VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2023-52667HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table()…

  • CVE-2023-52664HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and…

  • CVE-2024-35792HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.

  • CVE-2024-35791HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where…

  • CVE-2024-35789HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can…

  • CVE-2024-27433HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove…

  • CVE-2024-27396HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU…

  • CVE-2024-27395HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible…

  • CVE-2022-48695HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at…

  • CVE-2022-48702HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however…

  • CVE-2022-48694HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error target the wrong CQ. This causes the ib_drain_sq to hang with no completion. Fix…

  • CVE-2022-48686HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already…

  • CVE-2022-48674HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN:…

  • CVE-2022-48672HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which…

  • CVE-2022-48670HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will…

  • CVE-2024-27392HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() When nvme_identify_ns() fails, it frees the pointer to the struct nvme_id_ns before it returns. However, ns_update_nuse() calls kfree() for…

  • CVE-2024-27075HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12…

  • CVE-2024-27070HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr…

  • CVE-2024-27065HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.

  • CVE-2024-27061HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8i_ce_cipher_unprepare should be called before crypto_finalize_skcipher_request, because client callbacks may immediately free memory, that isn't needed…

  • CVE-2024-27049HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event…

  • CVE-2024-27045HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below:…

  • CVE-2024-27043HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's…

  • CVE-2024-27036HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix writeback data corruption cifs writeback doesn't correctly handle the case where cifs_extend_writeback() hits a point where it is considering an additional folio, but this would overrun the wsize -…

  • CVE-2024-27024HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr().

  • CVE-2023-52649HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the last index of the array the ceil LUT index will point to an entry beyond the array. Make sure we guard against…

  • CVE-2024-26988HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are…

  • CVE-2024-26965HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in…

  • CVE-2024-26961HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace…

  • CVE-2024-26958HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at…

  • CVE-2024-26957HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcrypt_card.…

  • CVE-2024-26956HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws…

  • CVE-2024-26955HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submit_bh_wbc() Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent…

  • CVE-2024-26952HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field…

  • CVE-2024-26951HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list…

  • CVE-2024-26944HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub:…

  • CVE-2024-26936HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is…

  • CVE-2024-26934HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device…

  • CVE-2024-26933HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This…

  • CVE-2024-26932HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed…

  • CVE-2024-26930HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in…

  • CVE-2022-48662HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration. However, this requires…

  • CVE-2022-48658HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all…

  • CVE-2022-48657HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.…

  • CVE-2022-48655HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to…

  • CVE-2022-48649HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix possible double free of kmem_cache When doing slub_debug test, kfence's 'test_memcache_typesafe_by_rcu' kunit test case cause a use-after-free error: BUG: KASAN: use-after-free in…

  • CVE-2022-48637HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxt_tx_int() hands over the ownership of the completed skb to the PTP worker. The skb should not be used…

  • CVE-2022-48632HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

  • CVE-2024-26928HigApr 28, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

  • CVE-2024-26914HigApr 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why] MAX_SURFACES is per stream, while MAX_PLANES is per asic. The mpc_combine is an array that records all the planes per asic. Therefore MAX_PLANES…

Page 33 of 320