2810 matches found
CVE-2023-52923
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and thebusy mark approach. No set elements are removed from async garbage collection anymore,instead t...
CVE-2025-21659
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlinkAPI, so they were never namespaced. The netlink API must ensure thatat the very least NAPI instan...
CVE-2025-21678
In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtp_newlink() links the device to a list in dev_net(dev) instead ofsrc_net, where a udp tunnel socket is created. Even when src_net is removed, the device stays alive on ...
CVE-2025-21664
In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu()and cautions programmers against relying on a list_empty() ->list_first() sequence in RCU safe ...
CVE-2025-21653
In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated.Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_f...
CVE-2025-21668
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loopuntil an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)pc : d...
CVE-2025-21655
In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but whendropping the reference to the io_ev_fd, it calls io_eventfd_free()directly if the refcount drops...
CVE-2024-57800
In the Linux kernel, the following vulnerability has been resolved: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking With CONFIG_DMA_API_DEBUG enabled, the following warning is observed: DMA-API: snd_hda_intel 0000:03:00.1: device driver failed to check map error[device add...
CVE-2025-21660
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When ksmbd_vfs_kern_path_locked met an error and it is not the lastentry, it will exit without restoring changed path buffer. But later thisbuffer may be used as th...
CVE-2025-21648
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, itis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() whenresizing hashtable because __GFP_NO...
CVE-2025-21702
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour:In case we reach scheduler's limit, pfifo_tail_enqueue() will drop apacket in scheduler's queue and decrease scheduler's qlen by one.Then, pfifo_tail_en...
CVE-2024-56788
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack.waiting_tx_skb pointer points to the tx skb which needs to be processedand ongoing_tx...
CVE-2025-21647
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbotstill managed to trigger an underflow of the per-host bulk flowcounters, leading to an out of ...
CVE-2024-57888
In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM")amdgpu started seeing the following warning: [ ] workqueue...
CVE-2025-21704
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can'tcalculate an expected_size. Log an error and discard the notificationinstead of reading lengt...
CVE-2025-21662
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needsto complete ent->slotted before returning early.Otherwise the task which issued the command may hang: mlx5_co...
CVE-2024-57893
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, andALSA sequencer OSS layer tries to combine those. It stores the datain the internal buffer and this access ...
CVE-2024-53690
In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number thatshould exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0",c...
CVE-2025-21701
In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered whileits number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock)WARNING: CPU: ...
CVE-2024-53685
In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to belonger than PATH_MAX, then this function will enter an endless (retry)loop, effectively blocking the whole task. Most o...
CVE-2025-21679
In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get thefinal device path. But d_path() can return error, and in that case the next strscpy() callwill...
CVE-2024-57948
In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4hardware device from the syste...
CVE-2024-55881
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bithypercall when completing said hypercall. For guests with protected state,e.g. SEV-ES an...
CVE-2024-41935
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree duringits shrink, however, if there is a huge number of extent nodes inextent tree, during shrink of extent tree, it may ho...
CVE-2025-21646
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but aproblem occurs if someone actually does that: kafs tries to create adirectory under /proc/net/afs/ with the name of th...
CVE-2024-57904
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce()on st->ts_input, however, the err label can be reached before theallocated iio_dev is stored to ...
CVE-2023-52924
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if thefollowing conditions are met: set is a verdict map ("1.2.3.4 : jump foo") timeouts are enabled In ...
CVE-2024-57931
In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions insteadof calling BUG(). This commit ensures that future permissions can beadded without interfering with older kernels.
CVE-2024-57929
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, itreleases the faulty block implicitly while leaving an invalid outputpointer behind. The cal...
CVE-2025-21632
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registersare XSAVE-managed, but they are "supervisor state components" which meansthat userspace can...
CVE-2024-57849
In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following functioncall sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu()...CPUHP_AP_PERF_ONLINE --> perf_even...
CVE-2024-57838
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interruptcontext as an uninteresting or irrelevant part of the stack traces. Thishelps with stack trace de-duplicati...
CVE-2025-21691
In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb("cachestat: implement cachestat syscall"), it was meant to be a muchmore convenient (and performant) versi...
CVE-2024-57876
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down replyor MST up request sideband message, thedrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states ...
CVE-2025-21651
In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabledand service task inited. If an interrupte is reported atthis time, it will cause warning like below: [ 16.324639] Call trace:[ 16.32...
CVE-2025-21663
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to bewritten to the MGBE_WRAP_AXI_ASID0_CTRL register. The current driver is hard coded to use MGBE...
CVE-2024-57883
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() bycaller such as split_huge_pages. In huge_pmd_unshare(), we use refcountto check whether a pmd page table ...
CVE-2024-57897
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same asthe DMA unmap setting, otherwise the DMA core will reportthe following warning. Before finialize this solution, there're ...
CVE-2024-57804
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface toenable/disable PHYs in a controller/expander setup. When multiple PHYsare disabled and enabled...
CVE-2024-57898
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from thevalid_links bitmap before performing any clean-up operations. However, somefunctions ...
CVE-2025-21645
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 hadactually enabled it, otherwise "wake_depth" for this IRQ will try todrop below zero and ...
CVE-2024-49571
In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offsetand the field ipv6_prefixes_cnt in proposal msg are from theremote client and can not be f...
CVE-2024-57917
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl", ...) test:keyward is WARNING in kvasprintfWARNING: CPU...
CVE-2025-21656
In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) andpositive (scsi_cmnd result field) error codes. Currently the driver just passes error...
CVE-2024-57889
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the followingbug can happen: BUG: sleeping function called from invalid contextat kernel/locking/mutex.c...
CVE-2024-57791
In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates thelength of msg should be received from network and the value should not befully trusted as i...
CVE-2025-21629
In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets withextension headers on devices that advertise NETIF_F_IPV6_CSUM,based on the definition of that feature in skb...
CVE-2024-52332
In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifierneeds to be unregistered, otherwise the dca_notifier can be called whenigb fails to install, r...
CVE-2024-57899
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes,while a u64 is 8 bytes. Therefore, when usingor_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE...
CVE-2024-56372
In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going throughall the iov components, we keep using the first oneand end up with a malformed skb. [1] kernel ...