7807 matches found
CVE-2021-47051
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even it failed.Forgetting to putting operation will result in reference leak here.Fix it by replacing it wit...
CVE-2021-47012
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix a use after free in siw_alloc_mr Our code analyzer reported a UAF. In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation ofsiw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed viakf...
CVE-2021-47052
In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causingmemory leaks. Fix these. Addresses-Coverity: ("Resource leak")
CVE-2021-47002
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a nu...
CVE-2024-26866
In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually withspi_alloc_host()/spi_alloc_target(), but usesdevm_spi_register_controller(). In case of error after the latter call...
CVE-2021-47038
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added adependency between socket lock and hci_dev->lock that could lead todeadlock. It turns out that...
CVE-2024-26879
In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panicduring cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer dereference at...
CVE-2020-36785
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the"asd->s3a_stats" list. It leads to a double free and a use after free.
CVE-2024-26895
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN warning, which can beobserved on interface registration error path, or simply byremoving the module/unbind...
CVE-2024-26878
In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2dquot_free_inode quota_offdrop_dquot_refremove_dquot_refdquots = i_dquot(inode)dquots = i_dquot(inode)srcu_read_lockdquots[cnt]) != NU...
CVE-2021-46995
In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe When we converted this code to use dev_err_probe() we accidentallyremoved a return. It means that if devm_clk_get() it will lead to anOops when we call cl...
CVE-2024-27395
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversalof ovs_ct_limit_exit, is not part of the RCU read critical section, itis possible that the RCU grace peri...
CVE-2021-46991
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the objectpf->cinst, however pf->cinst->lan_info is being accessed afterthe free. Fix this by adding the missing return...
CVE-2024-27396
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversalof gtp_dellink, is not part of the RCU read critical section, itis possible that the RCU grace period will pass du...
CVE-2024-35915
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payloadlength is zero, each message type handl...
CVE-2024-26892
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a testto make sure the shared irq handler should be able to handle the unexpectedevent after deregistration. For...
CVE-2024-26865
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASANsplat [1] and another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the o...
CVE-2024-26944
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the devicereplace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status...
CVE-2024-26941
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Fix a regression when using nouveau and unplugging a StarTech MSTDP122DPDisplayPort 1.2 MST hub (the same regression does not appear when usinga Cable Matters Disp...
CVE-2023-52601
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree whileaccessing the dmt_stree. To add the required check added the bool is_ctlwhich is required to determine the size as sugge...
CVE-2024-26928
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
CVE-2024-26993
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious referenceleak in its error path. If the call to kernfs_find_and_get() fails thenkn will be NULL, so the com...
CVE-2024-26810
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTxconfiguration changes via ioctl. Create wrappers that add locking forpaths outside of the core interrupt code. In particu...
CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freedin several error-handling paths. However, *pdvbdev is not set to NULLafter dvbdev's deallocation, causing use-after-fr...
CVE-2024-26981
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file isdefined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,which uses this array, specifies the index to re...
CVE-2023-52585
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status...
CVE-2024-27038
In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the followingsequence: clk_core_get()of_clk_get_hw_from_clkspec()__of_clk_get_hw_from_provider()__clk_get_hw() __clk_get_hw() can retur...
CVE-2024-27074
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated withouta deallocation thereafter. After the following call chain: saa7134_go7007_init|-> go7007_boot_encoder|-...
CVE-2024-26966
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with anempty element. Add such entry to the end of the arrays where itis missing in order to avoid possible...
CVE-2024-26961
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly withoutfollowing the RCU rules for waiting before the end of a grace period. Thismay lead to use-a...
CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and everyerror-handling paths, since they are allocated in for statements.Otherwise there would be memleaks because tpg_free is c...
CVE-2024-27076
In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.
CVE-2024-26974
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel drivermay encounter a race condition with freeing the reset_data structure'smemory. If the device restart will ...
CVE-2024-27044
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() beforethe check if 'stream' is NULL. Fixes the below:drivers/gpu/drm/am...
CVE-2024-27077
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entitybut isn't freed in its following error-handling paths. This patchadds such deallocation to preve...
CVE-2024-26989
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsusp_save() On arm64 machines, swsusp_save() faults if it attempts to accessMEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFIwhen booting with rodata=off deb...
CVE-2023-52650
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and returnthe error if it fails in order to avoid NULL pointer dereference.
CVE-2024-27046
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, ifthe physical memory has run out. As a result, if we dereferencethe acti_netdevs, the null pointer dereference bugs ...
CVE-2021-47006
In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default::overflow_handler()") set a default event->overflow_handler inperf_event_alloc(), and r...
CVE-2024-36012
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it inhci_release_dev() to fix the following case: [use]msft_do_close()msft = hdev->msft_data;if (!msft) ...(1) filte...
CVE-2024-26969
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with anempty element. Add such entry to the end of the arrays where itis missing in order to avoid possible ...
CVE-2024-27051
In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check itand return 0 in case of error. Found by Linux Verification Center (linuxtesting.org) with...
CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().
CVE-2024-27030
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector sameinterrupt handler is registered which is causing race condition.When two interrupts are raised to two CPUs at same timethen tw...
CVE-2024-26958
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------refcount_t: underflow; use-after-free.WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcou...
CVE-2021-47044
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in load_balance() Syzbot reported a handful of occurrences where an sd->nr_balance_failed cangrow to much higher values than one would expect. A successful load_balance() resets it to 0; a fai...
CVE-2024-27047
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an emptyarray in the case that the driver is calling phy_get_internal_delaywithout defining delay_values and r...
CVE-2024-26967
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with anempty element. Add such entry to the end of the arrays where itis missing in order to avoid possib...
CVE-2024-27002
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probingstage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_loc...
CVE-2024-27011
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object forelement removal, therefore, a combination of delete element + delete setfrom the abort path could result in ...