7643 matches found
CVE-2024-26922
CVE-2024-26922 affects the Linux kernel drm/amdgpu path and arises from insufficient validation of bo mapping operation parameters (amdgpu_vm_bo_(map/replace_map/clearing_mappings)). The vulnerability is addressed by validating parameters in a central location for amdgpu_vm_bo_* calls, with the i...
CVE-2024-26926
CVE-2024-26926 : The Linux kernel vulnerability concerns the binder subsystem. After commit 6d98eb95, an offset alignment check was removed from binder_alloc_copy_from_buffer()/check_buffer(), and answers were copied in binder_get_object() via copy_from_user(), which now requires an explicit offs...
CVE-2024-26920
CVE-2024-26920: In the Linux kernel, the tracing/trigger path (register_snapshot_trigger) could allocate a snapshot and erroneously report success (0) when allocation failed. The fix returns an error code on allocation failure, preventing registration of a snapshot trigger without error. This is ...
CVE-2024-26618
CVE-2024-26618 (Linux kernel, arm64 SME): The vulnerability is in sme_alloc() when existing storage is present and flushing is not in progress. It could allocate new storage, leaking the existing storage and corrupting state, due to missing separation between flushing and existing-storage checks ...
CVE-2023-52488
CVE-2023-52488 concerns the Linux kernel driver for SC16IS7XX UARTs. In burst mode, the SC16IS7XX can read/write FIFO data with an initial register address, and regmap_raw_read()/regmap_raw_write() do not increment the register in this path. This could corrupt the regmap cache when multi-byte tra...
CVE-2024-26643
CVE-2024-26643 is a Linux kernel vulnerability in netfilter nf_tables where the asynchronous rhashtable garbage-collection can race with the release of anonymous sets that have timeouts, leading to a potential collection of elements during commit path teardown. The root cause is a race between se...
CVE-2024-26642
CVE-2024-26642 in the Linux kernel’s netfilter nf_tables fixes a denial-of-service condition by disallowing anonymous sets with the timeout flag; the patch removes such sets from userspace usage, except for NFT_SET_EVAL to preserve legacy meters. The vulnerability is due to allowing a timeout fla...
CVE-2024-26921
CVE-2024-26921 is a Linux kernel issue where in the tx path, skb fragments could trigger a use-after-free of the socket when fragments are reassembled and the skb->sk field is freed prematurely. The fix, analyzed by Eric Dumazet, moves orphaning to the last safe moment, delaying skb->sk des...
CVE-2024-26925
CVE-2024-26925 affects the Linux kernel nf_tables component. The issue arises when the commit mutex is released during the abort path between nft_gc_seq_begin() and nft_gc_seq_end(), allowing an asynchronous GC worker to collect expired objects and obtain the released commit lock within the same ...
CVE-2024-27004
CVE-2024-27004 in the Linux kernel affects the clk subsystem, where runtime PM resuming/suspending a device while holding the clk prepare_lock can deadlock (ABBA) when walking the clock tree during disable_unused. The issue manifests as hung tasks (e.g., swapper/0 and a kworker) and a deadlock be...
CVE-2024-26937
CVE-2024-26937 is a Linux kernel bug in the Intel i915 GPU driver where a preempt-to-busy race during engine parking could leave queue_priority_hint set. The heartbeat can trigger completion during parking, causing an assertion failure and a crash. The issue was resolved by resetting queue_priori...
CVE-2024-27001
CVE-2024-27001 is described in the Linux kernel context as a fix for a USB endpoint checking flaw in the comedi vmk80xx driver. The issue arose because vmk80xx_find_usb_endpoints() did not fully account for varying endpoint types (bulk vs interrupt) across hardware models, which could lead to an ...
CVE-2024-27437
CVE-2024-27437 — Linux kernel (vfio/pci) intrinsic IRQ handling: The issue arises from auto-enabling of exclusive INTx IRQs during masking/unmasking, creating a window where an interrupt could fire and double-increment the disable depth. The fix in the sources inlines the kernel logic to never au...
CVE-2024-26997
CVE-2024-26997 concerns the Linux kernel USB stack, specifically the dwc2 host controller. A dereference issue in the DDMA completion flow is fixed in the connected Astra Linux advisory, noting that a variable dereference was resolved in the DDMA completion flow. The advisory confirms the vulnera...
CVE-2024-27410
CVE-2024-27410 (Linux kernel) relates to a race in wifi nl80211 where mesh ID changes during an iftype change could overwrite wdev data. The issue is resolved by disallowing mesh ID changes while changing the interface type (i.e., disallow iftype changes when mesh ID is being set). Astra Linux no...
CVE-2024-26935
Concrete details confirm CVE-2024-26935 affects the Linux kernel SCSI core procfs host directory handling. The issue stems from a race/regression where procfs directories created during scsi_host_alloc() could be mishandled when hosts were allocated but not added, or removed during dev_release(),...
CVE-2023-52652
CVE-2023-52652 affects the Linux kernel NTB path: ntb_register_device() could leak the device name if device_register() failed, due to a missing put_device() in the error path. The fix releases the reference so that kobject_cleanup() can free the name. The NTB error path previously removed put_de...
