180 matches found
CVE-2024-56648
In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretendingit is a vlan one. Since fill_frame_info() is relying on skb->mac_len already,extend the check to cover t...
CVE-2024-57887
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), andlater, adv7533_attach_dsi() uses the same. Fix this use-after-free issueby dropping of_node_put() in ad...
CVE-2024-56651
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerrduring bus-off") removed the reporting of rxerr and txerr even in caseof correct operation (i. e. not b...
CVE-2024-56765
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when thepaste address is mapped. This VMA address is used during migrationto unmap the paste address if the window...
CVE-2024-57882
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTIKASAN: null-ptr-deref in range [0x000000000...
CVE-2024-57944
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on thereturn value of such a call in ads1298_init() is missing. Add it.
CVE-2024-57907
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from atriggered buffer, but it does not set values for inactive channels, asit only uses iio_for_each_ac...
CVE-2025-21649
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so thehdev->ptp is NULL. But the tx process would still try to set hardware timestamp info with SKBTX_HW_...
CVE-2024-48881
In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check innode allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->ro...
CVE-2024-54683
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen atthe same time as a read of its file in sysfs: | ======================================================| WARNI...
CVE-2024-56715
In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier.Fix this by calling ionic_lif_unregister() on register_netdev()failure. This will also call ionic_lif_unregister...
CVE-2024-57795
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link:https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem.In the following Call Tr...
CVE-2024-56369
In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zeroby checking whether htotal or vtotal are zero. But we maystill end up with a div-by-zero of vtotalhtotal ...
CVE-2024-57951
In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfwaythrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back toCPUHP_ONLINE: Since hrtimers_prepare_cp...
CVE-2025-21674
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernelgenerates the following kernel panic, which is happening due to twoissues: In SA add secti...
CVE-2024-36476
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the'always_invalidate' block to ensure it remains accessible for usethroughout the function. Previously, 'ib_sge list' was dec...
CVE-2024-56710
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leakedand pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of spars...
CVE-2025-21661
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails dueto an incorrect lookup table, the table is not removed. This preventssubsequent probe attempts from succeeding,...
CVE-2024-56626
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allowsto write data outside the bounds of the allocated buffer.Note that this issue is coming when setting'vfs objec...
CVE-2024-56675
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCUprotection. But it is possible to attach a non-sleepable BPF program to auprobe, and non-sleepable BPF...
CVE-2024-56582
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes ishappening in our CI system when running fstests' btrfs/284 on a TCMUrunner device: BUG: KASAN: slab-use-after...
CVE-2024-56656
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that ofthe previous generation (5750X or P5). However, the aggregation IDfields in the completion structu...
CVE-2024-56660
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, prevent potential error pointer dereference The dr_domain_add_vport_cap() function generally returns NULL on errorbut sometimes we want it to return ERR_PTR(-EBUSY) so the caller canretry. The problem here is that "re...
CVE-2024-57874
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'variable, and a SETREGSET call with a length of zero will leave thisuninitialized. Consequentl...
CVE-2024-57916
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs whileaccessing GPIO values. This is done by replacing generic_handle_irq withhandle_nested_irq.
CVE-2024-57950
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW]Variables, used as denominators and maybe not assigned to other values,should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reportedby Coverity. (cherry pic...
CVE-2024-57841
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() willreturn without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreference...
CVE-2025-21688
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULLafter job completion"), we introduced a change to assign the job pointerto NULL after completing a jo...
CVE-2024-56665
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: create tracepoint perf event with attr.inherit=1, attach it to theprocess and set bpf prog...
CVE-2024-56717
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() Packets injected by the CPU should have a SRC_PORT field equal to theCPU port module index in the Analyzer block (ocelot->num_phys_ports). The blamed ...
CVE-2024-56764
In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting allinflight requests. And ublk_abort_requests() is called when exitingthe uring context or handling timeout. If...
CVE-2024-56766
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() tobeing allocated by devm_kzalloc(). Calling kfree(user) will lead to adouble free.
CVE-2024-56621
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). Whenufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due tothis, any further trigger of the...
CVE-2024-56632
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free thetagset occupied by admin_q, here try to fix it.
CVE-2024-56652
In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Remove register pool That pool implementation doesn't really work: if the krealloc happens tomove the memory and return another address, the entries in the xarraybecome invalid, leading to use-after-free later: BUG: ...
CVE-2024-57857
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Relyon associated ib_devices net_device management, not doublingthe effort locally. A badly managed local link to net_devicewas causin...
CVE-2024-57926
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains aboutuse-after-free. Because in mtk_drm_bind, all private's drm are setas fo...
CVE-2024-56622
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled.
CVE-2025-21641
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current->nsproxy As mentioned in the previous commit, using the 'net' structure via'current' is not recommended for different reasons: Inconsistency: getting info from the reader's/w...
CVE-2024-57801
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloadingvport rep. So, the mlx5e_rep_priv is already freed while trying to getrpriv->netdev, or walk rpr...
CVE-2024-57933
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on theexistence of queues. As it stands, if the interface is down, disablingor enabling XSK pools would result in a ...
CVE-2024-56635
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(),we can not assume the netns...
CVE-2024-56649
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configureMQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()to configure preempti...
CVE-2024-56657
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN() for symlink errors Using WARN() for showing the error of symlink creations don't givemore information than telling that something goes wrong, since theusual code path is a lregister callback from each co...
CVE-2024-57943
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data mustbe zeroed, otherwise uninitialized data in the page cache willbe written. So this commit uses folio_zero_new_buffe...
CVE-2025-21634
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: GRIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0RSP: 0...
CVE-2024-56673
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Do not call pmd dtor on vmemmap page table teardown The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, pagetables are populated using pmd (page middle directory) hugetables.However, the pmd allocation is not u...
CVE-2024-56719
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmapfor non-paged SKB data") moved the assignment of tx_skbuff_dma[]'smembers to be later in stmmac_tso_xmit(). The buf...
CVE-2024-57872
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly usingscsi_host_dev_release(). Otherwise, it may lead to memory leaks.
CVE-2024-57895
In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is cominglike the following. [ 113.215316] ------------[ cut here ]------------[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/...