156 matches found
CVE-2024-26657
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctlto the AMDGPU DRM driver on any ASICs with valid context.The bug was reported by Joonkyo Jung [email protected] .For exampl...
CVE-2024-26986
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handlingcode path that is triggered when attempting to create KFD processeswhile a GPU reset is in progress.
CVE-2024-35795
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered thefollowing deadlock scenario in the amdgpu debugfs files. The machinealso hard-resets immediately after th...
CVE-2024-35969
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, itstill means hlist_for_each_entry_rcu can return an item that got removedfrom the list. The memor...
CVE-2024-35859
In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbedalready, hence module reference should be released if bdev_may_open()failed. This problem is fou...
CVE-2024-36924
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes thehbalock. Thus, lpfc_worker_wake_up() should not be called while holding thehbalock to avoid p...
CVE-2024-35857
In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), becausethe second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second...
CVE-2024-35895
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deleteselements from a sockmap/sockhash map. Because BPF tracing programs can beinvoked from any interrup...
CVE-2024-35907
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception inmlxbf_gige_open() when kdump is enabled. The sequence to reproducethe exception is as follows:a) enable kdumpb) trigg...
CVE-2024-27394
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversalof tcp_ao_connect_init, is not part of the RCU read critical section, itis possible that the RCU grace period w...
CVE-2024-35870
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session thatis already being teared down by another thread that is executing__cifs_put_smb_ses(). This can happen when (a) th...
CVE-2024-35891
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() mayreturn NULL as ptp_header due to abnormal packet type or corrupted packet.Fix this bug by adding ptp_he...
CVE-2024-35999
In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding thechannel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")
CVE-2024-36959
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the referencecount we just took. Because the pinctrl_dt_free_maps() includes thedroping operation, here we call i...
CVE-2024-35849
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for inbtrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 ...
CVE-2024-36913
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memor...
CVE-2024-36903
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flagsinstead of testing HDR...
CVE-2024-35868
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
CVE-2024-35955
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE ->MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will takea time. is_module_text_add...
CVE-2024-35885
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointerexception while the system is shutting down via "reboot" command.The mlxbf_driver will experience an exception right after exe...
CVE-2024-27021
In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematicbecause on module removal we get a RTNL-related deadlock. Fix thisby avoiding the device-managed LED functions. Note...
CVE-2024-35977
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_uart: properly fix race condition The cros_ec_uart_probe() function calls devm_serdev_device_open() beforeit calls serdev_device_set_client_ops(). This can trigger a NULL pointerdereference: BUG: kernel NUL...
CVE-2024-35998
In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquireslock TCP_Server_Info....
CVE-2024-35851
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL...
CVE-2024-35970
In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit4090fa373f0e ("af_unix: Replace garbage collection algorithm."), butit just uncovers the bug that has been there since commit 3140...
CVE-2024-36003
In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed overaggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf().The commit placed this lock acquis...
CVE-2024-36894
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeuepending USB requests submitted to the UDC. There is a scenario where theFFS applicatio...
CVE-2024-35883
In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer thatmay be caused by a failed memory allocation by the function devm_kzalloc.Hence, a...
CVE-2024-35919
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_enc_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
CVE-2024-35981
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can breakthe whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU v...
CVE-2024-35902
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: cp is a parameter of __rds_rdma_map and is not reassigned. The following call-sites pa...
CVE-2024-35968
In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCIreset on itself via pci_reset_function() in the context of the driver'shealth thread. However, pdsc_...
CVE-2024-36912
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is ...
CVE-2024-35921
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the contextregardless if the initialization worked or not. This caused a use afterfree, when the pointer is freed in ca...
CVE-2024-35975
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creationNetdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling hasa bug...
CVE-2024-35850
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-p...
CVE-2024-35882
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memoryexhaustion after just a few days. A bisect shows that commite18e157bb5c8 ("SUNRPC: Send RPC message on TCP...
CVE-2024-35916
In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it ispassed to dma_fence_enable_sw_signaling() resulting in NULL pointerdereference there. Call dma_fence_enabl...
CVE-2024-35980
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirtypages are collected by VMM and the page table entries become writeprotected during live migration. Unfortunately, the operand pas...
CVE-2024-35986
In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The power_supply frame-work is not really designed for there to belong living in kernel references to power_supply devices. Specifically unregistering a po...
CVE-2024-35889
In the Linux kernel, the following vulnerability has been resolved: idpf: fix kernel panic on unknown packet types In the very rare case where a packet type is unknown to the driver,idpf_rx_process_skb_fields would return early without callingeth_type_trans to set the skb protocol / the network lay...
CVE-2024-35920
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_dec_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
CVE-2024-36888
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the followingkernel oops was observed: smp: Bringing up secondary CPUs ...smp: Brought up 1 node, 8 CPUsUnable to handle kernel...
CVE-2024-36910
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is shared. Caller...
CVE-2024-35985
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes aNULL-deref. This turned out to be due to entity_eligible() returningfalsely negative becaus...
CVE-2024-35856
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter dan...
CVE-2024-35953
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context.It requires XA_FLAGS_LOCK_IRQ flag to be passed during initializationotherwise the lock could be acquired from a thre...
CVE-2024-35846
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzil...
CVE-2024-35874
In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queueentry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip takingthe...
CVE-2024-35948
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code forindividual items is generally low pr...