CVE-2024-26953
CVE-2024-26953 is a Linux kernel vulnerability affecting the ESP path in net: esp. When skb fragments originating from a page_pool are released during esp_output (not inline), calling put_page can trigger a page_pool leak, potentially causing a crash. The connected documents describe the root cau...
CVE-2024-26877
The CVE-2024-26877 issue is in the Linux kernel crypto/xilinx path: crypto_finalize_request is invoked with BH enabled, triggering a call trace. The vulnerability is resolved in the kernel (patches linked in the entry), with the root cause described as needing BH to be disabled when finalize is c...
CVE-2023-52486
CVE-2023-52486 affects the Linux kernel DRM subsystem. The root cause is a logic error in drm_mode_page_flip_ioctl() where, after a deadlock is encountered, the framebuffer reference is unref’d and the operation retried without resetting the fb pointer to NULL. If another error occurs before the ...
CVE-2023-52647
The CVE-2023-52647 issue affects the Linux kernel media/nxp imx8-isi crossbar driver. In the crossbar subdev translation from source to sink streams, the code may dereference a NULL remote pad when a stream targets an unconnected crossbar sink, potentially crashing the system. The advisory states...
CVE-2024-27389
CVE-2024-27389 affects the Linux kernel pstore code. The issue arises when unloading a modular pstore backend with records in pstorefs, where dput() and d_drop() were used together, causing a reference-counting problem. The root cause is that d_invalidate() is the correct contender for invalidati...
CVE-2024-27039
The CVE-2024-27039 issue affects the Linux kernel clock framework for Hisilicon hi3559a. The root cause is an array p_clk that is allocated before iterating over clocks to register, and is incremented each loop iteration. If a clk_register() call fails, p_clk may point to memory that should not b...
CVE-2023-52648
CVE-2023-52648 – Linux kernel flaw in drm/vmwgfx: unmap the surface before resetting it on a plane state. Root cause: when switching to a new plane state surfaces are unreferenced, but the mapped flag may not be reset, allowing a plane backed by a bo to be treated as mapped, causing null derefs d...
CVE-2024-27391
CVE-2024-27391 concerns the Linux kernel wireless driver wilc1000. The issue arises from how wilc_netdev_ifc_init creates a workqueue; it reallocates the workqueue on each added interface, overwriting the existing one and causing a leakage across netdevs. The description notes that a single workq...
CVE-2024-27390
CVE-2024-27390 : In the Linux kernel, the mutex/barrier introduced in ipv6_mc_down() via synchronize_net() is removed (ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()). The change is aimed at reducing latency under load since synchronize_net() can delay 200 µs to 5 ms and may ...
CVE-2024-26959
CVE-2024-26959 affects the Linux kernel Bluetooth subsystem (btnxpuart). The issue is a scheduling while atomic BUG in btnxpuart_close that could leave the transmit queue unpurged and skb release unsafe. The fixed path is in btnxpuart_close, with related call chain through tty/serdev/uart during ...
CVE-2024-27034
CVE-2024-27034 : In the Linux kernel, the f2fs compression path had a fix for normal cluster writes overlapped with compressed clusters. If a compressed cluster is overwritten by a normal cluster, unlocking cp_rwsem during f2fs_write_raw_pages() could cause data corruption when partial blocks wer...
CVE-2024-26948
The CVE-2024-26948 entry concerns the Linux kernel DRM/AMD display path: a NULL state check is added in dc_state_release to prevent operating on a NULL dc_state. The issue is described as a local-attack surface with low privileges and no user interaction, but with a high availability impact. A fi...
CVE-2024-26621
CVE-2024-26621 affects the Linux kernel mm subsystem: huge_memory/THP alignment on 32-bit architectures. The issue arose from a change that aligned larger anonymous mappings on THP boundaries, which is problematic on 32-bit virtual address spaces. The vulnerability is resolved in the provided adv...
CVE-2024-27007
The CVE-2024-27007 issue affects the Linux kernel, specifically the userfaultfd path for UFFDIO_MOVE. The root cause was an incorrect update of src_folio (mapping/index) before the page-table is cleared and after unpin, risking memory corruption and swapout/migration failure. A fix was implemente...
CVE-2024-35938
CVE-2024-35938 : Linux kernel wifi/ath11k MHI channel buffers were reduced from the default 64KB to 8KB by setting buf_len to 8KB for QCA6390/WCN6855. This avoids large allocations that can fail under memory fragmentation when memory compaction/reclaim is not allowed, reducing risk of page‑alloca...
CVE-2024-27066
CVE-2024-27066 concerns a Linux kernel vulnerability in the virtio packed indirect descriptor handling. When use_dma_api and premapped are true, do_unmap may be left false, causing vring_unmap_extra_packed not to be invoked during detach_buf_packed and creating an unmap leak for the indirect desc...
CVE-2024-26946
CVE-2024-26946: In the Linux kernel, the vulnerability resides in kprobes/x86 where arch_adjust_kprobe_addr() could read from an unsafe address. The fix switches the read to copy_from_kernel_nofault() to prevent kernel panics when data is inaccessible, as Syzcaller reported. Public details confir...
