RHSA-2024:9315MediumCVSS 7.8

Red Hat Security Advisory: kernel security update

Published
November 12, 2024
Last Modified
July 8, 2026

🔗 CVE IDs covered (594)

CVE-2023-52462CVE-2023-52615CVE-2023-52650CVE-2024-35939CVE-2024-41049CVE-2024-41056CVE-2024-42276CVE-2023-52513CVE-2023-52689CVE-2023-52784CVE-2024-26958CVE-2024-35831CVE-2024-35864CVE-2024-35867CVE-2024-36940CVE-2023-52498CVE-2023-53264CVE-2024-27389CVE-2024-42240CVE-2023-52466 · pendingCVE-2023-54114CVE-2024-26786CVE-2024-35931CVE-2024-43856CVE-2021-47454CVE-2024-26815CVE-2023-52621CVE-2023-52749CVE-2023-52791CVE-2024-26645CVE-2024-0340CVE-2024-26837CVE-2024-26861CVE-2022-50640CVE-2023-52676CVE-2024-26591CVE-2024-26660CVE-2024-26674CVE-2024-26725CVE-2024-26733CVE-2024-26951CVE-2023-53596CVE-2024-36974CVE-2024-39501 · pendingCVE-2024-42141CVE-2023-52698CVE-2023-54267CVE-2024-36015CVE-2024-36967CVE-2023-54019CVE-2023-54172CVE-2024-26650 · pendingCVE-2024-35904CVE-2024-39474CVE-2024-43888CVE-2024-44970CVE-2023-52834CVE-2024-26746CVE-2024-36905CVE-2024-38618CVE-2024-41012CVE-2024-22099CVE-2024-27023CVE-2024-35814CVE-2024-35908CVE-2024-44960CVE-2024-25739CVE-2024-42101CVE-2021-47428CVE-2023-52648CVE-2023-52867CVE-2024-26614CVE-2024-26901CVE-2024-36956CVE-2024-36960CVE-2024-38605CVE-2024-41082CVE-2023-52624CVE-2024-26603CVE-2024-26717CVE-2024-27012CVE-2024-36477CVE-2024-42132CVE-2023-52520CVE-2023-54298CVE-2024-26915CVE-2024-36896CVE-2024-26933CVE-2024-35900CVE-2024-27410CVE-2024-36881CVE-2024-35944CVE-2024-23848CVE-2022-50251CVE-2022-50268CVE-2023-52649CVE-2023-52683CVE-2024-36002CVE-2024-23307CVE-2022-50312CVE-2023-52902CVE-2024-26611CVE-2024-26631CVE-2024-26973CVE-2024-39298CVE-2023-52758 · pendingCVE-2023-53752CVE-2023-54291CVE-2024-26920CVE-2024-26960CVE-2024-35838CVE-2024-35894CVE-2024-39497CVE-2023-52833CVE-2023-53731CVE-2023-53744CVE-2024-43869CVE-2024-58239CVE-2022-50625CVE-2022-50653CVE-2023-53719CVE-2024-26962CVE-2024-27004CVE-2023-53395CVE-2024-27014CVE-2022-50748CVE-2023-52595CVE-2024-26700CVE-2024-26976CVE-2024-35824CVE-2024-44965CVE-2022-49124CVE-2023-52859CVE-2023-53176CVE-2024-26803CVE-2024-38388CVE-2021-47429CVE-2023-53470CVE-2023-54093CVE-2024-26661CVE-2024-35877CVE-2023-53401CVE-2023-53997CVE-2024-26618CVE-2024-26872CVE-2024-41008CVE-2024-42226 · pendingCVE-2024-42245CVE-2022-48929CVE-2024-39498CVE-2023-52585CVE-2024-41077CVE-2024-45005CVE-2023-52757CVE-2023-53662CVE-2024-26928CVE-2024-35954CVE-2023-52473CVE-2023-53182CVE-2023-54323CVE-2024-26744CVE-2024-27079CVE-2024-35817CVE-2024-35912CVE-2023-52831CVE-2024-24857CVE-2024-26782CVE-2024-27038CVE-2024-39276CVE-2024-43826CVE-2023-52878CVE-2024-26870CVE-2024-38629CVE-2023-52637CVE-2024-27013CVE-2024-35794CVE-2024-40906CVE-2024-41032CVE-2023-52632CVE-2023-53230CVE-2024-35805CVE-2024-40913CVE-2024-42090CVE-2023-52445CVE-2023-52664CVE-2024-26740CVE-2024-27010CVE-2024-36933CVE-2024-41060CVE-2023-52622CVE-2023-53068CVE-2023-53704CVE-2024-26719CVE-2024-35801CVE-2024-35876 · pendingCVE-2024-35979CVE-2024-39507CVE-2023-53697CVE-2024-26691CVE-2024-36939CVE-2023-52662CVE-2023-53503CVE-2024-26938CVE-2024-31076CVE-2024-39488CVE-2022-49329CVE-2023-53558CVE-2023-52661CVE-2023-52680CVE-2023-54165CVE-2024-26589CVE-2024-26638CVE-2024-26646CVE-2023-53402CVE-2023-54118CVE-2022-50096CVE-2024-26863CVE-2024-35869CVE-2024-36891CVE-2024-40922CVE-2023-52756 · pendingCVE-2023-53249CVE-2024-26656CVE-2024-26708CVE-2024-35947CVE-2024-42114CVE-2024-42238CVE-2024-42301CVE-2022-49197CVE-2024-36006CVE-2024-41092CVE-2024-26892CVE-2024-35854CVE-2024-40945CVE-2024-26906CVE-2024-36920CVE-2024-40919CVE-2024-42084CVE-2023-54010CVE-2024-26704CVE-2024-26953CVE-2024-38635CVE-2021-47432CVE-2022-50073CVE-2023-53178CVE-2024-40901CVE-2021-47386CVE-2023-52477CVE-2023-54146CVE-2024-26707CVE-2024-40925CVE-2024-42159CVE-2022-49308CVE-2024-35942CVE-2022-48804CVE-2023-52674CVE-2023-54268CVE-2024-35924CVE-2023-54227CVE-2024-35827CVE-2024-35923 · pendingCVE-2024-40930CVE-2023-52528CVE-2023-53391CVE-2024-26838CVE-2024-35913CVE-2024-35976CVE-2024-36977CVE-2023-53597CVE-2024-24859CVE-2024-27404CVE-2024-35810CVE-2024-36031CVE-2024-38612CVE-2024-43865CVE-2024-44947CVE-2023-53768CVE-2023-54246CVE-2024-26899CVE-2024-36917CVE-2024-42268CVE-2023-52467CVE-2023-52819CVE-2023-54198CVE-2023-54271CVE-2024-26975CVE-2024-35843CVE-2022-50495 · pendingCVE-2024-36936CVE-2024-38604CVE-2024-38632CVE-2022-50858CVE-2023-52606CVE-2023-52840CVE-2023-52932CVE-2022-49860CVE-2023-52614CVE-2022-49787CVE-2024-35973CVE-2019-25162CVE-2024-26686CVE-2024-35957CVE-2024-40924CVE-2021-47101CVE-2023-52656CVE-2023-54066CVE-2024-1151CVE-2024-26662CVE-2024-26664CVE-2023-53708CVE-2024-26843CVE-2024-35952CVE-2024-39503CVE-2024-41039CVE-2022-48672CVE-2023-52486CVE-2024-35847CVE-2024-41063CVE-2024-26840CVE-2024-35995CVE-2024-41093CVE-2023-52811CVE-2023-54301CVE-2024-35861CVE-2023-52869CVE-2024-26927CVE-2024-26987CVE-2024-35795CVE-2024-35905CVE-2021-47384CVE-2022-50886CVE-2024-26964CVE-2024-36010CVE-2023-52594CVE-2024-26612CVE-2024-26889CVE-2023-52813CVE-2024-26846CVE-2024-35946CVE-2023-52696CVE-2023-54095CVE-2024-26678CVE-2024-26924CVE-2024-35853CVE-2024-36932CVE-2024-38627CVE-2023-52659CVE-2023-52703CVE-2024-35959CVE-2023-53483CVE-2024-26857CVE-2024-27062CVE-2024-27431CVE-2024-36902CVE-2024-38581CVE-2024-43870CVE-2023-52731CVE-2024-41085CVE-2024-42123CVE-2024-26663CVE-2024-41094CVE-2023-53702CVE-2023-53858CVE-2024-26907CVE-2024-42154CVE-2024-36030CVE-2024-41084CVE-2024-26670CVE-2024-41079CVE-2024-27414CVE-2024-35928 · pendingCVE-2022-49549CVE-2023-53505CVE-2024-26605CVE-2024-27395CVE-2024-35808CVE-2024-24858CVE-2022-49267 · pendingCVE-2024-40903CVE-2024-40967CVE-2022-49675CVE-2022-50761CVE-2023-52455CVE-2024-26669CVE-2024-41042CVE-2024-42237CVE-2023-52635CVE-2023-54299CVE-2024-26675CVE-2024-26774CVE-2024-35809CVE-2024-35822CVE-2024-35950CVE-2024-38598CVE-2021-47457CVE-2023-52492CVE-2023-52560CVE-2024-35862CVE-2024-35930CVE-2024-42124CVE-2022-50541CVE-2023-52775CVE-2023-52935CVE-2024-26862CVE-2024-36884CVE-2024-40948CVE-2024-43866CVE-2024-26772CVE-2024-26894CVE-2024-35925CVE-2024-42125CVE-2023-53613CVE-2024-26934CVE-2024-40988CVE-2024-40997CVE-2022-50486CVE-2021-47185CVE-2021-47495CVE-2024-26937CVE-2024-35807CVE-2024-35991CVE-2024-36930CVE-2024-36945CVE-2023-52679CVE-2024-26767CVE-2024-26988CVE-2024-26989CVE-2024-27003CVE-2024-27011CVE-2024-35892CVE-2024-39499CVE-2023-54244CVE-2024-27436CVE-2024-36928CVE-2024-43830CVE-2021-47497CVE-2023-52751CVE-2023-53059CVE-2024-39508CVE-2024-40907CVE-2024-41089CVE-2024-43817CVE-2023-52451CVE-2024-26812CVE-2024-27017CVE-2022-49941 · pendingCVE-2023-52625CVE-2023-53747CVE-2023-54083CVE-2024-36955CVE-2024-39471CVE-2022-50468CVE-2023-52619CVE-2024-26761CVE-2024-27057CVE-2024-35878CVE-2024-36022 · pendingCVE-2024-39491CVE-2024-41007CVE-2022-50019CVE-2023-52740CVE-2024-26922CVE-2024-26984CVE-2024-35865CVE-2024-42078CVE-2024-42228CVE-2023-52501CVE-2023-52690CVE-2023-52482CVE-2023-52762CVE-2024-35812 · pendingCVE-2024-36926CVE-2024-41095CVE-2024-42070CVE-2021-47505CVE-2023-53173CVE-2023-54194CVE-2024-26641CVE-2024-27048CVE-2024-35886CVE-2024-39473CVE-2024-40965CVE-2024-26921CVE-2024-35840CVE-2024-35927CVE-2024-36944CVE-2023-52730CVE-2023-53531CVE-2023-53861CVE-2024-35983CVE-2024-43911CVE-2022-50141CVE-2023-54113CVE-2024-26882CVE-2024-35835CVE-2022-50284CVE-2023-53572CVE-2023-53687CVE-2024-26679CVE-2024-38600CVE-2024-39291CVE-2024-39479CVE-2022-49226CVE-2023-52565CVE-2023-52634CVE-2024-26758CVE-2024-26680CVE-2024-26990CVE-2024-35787CVE-2024-38555CVE-2024-40940CVE-2023-54136CVE-2024-26878CVE-2024-27042 · pendingCVE-2024-43879CVE-2024-43892CVE-2022-50769CVE-2023-53220CVE-2024-26785CVE-2024-26903CVE-2024-36961CVE-2022-48669CVE-2022-50846CVE-2024-26734CVE-2024-26940CVE-2024-27015CVE-2024-35866CVE-2024-35918 · pendingCVE-2024-36882CVE-2020-10135CVE-2022-49078CVE-2023-52643CVE-2024-27437CVE-2024-35859CVE-2024-35888CVE-2024-38596CVE-2024-41001CVE-2023-52464CVE-2024-40966CVE-2022-49430CVE-2024-26939CVE-2024-35855CVE-2024-41038CVE-2024-41058CVE-2023-52686CVE-2023-52788CVE-2023-53674CVE-2024-26835CVE-2024-43842CVE-2022-50177CVE-2024-26672CVE-2024-26712CVE-2024-36028CVE-2024-36885 · pendingCVE-2022-50347CVE-2022-50670CVE-2024-26992CVE-2024-44984CVE-2024-26759CVE-2024-35872CVE-2023-52814CVE-2023-52817CVE-2023-53397CVE-2023-54153CVE-2024-26601CVE-2024-26743CVE-2024-40923CVE-2022-48703CVE-2022-50720CVE-2023-53291CVE-2024-41065CVE-2021-47098CVE-2024-27025CVE-2024-36927CVE-2024-26950CVE-2024-35880CVE-2024-36901CVE-2024-42271CVE-2022-50353CVE-2024-26757CVE-2024-26900CVE-2024-41057CVE-2022-50663CVE-2023-52663CVE-2024-35863CVE-2024-35938CVE-2024-40989CVE-2024-41020CVE-2023-52837CVE-2024-26890CVE-2024-39486CVE-2024-42258CVE-2023-52475CVE-2023-52697

📋 Description

CVE-2019-25162 — kernel: use after free in i2c CVE-2020-10135 — kernel: bluetooth: BR/EDR Bluetooth Impersonation Attacks (BIAS) CVE-2021-47098 — kernel: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations CVE-2021-47101 — kernel: asix: fix uninit-value in asix_mdio_read() CVE-2021-47185 — kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc CVE-2021-47384 — kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field CVE-2021-47386 — kernel: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field CVE-2021-47428 — kernel: powerpc/64s: fix program check interrupt emergency stack path CVE-2021-47429 — kernel: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI CVE-2021-47432 — kernel: lib/generic-radix-tree.c: Don't overflow in peek() CVE-2021-47454 — kernel: powerpc/smp: do not decrement idle task preempt count in CPU offline CVE-2021-47457 — kernel: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() CVE-2021-47495 — kernel: usbnet: sanity check for maxpacket CVE-2021-47497 — kernel: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells CVE-2021-47505 — kernel: aio: fix use-after-free due to missing POLLFREE handling CVE-2022-48669 — kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() CVE-2022-48672 — kernel: of: fdt: fix off-by-one error in unflatten_dt_nodes() CVE-2022-48703 — kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR CVE-2022-48804 — kernel: vt_ioctl: fix array_index_nospec in vt_setactivate CVE-2022-48929 — kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids. CVE-2022-49078 — kernel: lz4: fix LZ4_decompress_safe_partial read out of bound CVE-2022-49124 — kernel: x86/mce: Work around an erratum on fast string copy instructions CVE-2022-49197 — kernel: af_netlink: Fix shift out of bounds in group mask calculation CVE-2022-49226 — kernel: net: asix: add proper error handling of usb read errors CVE-2022-49267 — kernel: mmc: core: use sysfs_emit() instead of sprintf() CVE-2022-49308 — kernel: extcon: Modify extcon device to be created after driver data is set CVE-2022-49329 — kernel: vduse: Fix NULL pointer dereference on sysfs access CVE-2022-49430 — kernel: Input: gpio-keys - cancel delayed work only in case of GPIO CVE-2022-49549 — kernel: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails CVE-2022-49675 — kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup() CVE-2022-49787 — kernel: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() CVE-2022-49860 — kernel: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail CVE-2022-49941 — kernel: tty: n_gsm: avoid call of sleeping functions from atomic context CVE-2022-50019 — kernel: tty: serial: Fix refcount leak bug in ucc_uart.c CVE-2022-50073 — kernel: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null CVE-2022-50096 — kernel: x86/kprobes: Update kcb status flag after singlestepping CVE-2022-50141 — kernel: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch CVE-2022-50177 — kernel: rcutorture: Fix ksoftirqd boosting timing and iteration CVE-2022-50251 — kernel: Linux kernel: Denial of Service due to memory leak in mmc: vub300 module CVE-2022-50268 — kernel: Kernel: Denial of Service in mmc: moxart due to improper return value check CVE-2022-50284 — kernel: ipc: fix memory leak in init_mqueue_fs() CVE-2022-50312 — kernel: drivers: serial: jsm: fix some leaks in probe CVE-2022-50347 — kernel: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() CVE-2022-50353 — kernel: Kernel: Denial of Service via improper return value check in mmc_add_host() CVE-2022-50468 — kernel: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() CVE-2022-50486 — kernel: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() CVE-2022-50495 — kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() CVE-2022-50541 — kernel: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow CVE-2022-50625 — kernel: serial: amba-pl011: avoid SBSA UART accessing DMACR register CVE-2022-50640 — kernel: mmc: core: Fix kernel panic when remove non-standard SDIO card CVE-2022-50653 — kernel: mmc: atmel-mci: fix return value check of mmc_add_host() CVE-2022-50663 — kernel: net: stmmac: fix possible memory leak in stmmac_dvr_probe() CVE-2022-50670 — kernel: mmc: omap_hsmmc: fix return value check of mmc_add_host() CVE-2022-50720 — kernel: x86/apic: Don't disable x2APIC if locked CVE-2022-50748 — kernel: Kernel: Denial of Service via memory leak in mqueue component CVE-2022-50761 — kernel: Linux kernel (x86/xen): Memory leak in CPU lock initialization leading to denial of service. CVE-2022-50769 — kernel: mmc: mxcmmc: fix return value check of mmc_add_host() CVE-2022-50846 — kernel: mmc: via-sdmmc: fix return value check of mmc_add_host() CVE-2022-50858 — kernel: mmc: alcor: fix return value check of mmc_add_host() CVE-2022-50886 — kernel: mmc: toshsd: fix return value check of mmc_add_host() CVE-2023-52445 — kernel: pvrusb2: fix use after free on context disconnection CVE-2023-52451 — kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52455 — kernel: iommu: Don't reserve 0-length IOVA region CVE-2023-52462 — kernel: bpf: fix check for attempt to corrupt spilled pointer CVE-2023-52464 — kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c