Total
15186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36783 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
The PM reference count is not expected to be incremented on
return in functions img_i2c_xfer and img_i2c_init.
However, pm_runtime_get_sync will increment the PM reference
count even failed. Forgetting to putting operation will result
in a reference leak here.
Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.
|
|||||
| CVE-2020-36781 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: imx: fix reference leak when pm_runtime_get_sync fails
In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count
is not expected to be incremented on return.
However, pm_runtime_get_sync will increment pm reference count
even failed. Forgetting to putting operation will result in a
reference leak here.
Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.
|
|||||
| CVE-2020-36779 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails
The PM reference count is not expected to be incremented on
return in these stm32f7_i2c_xx serious functions.
However, pm_runtime_get_sync will increment the PM reference
count even failed. Forgetting to putting operation will result
in a reference leak here.
Replace it with pm_runtime_resume_and_get to keep usage
counter balanced.
|
|||||
| CVE-2021-46983 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nvmet-rdma: Fix NULL deref when SEND is completed with error
When running some traffic and taking down the link on peer, a
retry counter exceeded error is received. This leads to
nvmet_rdma_error_comp which tried accessing the cq_context to
obtain the queue. The cq_context is no longer valid after the
fix to use shared CQ mechanism and should be obtained similar
to how it is obtained in other functions from the wc->qp.
[ 905. ...
Show More |
|||||
| CVE-2021-46981 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nbd: Fix NULL pointer in flush_workqueue
Open /dev/nbdX first, the config_refs will be 1 and
the pointers in nbd_device are still null. Disconnect
/dev/nbdX, then reference a null recv_workq. The
protection by config_refs in nbd_genl_disconnect is useless.
[ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 656.368943] #PF: supervisor write access in kernel mode
[ 656.369844] #PF: error_code(0x0 ...
Show More |
|||||
| CVE-2020-36786 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: [next] staging: media: atomisp: fix memory leak of object flash
In the case where the call to lm3554_platform_data_func returns an
error there is a memory leak on the error return path of object
flash. Fix this by adding an error return path that will free
flash and rename labels fail2 to fail3 and fail1 to fail2.
|
|||||
| CVE-2020-36785 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
The "s3a_buf" is freed along with all the other items on the
"asd->s3a_stats" list. It leads to a double free and a use after free.
|
|||||
| CVE-2021-46991 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix use-after-free in i40e_client_subtask()
Currently the call to i40e_client_del_instance frees the object
pf->cinst, however pf->cinst->lan_info is being accessed after
the free. Fix this by adding the missing return.
Addresses-Coverity: ("Read from pointer after free")
|
|||||
| CVE-2021-46985 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ACPI: scan: Fix a memory leak in an error handling path
If 'acpi_device_set_name()' fails, we must free
'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.
|
|||||
| CVE-2021-46984 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
kyber: fix out of bounds access when preempted
__blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and
passes the hctx to ->bio_merge(). kyber_bio_merge() then gets the ctx
for the current CPU again and uses that to get the corresponding Kyber
context in the passed hctx. However, the thread may be preempted between
the two calls to blk_mq_get_ctx(), and the ctx returned the second time
may no longer correspond ...
Show More |
|||||
| CVE-2021-46998 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside
enic_queue_wq_skb, if some error happens, the skb will be freed
by dev_kfree_skb(skb). But the freed skb is still used in
skb_tx_timestamp(skb).
My patch makes enic_queue_wq_skb() return error and goto spin_unlock()
incase of error. The solution is provided by Govind.
See https://lkml.org/lkml/2021/4/3 ...
Show More |
|||||
| CVE-2021-46996 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: Fix a memleak from userdata error path in new objects
Release object name if userdata allocation fails.
|
|||||
| CVE-2021-46995 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe
When we converted this code to use dev_err_probe() we accidentally
removed a return. It means that if devm_clk_get() it will lead to an
Oops when we call clk_get_rate() on the next line.
|
|||||
| CVE-2021-46994 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix resume from sleep before interface was brought up
Since 8ce8c0abcba3 the driver queues work via priv->restart_work when
resuming after suspend, even when the interface was not previously
enabled. This causes a null dereference error as the workqueue is only
allocated and initialized in mcp251x_open().
To fix this we move the workqueue init to mcp251x_can_probe() as there
is no reason to do it later and repea ...
Show More |
|||||
| CVE-2018-18689 | 14 Apple, Avanquest, Foxitsoftware and 11 more | 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more | 2024-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Read ...
Show More |
|||||
| CVE-2024-0646 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-25 | N/A | 7.0 HIGH |
|
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
|||||
| CVE-2024-0564 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-25 | N/A | 5.3 MEDIUM |
|
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are crea ...
Show More |
|||||
| CVE-2024-50042 | 1 Linux | 1 Linux Kernel | 2024-11-22 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix increasing MSI-X on VF
Increasing MSI-X value on a VF leads to invalid memory operations. This
is caused by not reallocating some arrays.
Reproducer:
modprobe ice
echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe
echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs
echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count
Default MSI-X is 16, so 17 and above triggers this issue.
KASAN reports:
...
Show More |
|||||
| CVE-2024-46788 | 1 Linux | 1 Linux Kernel | 2024-11-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Use a cpumask to know what threads are kthreads
The start_kthread() and stop_thread() code was not always called with the
interface_lock held. This means that the kthread variable could be
unexpectedly changed causing the kthread_stop() to be called on it when it
should not have been, leading to:
while true; do
rtla timerlat top -u -q & PID=$!;
sleep 5;
kill -INT $PID;
sleep 0.001;
kill -TERM ...
