Vendor CVEs
Linux
All CVEs
15,999 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43401 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if… | ||
| CVE-2026-43400 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM and could be exploited. So check these input value against… | ||
| CVE-2026-43399 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. (cherry picked from commit… | ||
| CVE-2026-43398 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited. So check these input value against… | ||
| CVE-2026-43397 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach()… | ||
| CVE-2026-43396 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked from commit… | ||
| CVE-2026-43395 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those… | ||
| CVE-2026-43394 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xprt_create_from_sa() does not require the… | ||
| CVE-2026-43393 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL, we're not freeing the chunk map that we've just… | ||
| CVE-2026-43392 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix starvation of scx_enable() under fair-class saturation During scx_enable(), the READY -> ENABLED task switching loop changes the calling thread's sched_class from fair to ext. Since fair has… | ||
| CVE-2026-43390 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use… | ||
| CVE-2026-43389 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd… | ||
| CVE-2026-43387 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so… | ||
| CVE-2026-43382 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via… | ||
| CVE-2026-43381 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. … | ||
| CVE-2026-43375 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional… | ||
| CVE-2026-43372 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the ksz_ptp_irq_setup()'s error… | ||
| CVE-2026-43371 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it… | ||
| CVE-2026-43369 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code… | ||
| CVE-2026-43367 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. (cherry… | ||
| CVE-2026-43364 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking if it is NULL. ub->ub_disk is NULL… | ||
| CVE-2026-43363 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't… | ||
| CVE-2026-43360 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a… | ||
| CVE-2026-43359 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the… | ||
| CVE-2026-43358 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop in try_release_subpage_extent_buffer() because there is a rcu_read_unlock() call… | ||
| CVE-2026-43357 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also… | ||
| CVE-2026-43356 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if… | ||
| CVE-2026-43355 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(),… | ||
| CVE-2026-43354 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unspecified. | ||
| CVE-2026-43351 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. … | ||
| CVE-2026-43349 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520 … | ||
| CVE-2026-43348 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and… | ||
| CVE-2026-43346 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF… | ||
| CVE-2026-43344 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline.… | ||
| CVE-2026-43343 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to decrement it. This prevents the configuration of attributes via configfs after… | ||
| CVE-2026-43340 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member… | ||
| CVE-2026-43338 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree… | ||
| CVE-2026-43337 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition: … | ||
| CVE-2026-43335 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference… | ||
| CVE-2026-43333 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator… | ||
| CVE-2026-43331 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidating GS base (which KCOV relies on for per-cpu data). When CONFIG_KCOV is enabled,… | ||
| CVE-2026-43327 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usb_gadget_udc_reset() routine in drivers/usb/gadgets/udc/core.c, resulting from… | ||
| CVE-2026-43326 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because… | ||
| CVE-2026-43325 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't send a 6E related command when not supported MCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not send it if the device doesn't support 6E. Apparently, the firmware is mistakenly… | ||
| CVE-2026-43323 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero_vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b ("sched/fair: Fix zero_vruntime tracking"). The… | ||
| CVE-2026-43320 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use | ||
| CVE-2026-43319 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_lock, but acquired them in different orders depending on the code path: … | ||
| CVE-2026-43318 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the… | ||
| CVE-2026-43317 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources… | ||
| CVE-2026-43316 | Med | 0.29 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chip_id Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type (literal "1" is an "int") could end up being shifted beyond 32 bits, so instrumentation… |
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM and could be exploited. So check these input value against…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. (cherry picked from commit…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited. So check these input value against…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach()…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked from commit…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xprt_create_from_sa() does not require the…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL, we're not freeing the chunk map that we've just…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix starvation of scx_enable() under fair-class saturation During scx_enable(), the READY -> ENABLED task switching loop changes the calling thread's sched_class from fair to ext. Since fair has…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. …
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the ksz_ptp_irq_setup()'s error…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. (cherry…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking if it is NULL. ub->ub_disk is NULL…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop in try_release_subpage_extent_buffer() because there is a rcu_read_unlock() call…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(),…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unspecified.
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. …
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520 …
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline.…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to decrement it. This prevents the configuration of attributes via configfs after…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition: …
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidating GS base (which KCOV relies on for per-cpu data). When CONFIG_KCOV is enabled,…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usb_gadget_udc_reset() routine in drivers/usb/gadgets/udc/core.c, resulting from…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't send a 6E related command when not supported MCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not send it if the device doesn't support 6E. Apparently, the firmware is mistakenly…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero_vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b ("sched/fair: Fix zero_vruntime tracking"). The…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_lock, but acquired them in different orders depending on the code path: …
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chip_id Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type (literal "1" is an "int") could end up being shifted beyond 32 bits, so instrumentation…
Page 213 of 320