CVE-2023-52466 — kernel: out-of-bounds read in pci_dev_for_each_resource() CVE-2023-52467 — kernel: null pointer dereference in of_syscon_register() CVE-2023-52473 — kernel: NULL pointer dereference in zone registration error path CVE-2023-52475 — kernel: use-after-free in powermate_config_complete CVE-2023-52477 — kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors CVE-2023-52482 — kernel: x86/srso: Add SRSO mitigation for Hygon processors CVE-2023-52486 — kernel: drm: Don't unref the same fb many times by mistake due to deadlock handling CVE-2023-52492 — kernel: dmaengine: fix NULL pointer in channel unregistration function CVE-2023-52498 — kernel: PM: sleep: Fix possible deadlocks in core system-wide PM code CVE-2023-52501 — kernel: ring-buffer: Do not attempt to read past "commit" CVE-2023-52513 — kernel: RDMA/siw: Fix connection failure handling CVE-2023-52520 — kernel: platform/x86: think-lmi: Fix reference leak CVE-2023-52528 — kernel: net: usb: smsc75xx: Fix uninit-value access in _smsc75xx_read_reg CVE-2023-52560 — kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() CVE-2023-52565 — kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() CVE-2023-52585 — kernel: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() CVE-2023-52594 — kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() CVE-2023-52595 — kernel: wifi: rt2x00: restart beacon queue when hardware reset CVE-2023-52606 — kernel: powerpc/lib: Validate size for vector operations CVE-2023-52614 — kernel: PM / devfreq: Fix buffer overflow in trans_stat_show CVE-2023-52615 — kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng CVE-2023-52619 — kernel: pstore/ram: Fix crash when setting number of cpus to an odd number CVE-2023-52621 — kernel: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers CVE-2023-52622 — kernel: ext4: avoid online resizing failures due to oversized flex bg CVE-2023-52624 — kernel: drm/amd/display: Wake DMCUB before executing GPINT commands CVE-2023-52625 — kernel: drm/amd/display: Refactor DMCUB enter/exit idle interface CVE-2023-52632 — kernel: drm/amdkfd: lock dependency warning with srcu CVE-2023-52634 — kernel: drm/amd/display: Fix disable_otg_wa logic CVE-2023-52635 — kernel: PM / devfreq: Synchronize devfreq_monitor[start/stop] CVE-2023-52637 — kernel: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) CVE-2023-52643 — kernel: iio: core: fix memleak in iio_device_register_sysfs CVE-2023-52648 — kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state CVE-2023-52649 — kernel: drm/vkms: Avoid reading beyond LUT array CVE-2023-52650 — kernel: drm/tegra: dsi: Add missing check for of_find_device_by_node CVE-2023-52656 — kernel: io_uring: drop any code related to SCM_RIGHTS CVE-2023-52659 — kernel: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type CVE-2023-52661 — kernel: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() CVE-2023-52662 — kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node CVE-2023-52663 — kernel: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() CVE-2023-52664 — kernel: net: atlantic: eliminate double free in error handling logic CVE-2023-52674 — kernel: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() CVE-2023-52676 — kernel: bpf: Guard stack limits against 32bit overflow CVE-2023-52679 — kernel: of: Fix double free in of_parse_phandle_with_args_map CVE-2023-52680 — kernel: ALSA: scarlett2: Add missing error checks to *_ctl_get() CVE-2023-52683 — kernel: ACPI: LPIT: Avoid u32 multiplication overflow CVE-2023-52686 — kernel: powerpc/powernv: Add a null pointer check in opal_event_init() CVE-2023-52689 — kernel: ALSA: scarlett2: Add missing mutex lock around get meter levels CVE-2023-52690 — kernel: powerpc/powernv: Add a null pointer check to scom_debug_init_one() CVE-2023-52696 — kernel: powerpc/powernv: Add a null pointer check in opal_powercap_init() CVE-2023-52697 — kernel: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL CVE-2023-52698 — kernel: calipso: fix memory leak in netlbl_calipso_add_pass() CVE-2023-52703 — kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path CVE-2023-52730 — kernel: mmc: sdio: fix possible resource leaks in some error paths CVE-2023-52731 — kernel: fbdev: Fix invalid page access after closing deferred I/O devices CVE-2023-52740 — kernel: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch CVE-2023-52749 — kernel: spi: Fix null dereference on suspend CVE-2023-52751 — kernel: smb: client: fix use-after-free in smb2_query_info_compound() CVE-2023-52756 — kernel: pwm: Fix double shift bug CVE-2023-52757 — kernel: smb: client: fix potential deadlock when releasing mids CVE-2023-52758 — kernel: i2c: dev: copy userspace array safely CVE-2023-52762 — kernel: virtio-blk: fix implicit overflow on virtio_max_dma_size CVE-2023-52775 — kernel: net/smc: avoid data corruption caused by decline CVE-2023-52784 — kernel: bonding: stop the device in bond_setup_by_slave() CVE-2023-52788 — kernel: i915/perf: Fix NULL deref bugs with drm_dbg() calls CVE-2023-52791 — kernel: i2c: core: Run atomic i2c xfer when !preemptible CVE-2023-52811 — kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool CVE-2023-52813 — kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET CVE-2023-52814 — kernel: drm/amdgpu: Fix potential null pointer derefernce CVE-2023-52817 — kernel: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL CVE-2023-52819 — kernel: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga CVE-2023-52831 — kernel: cpu/hotplug: Don't offline the last non-isolated CPU CVE-2023-52833 — kernel: Bluetooth: btusb: Add date->evt_skb is NULL check CVE-2023-52834 — kernel: atl1c: Work around the DMA RX overflow issue CVE-2023-52837 — kernel: nbd: fix uaf in nbd_open CVE-2023-52840 — kernel: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() CVE-2023-52859 — kernel: perf: hisi: Fix use-after-free when register pmu fails CVE-2023-52867 — kernel: drm/radeon: possible buffer overflow CVE-2023-52869 — kernel: pstore/platform: Add check for kstrdup CVE-2023-52878 — kernel: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds CVE-2023-52902 — kernel: nommu: fix memory leak in do_mmap() error path CVE-2023-52932 — kernel: mm/swapfile: add cond_resched() in get_swap_pages() CVE-2023-52935 — kernel: mm/khugepaged: fix ->anon_vma race CVE-2023-53059 — kernel: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl CVE-2023-53068 — kernel: net: usb: lan78xx: Limit packet length to skb->len CVE-2023-53173 — kernel: tty: pcn_uart: fix memory leak with using debugfs_lookup() CVE-2023-53176 — kernel: serial: 8250: Reinit port->pm on port specific driver unbind CVE-2023-53178 — kernel: mm: fix zswap writeback race condition CVE-2023-53182 — kernel: Linux kernel: ACPICA undefined behavior due to zero offset to null pointer CVE-2023-53220 — kernel: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() CVE-2023-53230 — kernel: Kernel: