5.5
CVE-2024-49901 - drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where msm_gpu_cleanuβ¦
5.5
CVE-2022-48970 - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not have sk. [2] We musβ¦
5.5
CVE-2024-49949 - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect malicious attempts froβ¦
5.5
CVE-2022-48959 - net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released.
7.8
CVE-2024-50007 - ALSA: asihpi: Fix potential OOB array access
In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity cβ¦
5.5
CVE-2022-49028 - ixgbevf: Fix resource leak in ixgbevf_init_module()
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent tβ¦
7.1
CVE-2024-49995 - kernel: tipc: guard against string buffer overrun
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.1
CVE-2022-49031 - iio: health: afe4403: Fix oob read in afe4403_read_raw
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trβ¦
7.8
CVE-2022-48948 - usb: gadget: uvc: Prevent buffer overflow in setup handler
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpyβ¦
7.8
CVE-2024-47719 - iommufd: Protect against overflow of ALIGN() during iova allocation
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during β¦