Show More |
|||||
| CVE-2024-46790 | 1 Linux | 1 Linux Kernel | 2024-11-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
codetag: debug: mark codetags for poisoned page as empty
When PG_hwpoison pages are freed they are treated differently in
free_pages_prepare() and instead of being released they are isolated.
Page allocation tag counters are decremented at this point since the page
is considered not in use. Later on when such pages are released by
unpoison_memory(), the allocation tag counters will be decremented again
and the following warn ...
Show More |
|||||
| CVE-2022-48686 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix UAF when detecting digest errors
We should also bail from the io_work loop when we set rd_enabled to true,
so we don't attempt to read data from the socket when the TCP stream is
already out-of-sync or corrupted.
|
|||||
| CVE-2024-46792 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 3.3 LOW |
|
In the Linux kernel, the following vulnerability has been resolved:
riscv: misaligned: Restrict user access to kernel memory
raw_copy_{to,from}_user() do not call access_ok(), so this code allowed
userspace to access any virtual memory address.
|
|||||
| CVE-2024-6222 | 4 Apple, Docker, Linux and 1 more | 4 Macos, Desktop, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
|
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.
Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.
As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs ...
Show More |
|||||
| CVE-2024-42231 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: fix calc_available_free_space() for zoned mode
calc_available_free_space() returns the total size of metadata (or
system) block groups, which can be allocated from unallocated disk
space. The logic is wrong on zoned mode in two places.
First, the calculation of data_chunk_size is wrong. We always allocate
one zone as one chunk, and no partial allocation of a zone. So, we
should use zone_size (= data_sinfo->chunk ...
Show More |
|||||
| CVE-2024-42227 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix overlapping copy within dml_core_mode_programming
[WHY]
&mode_lib->mp.Watermark and &locals->Watermark are
the same address. memcpy may lead to unexpected behavior.
[HOW]
memmove should be used.
|
|||||
| CVE-2024-42162 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
gve: Account for stopped queues when reading NIC stats
We now account for the fact that the NIC might send us stats for a
subset of queues. Without this change, gve_get_ethtool_stats might make
an invalid access on the priv->stats_report->stats array.
|
|||||
| CVE-2024-42158 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.1 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle:
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
|
|||||
| CVE-2024-42155 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 1.9 LOW |
|
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
Although the clear-key of neither protected- nor secure-keys is
accessible, this key material should only be visible to the calling
process. So wipe all copies of protected- or secure-keys from stack,
even in case of an error.
|
|||||
| CVE-2024-42144 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
Verify that lvts_data is not NULL before using it.
|
|||||
| CVE-2024-42123 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix double free err_addr pointer warnings
In amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages
will be run many times so that double free err_addr in some special case.
So set the err_addr to NULL to avoid the warnings.
|
|||||
| CVE-2024-42083 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic due to multi-buffer handling
Currently, the ionic_run_xdp() doesn't handle multi-buffer packets
properly for XDP_TX and XDP_REDIRECT.
When a jumbo frame is received, the ionic_run_xdp() first makes xdp
frame with all necessary pages in the rx descriptor.
And if the action is either XDP_TX or XDP_REDIRECT, it should unmap
dma-mapping and reset page pointer to NULL for all pages, not only the
first page.
...
Show More |
|||||
| CVE-2024-42081 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/xe_devcoredump: Check NULL before assignments
Assign 'xe_devcoredump_snapshot *' and 'xe_device *' only if
'coredump' is not NULL.
v2
- Fix commit messages.
v3
- Define variables before code.(Ashutosh/Jose)
v4
- Drop return check for coredump_to_xe. (Jose/Rodrigo)
v5
- Modify misleading commit message. (Matt)
|
|||||
| CVE-2024-42078 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: initialise nfsd_info.mutex early.
nfsd_info.mutex can be dereferenced by svc_pool_stats_start()
immediately after the new netns is created. Currently this can
trigger an oops.
Move the initialisation earlier before it can possibly be dereferenced.
|
|||||
| CVE-2024-42075 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix remap of arena.
The bpf arena logic didn't account for mremap operation. Add a refcnt for
multiple mmap events to prevent use-after-free in arena_vm_close.
|
|||||
| CVE-2024-42074 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp: add a null check for chip_pdev structure
When acp platform device creation is skipped, chip->chip_pdev value will
remain NULL. Add NULL check for chip->chip_pdev structure in
snd_acp_resume() function to avoid null pointer dereference.
|
|||||
| CVE-2024-42071 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ionic: use dev_consume_skb_any outside of napi
If we're not in a NAPI softirq context, we need to be careful
about how we call napi_consume_skb(), specifically we need to
call it with budget==0 to signal to it that we're not in a
safe context.
This was found while running some configuration stress testing
of traffic and a change queue config loop running, and this
curious note popped out:
[ 4371.402645] BUG: using smp_proces ...
Show More |
|||||
| CVE-2024-42066 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix potential integer overflow in page size calculation
Explicitly cast tbo->page_alignment to u64 before bit-shifting to
prevent overflow when assigning to min_page_size.
|
|||||
| CVE-2024-42065 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Add an explicit check to ensure that the mgr is not NULL.
|
|||||
| CVE-2024-42064 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip pipe if the pipe idx not set properly
[why]
Driver crashes when pipe idx not set properly
[how]
Add code to skip the pipe that idx not set properly
|
|||||
| CVE-2024-41094 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-dma: Only set smem_start is enable per module option
Only export struct fb_info.fix.smem_start if that is required by the
user and the memory does not come from vmalloc().
Setting struct fb_info.fix.smem_start breaks systems where DMA
memory is backed by vmalloc address space. An example error is
shown below.
[ 3.536043] ------------[ cut here ]------------
[ 3.540716] virt_to_phys used for non-linear address ...
Show More |
|||||