Denial of Service via memory leak in SMB client CVE-2023-53249 — kernel: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe CVE-2023-53264 — kernel: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe CVE-2023-53291 — kernel: Linux kernel: Denial of Service due to improper thread termination in rcuscale module CVE-2023-53391 — kernel: Linux kernel: Memory leak in shmem's ramfs-based tmpfs leads to denial of service CVE-2023-53395 — kernel: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer CVE-2023-53397 — kernel: modpost: fix off by one in is_executable_section() CVE-2023-53401 — kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() CVE-2023-53402 — kernel: kernel/printk/index.c: fix memory leak with using debugfs_lookup() CVE-2023-53470 — kernel: ionic: catch failure from devlink_alloc CVE-2023-53483 — kernel: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() CVE-2023-53503 — kernel: ext4: allow ext4_get_group_info() to fail CVE-2023-53505 — kernel: clk: tegra: tegra124-emc: Fix potential memory leak CVE-2023-53531 — kernel: null_blk: fix poll request timeout handling CVE-2023-53558 — kernel: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() CVE-2023-53572 — kernel: clk: imx: scu: use safe list iterator to avoid a use after free CVE-2023-53596 — kernel: drivers: base: Free devm resources when unregistering a device CVE-2023-53597 — kernel: cifs: fix mid leak during reconnection after timeout threshold CVE-2023-53613 — kernel: dax: Fix dax_mapping_release() use after free CVE-2023-53662 — kernel: ext4: fix memory leaks in ext4_fname{setup_filename,prepare_lookup} CVE-2023-53674 — kernel: clk: Fix memory leak in devm_clk_notifier_register() CVE-2023-53687 — kernel: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk CVE-2023-53697 — kernel: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() CVE-2023-53702 — kernel: s390/crypto: use vector instructions only if available for ChaCha20 CVE-2023-53704 — kernel: clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() CVE-2023-53708 — kernel: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects CVE-2023-53719 — kernel: Linux kernel: Resource leak in arc_uart driver can cause denial of service CVE-2023-53731 — kernel: Kernel: Denial of Service due to a Netlink subsystem deadlock CVE-2023-53744 — kernel: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe CVE-2023-53747 — kernel: Linux kernel: Denial of Service via use-after-free in vc_screen CVE-2023-53752 — kernel: Linux kernel: Denial of Service via integer overflow in kmalloc_reserve() CVE-2023-53768 — kernel: regmap-irq: Fix out-of-bounds access when allocating config buffers CVE-2023-53858 — kernel: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error CVE-2023-53861 — kernel: ext4: correct grp validation in ext4_mb_good_group CVE-2023-53997 — kernel: thermal: of: fix double-free on unregistration CVE-2023-54010 — kernel: Linux kernel: Denial of Service via null pointer dereference in ACPI CVE-2023-54019 — kernel: sched/psi: use kernfs polling functions for PSI trigger polling CVE-2023-54066 — kernel: Linux kernel: Denial of Service in dvb-usb-v2 gl861 due to null-pointer dereference CVE-2023-54083 — kernel: phy: tegra: xusb: Clear the driver reference in usb-phy dev CVE-2023-54093 — kernel: Linux kernel: Denial of Service in anysee media driver via null pointer dereference CVE-2023-54095 — kernel: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses CVE-2023-54113 — kernel: rcu: dump vmalloc memory info safely CVE-2023-54114 — kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module CVE-2023-54118 — kernel: serial: sc16is7xx: setup GPIO controller later in probe CVE-2023-54136 — kernel: serial: sprd: Fix DMA buffer leak issue CVE-2023-54146 — kernel: x86/kexec: Fix double-free of elf header buffer CVE-2023-54153 — kernel: ext4: turn quotas off if mount failed after enabling quotas CVE-2023-54165 — kernel: zsmalloc: move LRU update from zs_map_object() to zs_malloc() CVE-2023-54172 — kernel: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction CVE-2023-54194 — kernel: exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree CVE-2023-54198 — kernel: tty: fix out-of-bounds access in tty_driver_lookup_tty() CVE-2023-54227 — kernel: blk-mq: fix tags leak when shrink nr_hw_queues CVE-2023-54244 — kernel: ACPI: EC: Fix oops when removing custom query handlers CVE-2023-54246 — kernel: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to idle() CVE-2023-54267 — kernel: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT CVE-2023-54268 — kernel: debugobjects: Don't wake up kswapd from fill_pool() CVE-2023-54271 — kernel: Linux kernel: Denial of Service via NULL pointer dereference in blk-cgroup CVE-2023-54291 — kernel: vduse: fix NULL pointer dereference CVE-2023-54298 — kernel: thermal: intel: quark_dts: fix error pointer dereference CVE-2023-54299 — kernel: usb: typec: bus: verify partner exists in typec_altmode_attention CVE-2023-54301 — kernel: serial: 8250_bcm7271: fix leak in brcmuart_probe CVE-2023-54323 — kernel: cxl/pmem: Fix nvdimm registration races CVE-2024-0340 — kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() CVE-2024-1151 — kernel: stack overflow problem in Open vSwitch kernel module leading to DoS CVE-2024-22099 — kernel: NULL Pointer dereference bluetooth allows Overflow Buffers CVE-2024-23307 — kernel: Integer Overflow in raid5_cache_count CVE-2024-23848 — kernel: use-after-free in cec_queue_msg_fh CVE-2024-24857 — kernel: net/bluetooth: race condition in conn_info{min,max}age_set() CVE-2024-24858 — kernel: net/bluetooth: race condition in {conn,adv}{min,max}interval_set() function CVE-2024-24859 — kernel: bluetooth: race condition in sniff{min,max}_interval_set() CVE-2024-25739 — kernel: crash due to a missing check for leb_size CVE-2024-26589 — kernel: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS CVE-2024-26591 — kernel: bpf: Fix re-attachment branch in bpf_tracing_prog_attach CVE-2024-26601 — kernel: ext4: regenerate buddy after block freeing failed if under fc replay CVE-2024-26603 — kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever CVE-2024-26605 — kernel: PCI/ASPM: Fix deadlock when enabling ASPM CVE-2024-26611 — kernel: xsk: fix usage of multi-buffer BPF helpers for ZC XDP CVE-2024-26612 — kernel: netfs, fscache: Prevent Oops in fscache_put_cache() CVE-2024-26614 — kernel: tcp: make sure init the accept_queue's spinlocks once CVE-2024-26618 — hw: arm64/sme: Always exit sme_alloc() early with existing storage CVE-2024-26631 — kernel: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work CVE-2024-26638 — kernel: nbd: always initialize struct msghdr completely CVE-2024-26641 — kernel: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() CVE-2024-26645 — kernel: tracing: Ensure visibility when inserting an element into tracing_map CVE-2024-26646 — kernel: thermal: intel: hfi: Add syscore callbacks for system-wide