361 matches found
CVE-2024-50237
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data
CVE-2024-50195
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP corechecked timespec64 struct's tv_sec and tv_nsec range before callingptp->info->settime64(). As the man ...
CVE-2024-53066
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G BTainted: [B]=BAD_PAGEHardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===============================...
CVE-2024-53110
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwisevdpa_mgmtdev_get_classes() may iterate multiple times and visitundefined memory.
CVE-2024-53113
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone inalloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in...
CVE-2024-53135
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable supportfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There aremyriad ...
CVE-2024-50201
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask.In the past nothing validated that drivers were populatingpossible_clones correctly, but that changed in commit74d2aacbe840 ("drm...
CVE-2024-49948
In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assumingskb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers,it only make sure it is at least 20 by...
CVE-2024-50036
In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netnsdismantle from ip6_route_net_exit() calling dst_entries_destroy() Before ip6_route_net_exit() can be called, we re...
CVE-2024-50151
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using'seal' mount option, the client will squash all compound request buffersdown for encryption into a single iov ...
CVE-2024-50251
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, thenskb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length pa...
CVE-2024-50073
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0drivers/tty/n_gsm.c:3160 [n_gsm]Read of size 8 at addr ffff88815fe99c00 by task poc/3379CPU: 0 UID: 0 PID: 3379 Comm: p...
CVE-2024-50205
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop,but if it's not changed it will remain zero. Add a variable checkbefore the division. The ...
CVE-2024-53059
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() The size of the response packet is not validated. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_send_cmd_status(),which handl...
CVE-2024-49975
In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area()into userspace. On some architectures (x86) this memory is readable evenwithout VM_READ, VM_EXEC results in...
CVE-2024-50024
In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are stilllisteners for that family: Oops: Kernel access of bad area, sig: 11 [#1]...NIP [c000000000c080bc] netlink_update_socket_mc+...
CVE-2024-50148
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows:KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G WRIP: 0010:proto_unregister+0xe...
CVE-2024-53138
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() andpage_ref_inc() APIs to increment the page reference. But on the releasepath (mlx5e_ktls_tx_handle_resync_dump_comp()), only p...
CVE-2024-50202
In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzingtest for nilfs2. The root cause of this problem is that in nilfs_find_entry(), whichsearches for ...
CVE-2024-50045
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untaggedtraffic via a VxLAN device.This happens during the check for fragmentation in br_nf_dev_queue_xmit. It is d...
CVE-2024-50046
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoint of theNFS server were copied to another location of the same NFS server.Accidentally, the nfs42_com...
CVE-2024-50070
In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returnedvalue is not checked. Fix this lack and check the returned value. Found by code review.
CVE-2024-50142
In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm:Validate address prefix lengths in the xfrm selector.") syzbot created an SA withusersa...
CVE-2024-50069
In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returnedvalue is not checked. Fix this lack and check the returned value. Found by code review.
CVE-2024-53052
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bump thesuper block rwsem, preventing any freezes from happening while thatwrite is in-flight. The freez...
CVE-2024-50038
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTO_UNSPEC where needed syzbot managed to call xt_cluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780[..]ebt_do_table+0x174b/0x2a40 Module reg...
CVE-2024-50117
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method callthis causes a NULL pointer dereference in the caller. ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)...
CVE-2024-50171
In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skbin case of dma_map_single() fails, add dev_kfree_skb() to fix it.
CVE-2024-50194
In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn'tconvert the in-memory instruction encoding (which is alwayslittle-endian) into the kernel's native endianness be...
CVE-2024-53139
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hintsthat sctp_v6_available() is calling dev_get_by_index_rcu()and ipv6_chk_addr() without holding rcu. [1] WARNING: suspicious RCU usa...
CVE-2024-53133
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why]In the case where a dml allocation fails for any reason, thecurrent state's dml contexts would no longer be valid. Thensubsequent calls dc_state_copy_internal would...
CVE-2024-50192
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity foruserspace to force a change of affinity for a VPE while the VPE has alreadybeen unmapped, but the corresponding...
CVE-2024-53099
In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessingbpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot such missed invocat...
CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VAmapping for EFI runtime services. The issue arises because the PRMT is finding a block of typeE...
CVE-2024-50301
In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read:BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:...
CVE-2024-53060
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), whichwould result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unr...
CVE-2024-53094
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warningfrom skb_splice_from_iter() indicating that a slab page is being used insend_page. To address this...
CVE-2024-49944
In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set thesk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, nex...
CVE-2024-50068
In the Linux kernel, the following vulnerability has been resolved: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is notfreed in damon_sysfs_test_add_targets(), which cause the following memoryle...
CVE-2024-50154
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """We are seeing a use-after-free from a bpf prog attached totrace_tcp_retransmit_synack. The progr...
CVE-2024-53100
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket duringerror recovery") added a mutex_lock() call for the queue->queue_lockin nvme_tcp_get_address(). However,...
CVE-2024-53101
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid ina trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields ...
CVE-2024-53118
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue.Where they remain, until explicitly recv()ed. To prevent memory leaks,clean up the queue when the socket is destroyed. unr...
CVE-2024-50093
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCIdevice, which means the device will be automatically disabled on driverdetach. Thus there is...
CVE-2024-50121
In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute echo 0 > /proc/fs/nfsd/threads, thefunction nfs4_state_destroy_net in nfs4_state_shutdown_net willrelease all resource...
CVE-2024-50278
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedlybefore the first-time resume of the cache table. This happens becauseexpanding the fast device ...
CVE-2024-53061
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens,there will be buffer overflows, as reported by smatch. Add extrachecks to prevent it. While here, remove an unused word = 0 ...
CVE-2024-53093
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within thecontroller's scan_work context. If a path error occurs here, the IO willwait until a path becomes available or all paths are to...
CVE-2024-50019
In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread Calling into kthread unparking unconditionally is mostly harmless whenthe kthread is already unparked. The wake up is then simply ignoredbecause the target is not in TASK_PARKED state. However if...
CVE-2024-50086
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup.It will cause user-after-free from session log off.This add session_lock when setting SMB2_SESSION_EXPIRED and ...