5.5
CVE-2022-48979 - drm/amd/display: fix array index out of bound error in DCN32 DML
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How] LinkCapacitySupport array is indexed with the number of voltage states and not the number of max DPPs. Fix the error by changing the array declaration to β¦
5.5
CVE-2024-49957 - ocfs2: fix null-ptr-deref when journal load failed.
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shβ¦
5.5
CVE-2024-49919 - drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer This commit addresses a potential null pointer dereference issue in the `dcn201_acquire_free_pipe_for_layer` function. The issue could occur whenβ¦
4.4
CVE-2023-52917 - kernel: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2022-49024 - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allβ¦
5.5
CVE-2022-48955 - net: thunderbolt: fix memory leak in tbnet_open()
In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_out_hopid() is not released. Add tb_xdomain_release_out_hopid() to the error path to releaseβ¦
7.1
CVE-2024-49860 - ACPI: sysfs: validate return type of _STR method
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.
7.8
CVE-2024-47682 - scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, for example), sd_read_block_characteristics() may attempt an out-of-bounds memory access wheβ¦
7.8
CVE-2024-49865 - drm/xe/vm: move xa_alloc to prevent UAF
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc allβ¦
7.8
CVE-2022-48954 - s390/qeth: fix use-after-free in hsci
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2dev_event_work was freed. ================================================================== BUG: KASAN: use-after-free in qeth_l2_br2dev_workβ¦