PM CVE-2024-26650 — kernel: p2sb_bar() calls during PCI device probe CVE-2024-26656 — kernel: drm/amdgpu: use-after-free vulnerability CVE-2024-26660 — kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 CVE-2024-26661 — kernel: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' CVE-2024-26662 — kernel: drm/amd/display: 'panel_cntl' could be null in 'dcn21_set_backlight_level()' CVE-2024-26663 — kernel: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() CVE-2024-26664 — kernel: hwmon: (coretemp) Fix out-of-bounds memory access CVE-2024-26669 — kernel: net/sched: flower: Fix chain template offload CVE-2024-26670 — kernel: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD CVE-2024-26672 — kernel: drm/amdgpu: variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' CVE-2024-26674 — kernel: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups CVE-2024-26675 — kernel: ppp_async: limit MRU to 64K CVE-2024-26678 — kernel: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section CVE-2024-26679 — kernel: inet: read sk->sk_family once in inet_recv_error() CVE-2024-26680 — kernel: net: atlantic: Fix DMA mapping for PTP hwts ring CVE-2024-26686 — kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats CVE-2024-26691 — kernel: KVM: arm64: Fix circular locking dependency CVE-2024-26700 — kernel: drm/amd/display: Fix MST Null Ptr for RV CVE-2024-26704 — kernel: ext4: fix double-free of blocks due to wrong extents moved_len CVE-2024-26707 — kernel: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() CVE-2024-26708 — kernel: mptcp: really cope with fastopen race CVE-2024-26712 — kernel: powerpc/kasan: Fix addr error caused by page alignment CVE-2024-26717 — kernel: HID: i2c-hid-of: fix NULL-deref on failed power up CVE-2024-26719 — kernel: nouveau: offload fence uevents work to workqueue CVE-2024-26725 — kernel: dpll: fix possible deadlock during netlink dump operation CVE-2024-26733 — kernel: arp: Prevent overflow in arp_req_get(). CVE-2024-26734 — kernel: devlink: fix possible use-after-free and memory leaks in devlink_init() CVE-2024-26740 — kernel: net/sched: act_mirred: use the backlog for mirred ingress CVE-2024-26743 — kernel: RDMA/qedr: Fix qedr_create_user_qp error flow CVE-2024-26744 — kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter CVE-2024-26746 — kernel: dmaengine: idxd: Ensure safe user copy of completion record CVE-2024-26757 — kernel: md: Don't ignore read-only array in md_check_recovery() CVE-2024-26758 — kernel: md: Don't ignore suspended array in md_check_recovery() CVE-2024-26759 — kernel: mm/swap: fix race when skipping swapcache CVE-2024-26761 — kernel: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window CVE-2024-26767 — kernel: drm/amd/display: fixed integer types and null check locations CVE-2024-26772 — kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() CVE-2024-26774 — kernel: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt CVE-2024-26782 — kernel: mptcp: fix double-free on socket dismantle CVE-2024-26785 — kernel: iommufd: Fix protection fault in iommufd_test_syz_conv_iova CVE-2024-26786 — kernel: iommufd: Fix iopt_access_list_id overwrite bug CVE-2024-26803 — kernel: net: veth: clear GRO when clearing XDP even when down CVE-2024-26812 — kernel: vfio/pci: Create persistent INTx handler CVE-2024-26815 — kernel: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check CVE-2024-26835 — kernel: netfilter: nf_tables: set dormant flag on hook register failure CVE-2024-26837 — kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload CVE-2024-26838 — kernel: RDMA/irdma: Fix KASAN issue with tasklet CVE-2024-26840 — kernel: cachefiles: fix memory leak in cachefiles_add_cache() CVE-2024-26843 — kernel: efi: runtime: Fix potential overflow of soft-reserved region size CVE-2024-26846 — kernel: nvme-fc: do not wait in vain when unloading module CVE-2024-26857 — kernel: geneve: make sure to pull inner header in geneve_rx() CVE-2024-26861 — kernel: wireguard: receive: annotate data-race around receiving_counter.counter CVE-2024-26862 — kernel: packet: annotate data-races around ignore_outgoing CVE-2024-26863 — kernel: hsr: Fix uninit-value access in hsr_get_node() CVE-2024-26870 — kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 CVE-2024-26872 — kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup CVE-2024-26878 — kernel: quota: Fix potential NULL pointer dereference CVE-2024-26882 — kernel: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() CVE-2024-26889 — kernel: Bluetooth: hci_core: Fix possible buffer overflow CVE-2024-26890 — kernel: Bluetooth: btrtl: fix out of bounds memory access CVE-2024-26892 — kernel: wifi: mt76: mt7921e: fix use-after-free in free_irq() CVE-2024-26894 — kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() CVE-2024-26899 — kernel: block: fix deadlock between bd_link_disk_holder and partition scan CVE-2024-26900 — kernel: md: fix kmemleak of rdev->serial CVE-2024-26901 — kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak CVE-2024-26903 — kernel: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security CVE-2024-26906 — kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() CVE-2024-26907 — kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26915 — kernel: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit CVE-2024-26920 — kernel: tracing/trigger: Fix to return error if failed to alloc snapshot CVE-2024-26921 — kernel: inet: inet_defrag: prevent sk release while still in use CVE-2024-26922 — kernel: drm/amdgpu: validate the parameters of bo mapping operations more clearly CVE-2024-26924 — kernel: netfilter: nft_set_pipapo: do not free live element CVE-2024-26927 — kernel: ASoC: SOF: Add some bounds checking to firmware data CVE-2024-26928 — kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show() CVE-2024-26933 — kernel: USB: core: Fix deadlock in port "disable" sysfs attribute CVE-2024-26934 — kernel: USB: core: Fix deadlock in usb_deauthorize_interface() CVE-2024-26937 — kernel: drm/i915/gt: Reset queue_priority_hint on parking CVE-2024-26938 — kernel: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() CVE-2024-26939 — kernel: drm/i915/vma: Fix UAF on destroy against retire race CVE-2024-26940 — kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed CVE-2024-26950 — kernel: wireguard: netlink: access device through ctx instead of peer CVE-2024-26951 — kernel: wireguard: netlink: check for dangling peer via is_dead instead of empty list CVE-2024-26953 — kernel: net: esp: fix bad handling of pages from page_pool CVE-2024-26958 — kernel: nfs: fix UAF in direct writes CVE-2024-26960 — kernel: mm: swap: fix race between free_swap_and_cache() and swapoff() CVE-2024-26962 — kernel: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape CVE-2024-26964 — kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma CVE-2024-26973 — kernel: fat: fix uninitialized field in nostale filehandles