441 matches found
CVE-2024-58076
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-sm6350: Add missing parent_map for two clocks If a clk_rcg2 has a parent, it should also have parent_map defined,otherwise we'll get a NULL pointer dereference when calling clk_set_ratelike the following: [ 3.388105]...
CVE-2025-21688
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULLafter job completion"), we introduced a change to assign the job pointerto NULL after completing a jo...
CVE-2025-21812
In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible circular locking dependen...
CVE-2025-21967
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed.We don't need to manage it with linked list. The interim request could beimmediately sent whenever a oplock...
CVE-2024-56622
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled.
CVE-2024-57926
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains aboutuse-after-free. Because in mtk_drm_bind, all private's drm are setas fo...
CVE-2025-21854
In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressedin vsock_proto::psock_update_sk_prot(). However, there is an edge casewhere an unconnected (con...
CVE-2025-22080
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need tocheck. The problem is that on 32bit systems if they're both greater thanUINT_MAX - 16 then the check does...
CVE-2024-57834
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in thevidtv_start_streaming(), it will trig...
CVE-2024-58013
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ==================================================================BUG: KASAN: slab-use-after-free in mgmt_remove_adv_moni...
CVE-2025-21714
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using__xa_cmpxchg() to make sure this is the only time we are destroying thisspecific mr. Without this change, we could try to in...
CVE-2025-21780
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and thena bigger pptable, it may cause buffer overflow attack in functionsmu_sys_set_pp_table().
CVE-2025-21893
In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collectorthread may destroy it at any time and so key_put() is not allowed to touchthe key after that point. The most key_put() is normally ...
CVE-2025-22038
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checkingif num_subauth is non-zero leads to an out-of-bounds read.This patch adds a validation step to ensure n...
CVE-2025-22041
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregisterwhen the second channel sets up a session through the connection ofthe first channel. session that is freed thr...
CVE-2024-56613
In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description]When running the hackbench program of LTP, the following memory leak isreported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 100...
CVE-2024-56649
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configureMQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()to configure preempti...
CVE-2024-56665
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: create tracepoint perf event with attr.inherit=1, attach it to theprocess and set bpf prog...
CVE-2024-57857
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Relyon associated ib_devices net_device management, not doublingthe effort locally. A badly managed local link to net_devicewas causin...
CVE-2025-21674
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernelgenerates the following kernel panic, which is happening due to twoissues: In SA add secti...
CVE-2025-21748
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() canpotentially overflow leading to memory corruption.Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow.
CVE-2025-21951
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduledasynchronously. Also, there are multiple places where the caller waitssynchronously fo...
CVE-2025-22088
In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed,and the following dereference will cause a UAF problem. Fix this issue.
CVE-2024-56621
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). Whenufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due tothis, any further trigger of the...
CVE-2024-56635
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(),we can not assume the netns...
CVE-2024-56710
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leakedand pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of spars...
CVE-2024-57801
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloadingvport rep. So, the mlx5e_rep_priv is already freed while trying to getrpriv->netdev, or walk rpr...
CVE-2024-57872
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly usingscsi_host_dev_release(). Otherwise, it may lead to memory leaks.
CVE-2024-57982
In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrm_state_hash_generation seqlock ensures a retry, but the hashfunctions can observe a hmask value that is too large for the new hlistarr...
CVE-2024-58034
In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument devicenode, tegra_emc_find_node_by_ram_code() releases some device nodes whilest...
CVE-2024-56766
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() tobeing allocated by devm_kzalloc(). Calling kfree(user) will lead to adouble free.
CVE-2024-57933
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on theexistence of queues. As it stands, if the interface is down, disablingor enabling XSK pools would result in a ...
CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carryingthe received suboptions and in several bitfields carrying per suboptionadditional info. Zeroing the bitmask before parsing i...
CVE-2025-21980
In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the code follows theerror handling path, invoking gred_destroy. This, in turn, callsgred_offload, where mems...
CVE-2025-22036
In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, suchas do_mpage_readpage, stack corruption due to buffer_head UAF may occur inthe following race condition situa...
CVE-2025-21723
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix possible crash when setting up bsg fails If bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.Consequently, in mpi3mr_bsg_exit(), the condition "if(!mrioc->bsg_queue)"will not be satisfied, pr...
CVE-2025-21847
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done insof_set_stream_data_offset() function.Assuming that it is not NULL if sps->stream ...
CVE-2025-21856
In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c,a device without a release function is a broken deviceand must be fixed. The current code directly frees the device after callin...
CVE-2025-22001
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user viaqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure thatthe math doesn't have an integer wrapping bug.
CVE-2025-22033
In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handler() only fixes up alignment faults forspecific instructions; it returns NULL otherwise (e.g. LDREX). Whenthat's the case, signal to the caller that it ...
CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182...[ 8.713282][ T221] Call trace:[ 8.713365][ ...
CVE-2024-56620
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008Call trace:mutex_loc...
CVE-2024-57950
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW]Variables, used as denominators and maybe not assigned to other values,should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reportedby Coverity. (cherry pic...
CVE-2025-22040
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup andksmbd_sessions_deregister. The session can be freed before the connectionis added to channel list of session.This patch...
CVE-2025-22081
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition canhave an integer wrapping issue. Fix it by using size_add().
CVE-2025-22085
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ==================================================================BUG: KASAN: slab-use-after-free in nla_put...
CVE-2025-37801
In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer().spi_imx->rx and spi_imx->tx function pointer can be NULL whenspi_imx_setupxfer() return error, and make NULL pointer derefe...
CVE-2024-58068
In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidthfrom the OPP table but the bandwidth table was not created because theinterconnect propert...
CVE-2024-58080
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: dispcc-sm6350: Add missing parent_map for a clock If a clk_rcg2 has a parent, it should also have parent_map defined,otherwise we'll get a NULL pointer dereference when calling clk_set_ratelike the following: [ 3.388105]...
CVE-2024-57881
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that mightnot exist. In corner cases, such as when freeing the highest pageblo...