CVE-2024-27032

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible thatf2fs_reserve_new_block() will return -ENOSPC during recovery,then it may trigger panic. Also, if fault injection rate is 1...

CVE-2024-27058

In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquotinformation from the rb tree. Fetching the rb_tree root node must also be protected by thedqopt->dqio_sem, otherwise, g...

CVE-2024-27072

In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() becauseare useless and may led to a deadlock as reported here:https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000Also remove ...

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

CVE-2024-27028

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupthandler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf ...

CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if thephysical memory has run out. As a result, if we use snprintf()to write data to the null address, the nul...

CVE-2024-26584

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on ourrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return-EBUSY instead of -EINPROGRESS in valid situations. F...

CVE-2023-52456

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used tocontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When theTTY port is closed in the middle of a transmiss...

CVE-2024-26581

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.

CVE-2024-26592

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection andits disconnection. It leads to UAF on struct tcp_transport inksmbd_tcp_new_connection() function.

CVE-2023-52602

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry tableof the page there is a out of bound access. Added a bound check to fixthe error. Dave:Set return code to -EIO

CVE-2023-52436

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. Thiseliminates the fragile assumption that the unused xattr space is alwayszeroed.

CVE-2023-52455

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, theiraddress and size are 0 in "iommu-addresses" property. If IOVA region isreserved with 0 length, then it ends up corrupting t...

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a par...

CVE-2024-26593

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the blockbuffer index twice for block process call transactions: once beforewriting the outgoing data to the buffer, and once aga...

CVE-2023-52457

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit thelittle helpful error message: remove callback returned a non-zero value. Thi...

CVE-2024-53197

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds theinitial value used in usb_get_configuration for allocating dev->config. This ...

CVE-2023-52464

In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bugin the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':dr...

CVE-2024-26597

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a bigger maxtype which leads to aglobal out-of-bounds read when parsing the netlink attributes. See bugtrace below: ===========================...

CVE-2024-26601

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundantmb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based oncode in mb_free_blocks(), ...

CVE-2024-26598

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translationcache hit racing with an operation that invalidates the cache, suchas a DISCARD ITS command. The ...

CVE-2021-0920

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917R...

CVE-2023-52460

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr.So don't use it to look for DML2 support.

CVE-2024-26603

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer wastaken from fx_sw->xstate_size. fx_sw->xstate_size can be changedfrom user-space, so it is ...

CVE-2024-26600

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implementsend_srp(), we may still attempt to call it. This can happen on an idleEthernet gadget triggerin...

CVE-2023-52470

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init()to avoid null-ptr-deref.

CVE-2023-52467

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.

CVE-2024-34027

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lockto avoid racing with checkpoint, otherwise, filesystem metadata includingblkadd...

CVE-2023-52469

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_tablefrees adev->pm.dpm.ps that allocated before. However, after the controlflow goes through the following...

CVE-2024-26605

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock whenenabling ASPM during probe of Qualcomm PCIe controllers as reported bylockdep: ========================================...

CVE-2023-52458

In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no checkon whether the length is aligned with the logical block size.If the logical block size of...

CVE-2023-52473

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_with_trips()returns an error, the tz variable is set to NULL and subsequentlydereferenced in kfree(tz-...

CVE-2021-46904

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a doubleunregistration of the same device. The first unregistration succeedsbut the next one results in a nu...

CVE-2024-26595

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path afterfailing to attach the region to an ACL group, we hit a NULL pointerdereference upon 'regio...

CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we setslot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,depending on actual spill size). So to chec...

CVE-2023-52471

In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.

CVE-2023-52459

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from thehelper function in the line before. Having a second list_del()call results in either a warning (with CONFIG_DEBUG_LIST=y)...

CVE-2021-46905

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty deviceunregistration") fixed the racy minor allocation reported by syzbot, butintroduced an unconditional NULL-pointer ...

CVE-2023-52454

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL,the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel NULL pointer dereferenc...

CVE-2024-26604

In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the rootcause can be found.

CVE-2024-26924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with aback-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms...add_elem("0000000X") timeout 100 m...

CVE-2023-52472

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so adda check to prevent a NULL dereference. Small allocations like thiscan't actually fail in current kernels, but ad...

CVE-2021-22600

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVE-2023-52468

In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found inlock_keys_hash hlist after subsys_private is freed in errorhandler path.A task who iterate over the lock_keys_hashlater may cau...

CVE-2023-52463

In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assigna callback for that function. At the same time mount the efivarfs asRO so no one can call ...

CVE-2023-52465

In the Linux kernel, the following vulnerability has been resolved: power: supply: Fix null pointer dereference in smb2_probe devm_kasprintf and devm_kzalloc return a pointer to dynamicallyallocated memory which can be NULL upon failure.

CVE-2019-25162

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it.This patch just moves the put_device() down a bit to avoid theuse after free. [wsa: added comment to the code, added Fixes tag]

CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbdvalidate and make the error if it is invalid.

CVE-2024-26596

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for everyNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline st...