CVE-2024-26975 — kernel: powercap: intel_rapl: Fix a NULL pointer dereference CVE-2024-26976 — kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed CVE-2024-26984 — kernel: nouveau: fix instmem race condition around ptr stores CVE-2024-26987 — kernel: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled CVE-2024-26988 — kernel: init/main.c: Fix potential static_command_line memory overflow CVE-2024-26989 — kernel: arm64: hibernate: Fix level3 translation fault in swsusp_save() CVE-2024-26990 — kernel: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status CVE-2024-26992 — kernel: KVM: x86/pmu: Disable support for adaptive PEBS CVE-2024-27003 — kernel: clk: Get runtime PM before walking tree for clk_summary CVE-2024-27004 — kernel: clk: Get runtime PM before walking tree during disable_unused CVE-2024-27010 — kernel: net/sched: Fix mirred deadlock on device recursion CVE-2024-27011 — kernel: netfilter: nf_tables: fix memleak in map from abort path CVE-2024-27012 — kernel: netfilter: nf_tables: restore set elements when delete set fails CVE-2024-27013 — kernel: tun: limit printing rate when illegal packet received by tun dev CVE-2024-27014 — kernel: net/mlx5e: Prevent deadlock while disabling aRFS CVE-2024-27015 — kernel: netfilter: flowtable: incorrect pppoe tuple CVE-2024-27017 — kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump CVE-2024-27023 — kernel: md: Fix missing release of 'active_io' for flush CVE-2024-27025 — kernel: nbd: null check for nla_nest_start CVE-2024-27038 — kernel: clk: Fix clk_core_get NULL dereference CVE-2024-27042 — kernel: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' CVE-2024-27048 — kernel: wifi: brcm80211: handle pmk_op allocation failure CVE-2024-27057 — kernel: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend CVE-2024-27062 — kernel: nouveau: lock the client object tree. CVE-2024-27079 — kernel: iommu/vt-d: Fix NULL domain on device release CVE-2024-27389 — kernel: pstore: inode: Only d_invalidate() is needed CVE-2024-27395 — kernel: net: openvswitch: Fix Use-After-Free in ovs_ct_exit CVE-2024-27404 — kernel: mptcp: fix data races on remote_id CVE-2024-27410 — kernel: wifi: nl80211: reject iftype change with mesh ID change CVE-2024-27414 — kernel: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back CVE-2024-27431 — kernel: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program CVE-2024-27436 — kernel: ALSA: usb-audio: Stop parsing channels bits when all channels are found. CVE-2024-27437 — kernel: vfio/pci: Disable auto-enable of exclusive INTx IRQ CVE-2024-31076 — kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline CVE-2024-35787 — kernel: md/md-bitmap: fix incorrect usage for sb_index CVE-2024-35794 — kernel: dm-raid: really frozen sync_thread during suspend CVE-2024-35795 — kernel: drm/amdgpu: fix deadlock while reading mqd from debugfs CVE-2024-35801 — kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD CVE-2024-35805 — kernel: dm snapshot: fix lockup in dm_exception_table_exit CVE-2024-35807 — kernel: ext4: fix corruption during on-line resize CVE-2024-35808 — kernel: md/dm-raid: don't call md_reap_sync_thread() directly CVE-2024-35809 — kernel: PCI/PM: Drain runtime-idle callbacks before driver removal CVE-2024-35810 — kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory CVE-2024-35812 — kernel: usb: cdc-wdm: close race between read and workqueue CVE-2024-35814 — kernel: swiotlb: Fix double-allocation of slots due to broken alignment handling CVE-2024-35817 — kernel: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag CVE-2024-35822 — kernel: usb: udc: remove warning when queue disabled ep CVE-2024-35824 — kernel: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume CVE-2024-35827 — kernel: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() CVE-2024-35831 — kernel: io_uring: Fix release of pinned pages when __io_uaddr_map fails CVE-2024-35835 — kernel: net/mlx5e: fix a double-free in arfs_create_groups CVE-2024-35838 — kernel: wifi: mac80211: fix potential sta-link leak CVE-2024-35840 — kernel: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() CVE-2024-35843 — kernel: iommu/vt-d: Use device rbtree in iopf reporting path CVE-2024-35847 — kernel: irqchip/gic-v3-its: Prevent double free on error CVE-2024-35853 — kernel: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash CVE-2024-35854 — kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash CVE-2024-35855 — kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update CVE-2024-35859 — kernel: block: fix module reference leakage from bdev_open_by_dev error path CVE-2024-35861 — kernel: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() CVE-2024-35862 — kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted() CVE-2024-35863 — kernel: smb: client: fix potential UAF in is_valid_oplock_break() CVE-2024-35864 — kernel: smb: client: fix potential UAF in smb2_is_valid_lease_break() CVE-2024-35865 — kernel: smb: client: fix potential UAF in smb2_is_valid_oplock_break() CVE-2024-35866 — kernel: smb: client: fix potential UAF in cifs_dump_full_key() CVE-2024-35867 — kernel: smb: client: fix potential UAF in cifs_stats_proc_show() CVE-2024-35869 — kernel: smb: client: guarantee refcounted children from parent session CVE-2024-35872 — kernel: mm/secretmem: fix GUP-fast succeeding on secretmem folios CVE-2024-35876 — kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() CVE-2024-35877 — kernel: x86/mm/pat: fix VM_PAT handling in COW mappings CVE-2024-35878 — kernel: of: module: prevent NULL pointer dereference in vsnprintf() CVE-2024-35880 — kernel: io_uring/kbuf: hold io_buffer_list reference over mmap CVE-2024-35886 — kernel: ipv6: Fix infinite recursion in fib6_dump_done(). CVE-2024-35888 — kernel: erspan: make sure erspan_base_hdr is present in skb->head CVE-2024-35892 — kernel: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() CVE-2024-35894 — kernel: mptcp: prevent BPF accessing lowat from a subflow socket. CVE-2024-35900 — kernel: netfilter: nf_tables: reject new basechain after table flag update CVE-2024-35904 — kernel: selinux: avoid dereference of garbage after mount failure CVE-2024-35905 — kernel: bpf: Protect against int overflow for stack access size CVE-2024-35908 — kernel: tls: get psock ref after taking rxlock to avoid leak CVE-2024-35912 — kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks CVE-2024-35913 — kernel: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF CVE-2024-35918 — kernel: randomize_kstack: Improve entropy diffusion CVE-2024-35923 — kernel: io_uring: clear opcode specific data for an early failure CVE-2024-35924 — kernel: usb: typec: ucsi: Limit read size on v1.2 CVE-2024-35925 — kernel: block: prevent division by zero in blk_rq_stat_sum() CVE-2024-35927 — kernel: drm: Check output polling initialized before disabling CVE-2024-35928 — kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() CVE-2024-35930 — kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() CVE-2024-35931 — kernel: drm/amdgpu: Skip do PCI error slot reset during RAS recovery CVE-2024-35938 — kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB CVE-2024-35939 — kernel: dma-direct: Leak pages on dma_set_decrypted() failure CVE-2024-35942 — kernel: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain CVE-2024-35944 — kernel: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() CVE-2024-35946 — kernel: wifi: rtw89: fix null pointer access when abort scan CVE-2024-35947 — kernel: dyndbg: fix old BUG_ON in >control parser CVE-2024-35950 — kernel: drm/client: Fully protect modes[] with dev->mode_config.mutex CVE-2024-35952 — kernel: drm/ast: Fix soft lockup CVE-2024-35954 — kernel: scsi: sg: Avoid sg device teardown race CVE-2024-35957 — kernel: iommu/vt-d: Fix WARN_ON in iommu probe path CVE-2024-35959 — kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow CVE-2024-35973 — kernel: geneve: fix header validation in geneve[6]xmit_skb CVE-2024-35976 — kernel: xsk: validate user input for XDP{UMEM|COMPLETION}_FILL_RING CVE-2024-35979 — kernel: raid1: fix use-after-free for original bio in raid1_write_request() CVE-2024-35983 — kernel: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS CVE-2024-35991 — kernel: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue CVE-2024-35995 — kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses CVE-2024-36002 — kernel: dpll: fix dpll_pin_on_pin_register() for multiple parent pins CVE-2024-36006 — kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage CVE-2024-36010 — kernel: igb: Fix string truncation warnings in igb_set_fw_version CVE-2024-36015 — kernel: ppdev: Add an error check in register_device CVE-2024-36022 — kernel: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload CVE-2024-36028 — kernel: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() CVE-2024-36030 — kernel: octeontx2-af: fix the double free in rvu_npc_freemem() CVE-2024-36031 — kernel: keys: Fix overwrite of key expiration on instantiation CVE-2024-36477 — kernel: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer CVE-2024-36881 — kernel: mm/userfaultfd: reset ptes when close() for wr-protected ones CVE-2024-36882 — kernel: mm: use memalloc_nofs_save() in page_cache_ra_order() CVE-2024-36884 — kernel: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() CVE-2024-36885 — kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() CVE-2024-36891 — kernel: maple_tree: fix mas_empty_area_rev() null pointer dereference CVE-2024-36896 — kernel: USB: core: Fix access violation during port device removal CVE-2024-36901 — kernel: ipv6: prevent NULL dereference in ip6_output() CVE-2024-36902 — kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() CVE-2024-36905 — kernel: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets CVE-2024-36917 — kernel: block: fix overflow in blk_ioctl_discard() CVE-2024-36920 — kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING CVE-2024-36926 — kernel: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE CVE-2024-36927 — kernel: ipv4: Fix uninit-value access in _ip_make_skb() CVE-2024-36928 — kernel: s390/qeth: Fix kernel panic after setting hsuid CVE-2024-36930 — kernel: spi: fix null pointer dereference within spi_sync CVE-2024-36932 — kernel: thermal/debugfs: Prevent use-after-free from occurring after cdev removal CVE-2024-36933 — kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). CVE-2024-36936 — kernel: efi/unaccepted: touch soft lockup during memory accept CVE-2024-36939 — kernel: nfs: Handle error of rpc_proc_register() in nfs_net_init(). CVE-2024-36940 — kernel: pinctrl: core: delete incorrect free in pinctrl_enable() CVE-2024-36944 — kernel: Reapply "drm/qxl: simplify qxl_fence_wait" CVE-2024-36945 — kernel: net/smc: fix neighbour and rtable leak in smc_ib_find_route() CVE-2024-36955 — kernel: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() CVE-2024-36956 — kernel: thermal/debugfs: Free all thermal zone debug memory on zone removal CVE-2024-36960 — kernel: drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36961 — kernel: thermal/debugfs: Fix two locking issues with thermal zone debug CVE-2024-36967 — kernel: KEYS: trusted: Fix memory leak in tpm2_key_encode() CVE-2024-36974 — kernel: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP CVE-2024-36977 — kernel: usb: dwc3: Wait unconditionally after issuing EndXfer command CVE-2024-38388 — kernel: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup CVE-2024-38555 — kernel: net/mlx5: Discard command completions in internal error CVE-2024-38581 — kernel: drm/amdgpu/mes: fix use-after-free issue CVE-2024-38596 — kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg CVE-2024-38598 — kernel: md: fix resync softlockup when bitmap size is less than array size CVE-2024-38600 — kernel: ALSA: Fix deadlocks with kctl removals at disconnection CVE-2024-38604 — kernel: block: refine the EOF check in blkdev_iomap_begin CVE-2024-38605 — kernel: ALSA: core: Fix NULL module pointer assignment at card init CVE-2024-38612 — kernel: ipv6: sr: fix invalid unregister error path CVE-2024-38618 — kernel: ALSA: timer: Set lower bound of start tick time CVE-2024-38627 — kernel: stm class: Fix a double free in stm_register_device() CVE-2024-38629 — kernel: dmaengine: idxd: Avoid unnecessary destruction of file_ida CVE-2024-38632 — kernel: vfio/pci: fix potential memory leak in vfio_intx_enable() CVE-2024-38635 — kernel: soundwire: cadence: fix invalid PDI offset CVE-2024-39276 — kernel: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() CVE-2024-39291 — kernel: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init cp_compute_microcode() and rlc_microcode() CVE-2024-39298 — kernel: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages CVE-2024-39471 — kernel: drm/amdgpu: add error handle to avoid out-of-bounds CVE-2024-39473 — kernel: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension CVE-2024-39474 — kernel: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL CVE-2024-39479 — kernel: drm/i915/hwmon: Get rid of devm CVE-2024-39486 — kernel: drm/drm_file: Fix pid refcounting race CVE-2024-39488 — kernel: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY CVE-2024-39491 — kernel: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance CVE-2024-39497 — kernel: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) CVE-2024-39498 — kernel: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 CVE-2024-39499 — kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver() CVE-2024-39501 — kernel: drivers: core: synchronize really_probe() and dev_uevent() CVE-2024-39503 — kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type CVE-2024-39507 — kernel: net: hns3: fix kernel crash problem in concurrent scenario CVE-2024-39508 — kernel: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags