead of th...

CVE-2022-2588

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

CVE-2024-56703

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routerslocated in a highly dynamic environment. Using the bird service, theserouters continuously...

CVE-2023-52809

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create()which can return NULL and would cause a NULL pointer dereference. Addressthis issue...

CVE-2024-44995

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow isas below:pf reset start│▼......setup tc ││ ▼▼ DOWN: napi_disable()napi_disable()(skip) ││ │...

CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (callingalloc_skb()) to avoid possible NULL pointer dereference.

CVE-2024-26984

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once everyfew hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008...

CVE-2023-52922

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230Hard...

CVE-2023-52477

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.haccess fields inside udev->bos without checking if it was allocated andinitialized. If usb_get_...

CVE-2024-45006

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device commandcan trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the e...

CVE-2023-52478

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has four time-of-check vs time-of-use (TOCTOU)races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also...

CVE-2023-52475

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. Thishappens when the device is disconnected, which leads to a memory free fromthe powermate_devic...

CVE-2021-47548

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement:if (port >= DSAF_GE_NUM)return; limits the value of port less than DSAF_GE_NUM (i.e., 8).However, if the value...

CVE-2022-48695

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed duringcontroller reset: refcount_t: underflow; use-after-free.WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_satura...

CVE-2023-52528

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: =====================================================BUG: KMSAN: uninit-value in smsc75xx_wait_ready driver...

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVE-2023-52832

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns theINT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow i...

CVE-2024-26759

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threadsswapin the same entry at the same time, they get different pages (A, B).Before one thread (T0) finishes the swapin and ...

CVE-2022-48701

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) andthe number of it's interfaces less than 4, an out-of-bounds read bug occurswhen...

CVE-2021-47118

In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cad_pid During boot, kernel_init_freeable() initializes cad_pid to the inittask's struct pid. Later on, we may change cad_pid via a sysctl, andwhen this happens proc_do_cad_pid() will increme...

CVE-2021-47185

In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,which look like this one: Workqueue: events_unbound flush_to_ldiscCall trace...

CVE-2022-48804

In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zeroon the transient path. Decreasing the value by one afterwards causesa transient integer underflow. vsa.console ...

CVE-2022-48992

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcm_be_reparent API, to handlekernel NULL pointer dereference error.The issue occurred in fuzzing test.

CVE-2023-52574

In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228...RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]....

CVE-2021-47373

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error,there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, ...

CVE-2022-48672

In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")forgot to fix up the depth check in the loop body in unflatten_dt_nodes()which makes it possible to ove...

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type,nothing blocks a user to attempt to assign a COUPLED stream. Assupplied substream instance may be...

CVE-2023-52819

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays.

CVE-2021-47103

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux,one being included in this changelog [1] sk->sk_rx_dst is using RCU protection without clearlydocumenting it. And following sequ...

CVE-2021-47222

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dst_clone() and directly sets the resultwhich is wrong because the entry might have 0 refcnt or be already deleted,causing number of problems. It al...

CVE-2022-48988

In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specifiedcontrol fd to route the write call. As a cgroup interface file can't berenamed, it's safe ...

CVE-2024-44960

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket.This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpointfor the...

CVE-2023-52845

In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: =====================================================BUG: KMSAN: uninit-value in strlen lib/string.c:41...

CVE-2021-47073

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systemswhere the Dell WMI interface is supported. While exit_dell_smbios_wmi()unregisters it unconditi...

CVE-2024-39506

In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,but then it is unconditionally passed to skb_add_rx_frag() which looksstrange and coul...

CVE-2021-47321

In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be runn...

CVE-2021-47456

In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again afterreleasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ 35.961814 ] BUG: KASAN: use...

CVE-2022-48978

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >32! (swapper/0) UBSAN: shift-out-of-...

CVE-2022-49010

In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx]is already NULL and has been kfreed. Don't pass that tosysfs_remove_group() as that will crash in sysfs...

CVE-2023-52847

In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer functionbttv_irq_timeout and bttv_remove. The timer is setup inprobe and there is no timer_delete operation in remo...

CVE-2021-47257

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user setsthe mode incorrectly for the given addr type.

CVE-2022-48991

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers toensure that secondary MMUs (like KVM) don't keep accessing pages whicharen't mapped anymore. Sec...

CVE-2021-47609

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the bufferoverflow when copying the SCPI device name from the corresponding devicetree node as the name ...

CVE-2022-49011

In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returnsa pci device with refcount increment, when finish using it,the caller must decrement the reference count b...