CVE-2024-26947
CVE-2024-26947 affects the Linux kernel ARM path handling for remap/pfn validation. The description across connected docs shows that after the commit adding the new semantics for pfn_valid (to consider freed memory map alignment), a valid page for a reserved address could crash when memory was re...
CVE-2024-26985
CVE-2024-26985 affects the Linux kernel DRM/xe path, specifically the intel_fb_bo_framebuffer_init function where a Bo reference could leak. The connected advisories confirm the fix: add an unreference of the BO in the error path and return 0 on success to clarify the normal path. The change is d...
CVE-2024-26814
CVE-2024-26814 affects the Linux kernel vfio-fsl-mc driver. The eventfd_ctx trigger pointer for vfio_fsl_mc_irq can be NULL and may become NULL if the trigger is set to -1. The interrupt handler itself is guaranteed to have a valid trigger between request_irq() and free_irq(), but loopback tests ...
CVE-2024-26990
In CVE-2024-26990, the Linux kernel KVM x86/mmu vulnerability concerns write-protection of L2 SPTEs in the TDP MMU when clearing dirty status. The fix ensures that TDP MMU SPTEs are write-protected when using the L2 page table level with EPT disabled on L1 and PML enabled; since KVM disables PML ...
CVE-2024-26938
CVE-2024-26938 is a Linux kernel vulnerability in the drm/i915/bios path. The issue occurs when intel_bios_encoder_supports_dp_dual_mode() encounters a NULL devdata for a DP encoder (e.g., if there is no VBT or the VBT does not declare the encoder). The kernel previously could oops or mis-handle...
CVE-2024-26963
CVE-2024-26963 affects the Linux kernel USB subsystem for the DWC3 controller on AM62 (usb: dwc3-am62). The vulnerability arises from runtime PM handling: when the kernel module is removed with runtime suspend active, the refclock may remain enabled and operations on device registers can occur. T...
CVE-2023-52490
The CVE-2023-52490 issue is a Linux kernel mm/migrate flaw where a race in page migration caused an incorrect page mapping for the target page, leading to NULL dereferences during dump of page state when memory hotplug/offlining occurs. The root cause was that the target page’s mapping field stor...
CVE-2024-27069
CVE-2024-27069 affects the Linux kernel overlayfs ovl_verify_area path. The issue was a WARN_ON assertion triggered by syzbot’s copy-up loop when a lower file’s size changes underneath overlayfs. The documented fix relaxes the WARN_ON in ovl_verify_area and aligns error handling (returning EIO fo...
CVE-2024-26811
CVE-2024-26811 affects the Linux kernel ksmbd component. Root cause: ksmbd.mountd can return an invalid IPC response if malicious ksmbd-tools are installed, allowing memory overrun/slab-out-of-bounds due to missing validation of IPC payload size. The patch adds validation for three IPC responses ...
CVE-2023-52485
CVE-2023-52485 affects the Linux kernel; the issue stems from wake DMCUB before issuing DMUB commands in the AMD display path, which could deadlock if the DMCUB is not powered. The description indicates a fix to rework command submission to exit idle power optimizations and reenable them after su...
CVE-2024-26812
CVE-2024-26812: In the Linux kernel, vfio/pci: Create persistent INTx handler vulnerability allowed signaling of eventfds with a NULL context after the IRQ handler was unregistered (via SET_IRQS ioctl or unmask irqfd) when an INTx interrupt was pending. The fix moves INTx interrupt handler config...
CVE-2024-27006
CVE-2024-27006 concerns the Linux kernel. The issue arises in thermal/debugfs where the count field in trip_stats must be incremented in thermal_debug_tz_trip_up() to properly reflect temperature trips. The patch addresses two scenarios: (1) when a trip point is crossed on the way up for the firs...
CVE-2024-27067
The CVE-2024-27067 issue is in the Linux kernel (xen/evtchn) where unbinding a user event channel could cause a WARN() in the handler if the kernel is built with CONFIG_DEBUG_SHIRQ. The fix adds an "unbinding" flag to struct user_event to short-circuit the handler, preventing the WARN() when unbi...
CVE-2024-27027
According to the connected advisories, CVE-2024-27027 affects the Linux kernel DPLL driver where multiple registrations of the same pin on a DPLL device could leave stale list entries if the reference count was not zero. The root cause was that unregistration and freeing of the registration were ...
CVE-2024-27063
CVE-2024-27063 affects the Linux kernel LED subsystem for leds: trigger: netdev. The issue stems from a refactor where the trigger_data’s dev could reference the old net_dev while a new net_dev is being established, causing get_device_state() to operate on an invalid net_dev and potentially trigg...
CVE-2021-46968
CVE-2021-46968 concerns the Linux kernel s390/zcrypt subsystem. The issue was a memleak on hot-unplug for zcard and zqueue due to a mismatch in get/put for an embedded kref counter. The fix adjusts kref handling: the counter starts at 1 on init and must drop to zero on unregister (for both card a...