CVE-2024-40901 — kernel: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory CVE-2024-40903 — kernel: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps CVE-2024-40906 — kernel: net/mlx5: Always stop health timer during driver removal CVE-2024-40907 — kernel: ionic: fix kernel panic in XDP_TX action CVE-2024-40913 — kernel: cachefiles: defer exposing anon_fd until after copy_to_user() succeeds CVE-2024-40919 — kernel: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() CVE-2024-40922 — kernel: io_uring/rsrc: don't lock while !TASK_RUNNING CVE-2024-40923 — kernel: vmxnet3: disable rx data ring on dma allocation failure CVE-2024-40924 — kernel: drm/i915/dpt: Make DPT object unshrinkable CVE-2024-40925 — kernel: block: fix request.queuelist usage in flush CVE-2024-40930 — kernel: wifi: cfg80211: validate HE operation element parsing CVE-2024-40940 — kernel: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail CVE-2024-40945 — kernel: iommu: Return right value in iommu_sva_bind_device() CVE-2024-40948 — kernel: mm/page_table_check: fix crash on ZONE_DEVICE CVE-2024-40965 — kernel: i2c: lpi2c: Avoid calling clk_get_rate during transfer CVE-2024-40966 — kernel: tty: add the option to have a tty reject a new ldisc CVE-2024-40967 — kernel: serial: imx: Introduce timeout when waiting on transmitter empty CVE-2024-40988 — kernel: drm/radeon: fix UBSAN warning in kv_dpm.c CVE-2024-40989 — kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown CVE-2024-40997 — kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit CVE-2024-41001 — kernel: io_uring/sqpoll: work around a potential audit memory leak CVE-2024-41007 — kernel: tcp: avoid too many retransmit packets CVE-2024-41008 — kernel: drm/amdgpu: change vm->task_info handling CVE-2024-41012 — kernel: filelock: Remove locks reliably when fcntl/close race is detected CVE-2024-41020 — kernel: filelock: Fix fcntl/close race recovery compat path CVE-2024-41032 — kernel: mm: vmalloc: check if a hash-index is in cpu_possible_mask CVE-2024-41038 — kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers CVE-2024-41039 — kernel: firmware: cs_dsp: Fix overflow checking of wmfw header CVE-2024-41042 — kernel: netfilter: nf_tables: prefer nft_chain_validate CVE-2024-41049 — kernel: filelock: fix potential use-after-free in posix_lock_inode CVE-2024-41056 — kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files CVE-2024-41057 — kernel: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() CVE-2024-41058 — kernel: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() CVE-2024-41060 — kernel: drm/radeon: check bo_va->bo is non-NULL before using it CVE-2024-41063 — kernel: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() CVE-2024-41065 — kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace CVE-2024-41077 — kernel: null_blk: fix validation of block size CVE-2024-41079 — kernel: nvmet: always initialize cqe.result CVE-2024-41082 — kernel: nvme-fabrics: use reserved tag for reg read/write command CVE-2024-41084 — kernel: cxl/region: Avoid null pointer dereference in region lookup CVE-2024-41085 — kernel: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling CVE-2024-41089 — kernel: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes CVE-2024-41092 — kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers CVE-2024-41093 — kernel: drm/amdgpu: avoid using null object of framebuffer CVE-2024-41094 — kernel: drm/fbdev-dma: Only set smem_start is enable per module option CVE-2024-41095 — kernel: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes CVE-2024-42070 — kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers CVE-2024-42078 — kernel: nfsd: initialise nfsd_info.mutex early. CVE-2024-42084 — kernel: ftruncate: pass a signed offset CVE-2024-42090 — kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER CVE-2024-42101 — kernel: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes CVE-2024-42114 — kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values CVE-2024-42123 — kernel: drm/amdgpu: fix double free err_addr pointer warnings CVE-2024-42124 — kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible CVE-2024-42125 — kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband CVE-2024-42132 — kernel: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX CVE-2024-42141 — kernel: Bluetooth: ISO: Check socket flag instead of hcon CVE-2024-42154 — kernel: tcp_metrics: validate source addr length CVE-2024-42159 — kernel: scsi: mpi3mr: Sanitise num_phys CVE-2024-42226 — kernel: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB CVE-2024-42228 — kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc CVE-2024-42237 — kernel: firmware: cs_dsp: Validate payload length before processing block CVE-2024-42238 — kernel: firmware: cs_dsp: Return error if block header overflows file CVE-2024-42240 — kernel: x86/bhi: Avoid warning in #DB handler due to BHI mitigation CVE-2024-42245 — kernel: Revert "sched/fair: Make sure to try to detach at least one movable task" CVE-2024-42258 — kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines CVE-2024-42268 — kernel: net/mlx5: Fix missing lock on sync reset reload CVE-2024-42271 — kernel: net/iucv: fix use after free in iucv_sock_close() CVE-2024-42276 — kernel: nvme-pci: add missing condition check for existence of mapped data CVE-2024-42301 — kernel: dev/parport: fix the array out-of-bounds risk CVE-2024-43817 — kernel: net: missing check virtio CVE-2024-43826 — kernel: nfs: pass explicit offset/count to trace events CVE-2024-43830 — kernel: leds: trigger: Unregister sysfs attributes before calling deactivate() CVE-2024-43842 — kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() CVE-2024-43856 — kernel: dma: fix call order in dmam_free_coherent CVE-2024-43865 — kernel: s390/fpu: Re-add exception handling in load_fpu_state() CVE-2024-43866 — kernel: net/mlx5: Always drain health in shutdown callback CVE-2024-43869 — kernel: perf: Fix event leak upon exec and file release CVE-2024-43870 — kernel: perf: Fix event leak upon exit CVE-2024-43879 — kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() CVE-2024-43888 — kernel: mm: list_lru: fix UAF for memory cgroup CVE-2024-43892 — kernel: memcg: protect concurrent access to mem_cgroup_idr CVE-2024-43911 — kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session CVE-2024-44947 — kernel: fuse: Initialize beyond-EOF page contents before setting uptodate CVE-2024-44960 — kernel: usb: gadget: core: Check for unset descriptor CVE-2024-44965 — kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption CVE-2024-44970 — kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink CVE-2024-44984 — kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT CVE-2024-45005 — kernel: KVM: s390: fix validity interception issue when gisa is switched off CVE-2024-58239 — kernel: tls: stop recv() if initial process_rx_list gave us non-DATA

🔗 References (477)