5.5
CVE-2024-58085 - tomoyo: don't emit warning in tomoyo_write_control()
In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFPβ¦
5.5
CVE-2025-21830 - landlock: Handle weird files
In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem (e.g. bcachefs) might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files.
5.5
CVE-2025-21832 - block: don't revert iter for -EIOCBQUEUED
In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than makes more sense), aβ¦
5.5
CVE-2025-21834 - seccomp: passthrough uretprobe systemcall without filtering
In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the attached process is segfaulted when encountering the retprobe. The reason is that now that uretprobe iβ¦
5.5
CVE-2024-58082 - media: nuvoton: Fix an error check in npcm_video_ece_init()
In the Linux kernel, the following vulnerability has been resolved: media: nuvoton: Fix an error check in npcm_video_ece_init() When function of_find_device_by_node() fails, it returns NULL instead of an error code. So the corresponding error check logic should be modified to check whether the reβ¦
5.5
CVE-2024-58064 - wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() kunit_kzalloc() may return NULL, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for ies.
7.8
CVE-2024-58060 - bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n. In particular, the report is on tcp_congestion_ops that has a "struct moβ¦
5.5
CVE-2024-58056 - remoteproc: core: Fix ida_free call while not allocated
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Fix ida_free call while not allocated In the rproc_alloc() function, on error, put_device(&rproc->dev) is called, leading to the call of the rproc_type_release() function. An error can occurs before ida_alloc isβ¦
7.1
CVE-2024-58054 - staging: media: max96712: fix kernel oops when removing module
In the Linux kernel, the following vulnerability has been resolved: staging: media: max96712: fix kernel oops when removing module The following kernel oops is thrown when trying to remove the max96712 module: Unable to handle kernel paging request at virtual address 00007375746174db Mem abort iβ¦
7.8
CVE-2024-58055 - usb: gadget: f_tcm: Don't free command immediately
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.