Vendor CVEs
Linux
All CVEs
15,975 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38585 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region. | ||
| CVE-2024-38576 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might… | ||
| CVE-2024-38572 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning, ============================================… | ||
| CVE-2024-38561 | Hig | 0.46 | 7.0 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline and before the call to kthread_stop(), which may lead to use after free. | ||
| CVE-2024-38560 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure… | ||
| CVE-2024-38542 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. | ||
| CVE-2024-38538 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if… | ||
| CVE-2024-36960 | Hig | 0.46 | 7.1 | 0.00 | Jun 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure… | ||
| CVE-2024-36935 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that… | ||
| CVE-2024-36931 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the… | ||
| CVE-2024-36916 | Hig | 0.46 | 7.1 | 0.01 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some… | ||
| CVE-2024-36915 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in… | ||
| CVE-2024-36899 | Hig | 0.46 | 7.0 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed… | ||
| CVE-2024-36883 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first… | ||
| CVE-2024-36033 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware. | ||
| CVE-2024-36032 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info… | ||
| CVE-2024-36030 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning: drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2 Attempt to free released memory. … | ||
| CVE-2024-36027 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to… | ||
| CVE-2024-36019 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max -… | ||
| CVE-2021-47479 | Hig | 0.46 | 7.0 | 0.00 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see… | ||
| CVE-2021-47449 | Hig | 0.46 | 7.1 | 0.00 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over… | ||
| CVE-2023-52866 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In… | ||
| CVE-2023-52847 | Hig | 0.46 | 7.0 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no… | ||
| CVE-2023-52842 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in… | ||
| CVE-2023-52827 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid… | ||
| CVE-2023-52794 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at… | ||
| CVE-2023-52766 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access… | ||
| CVE-2023-52701 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb->mark syzbot found arm64 builds would crash in sock_recv_mark() when CONFIG_HARDENED_USERCOPY=y x86 and powerpc are not detecting the issue because they define… | ||
| CVE-2021-47403 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the… | ||
| CVE-2021-47393 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed… | ||
| CVE-2021-47390 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size… | ||
| CVE-2021-47383 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and… | ||
| CVE-2021-47371 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to the following commands: # ip nexthop add id 1 blackhole # devlink dev reload… | ||
| CVE-2021-47346 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() commit 6f755e85c332 ("coresight: Add helper for inserting synchronization packets") removed trailing '\0' from barrier_pkt array and… | ||
| CVE-2021-47327 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less… | ||
| CVE-2021-47309 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as… | ||
| CVE-2021-47291 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit… | ||
| CVE-2021-47288 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: … | ||
| CVE-2021-47281 | Hig | 0.46 | 7.0 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open() should have managed the concurrent accesses. It looks as if it's checking the already existing… | ||
| CVE-2021-47280 | Hig | 0.46 | 7.0 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can… | ||
| CVE-2021-47277 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted… | ||
| CVE-2021-47262 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter… | ||
| CVE-2021-47255 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not be executed." Worse,… | ||
| CVE-2021-47245 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into… | ||
| CVE-2021-47243 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. When the length is 1, the… | ||
| CVE-2021-47240 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. The problem was in wrong _size_ type: if (len != ALIGN(size, 4) + hdrlen) goto err; If size… | ||
| CVE-2021-47226 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The… | ||
| CVE-2024-35967 | Hig | 0.46 | 7.1 | 0.00 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset… | ||
| CVE-2024-35966 | Hig | 0.46 | 7.1 | 0.00 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in… | ||
| CVE-2024-35965 | Hig | 0.46 | 7.1 | 0.00 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. |
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning, ============================================…
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline and before the call to kthread_stop(), which may lead to use after free.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the…
- risk 0.46cvss 7.1epss 0.01
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in…
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning: drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2 Attempt to free released memory. …
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max -…
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In…
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb->mark syzbot found arm64 builds would crash in sock_recv_mark() when CONFIG_HARDENED_USERCOPY=y x86 and powerpc are not detecting the issue because they define…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to the following commands: # ip nexthop add id 1 blackhole # devlink dev reload…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() commit 6f755e85c332 ("coresight: Add helper for inserting synchronization packets") removed trailing '\0' from barrier_pkt array and…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: …
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open() should have managed the concurrent accesses. It looks as if it's checking the already existing…
- risk 0.46cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not be executed." Worse,…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. When the length is 1, the…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. The problem was in wrong _size_ type: if (len != ALIGN(size, 4) + hdrlen) goto err; If size…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data.
Page 55 of 320