|
general protection fault in em_cmp_match
|
2 |
C |
|
|
1 |
1224d |
1224d
|
1/1 |
1194d |
9cd3fd2054c3
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
|
|
KASAN: use-after-free Read in bcm_can_tx
|
19 |
C |
|
|
2 |
1567d |
2023d
|
1/1 |
1548d |
632881680ba0
can: bcm: fix UAF of bcm op
|
|
general protection fault in ieee802154_llsec_parse_key_id
|
11 |
C |
|
done |
101 |
1836d |
1892d
|
1/1 |
1805d |
6f7f657f2440
net: ieee802154: nl-mac: fix check on panid
|
|
general protection fault in nl802154_del_llsec_devkey
|
2 |
C |
|
done |
171 |
1836d |
1898d
|
1/1 |
1805d |
27c746869e1a
net: ieee802154: fix nl802154 del llsec devkey
|
|
general protection fault in nl802154_del_llsec_key
|
2 |
C |
|
done |
135 |
1836d |
1892d
|
1/1 |
1805d |
37feaaf5ceb2
net: ieee802154: fix nl802154 del llsec key
|
|
general protection fault in try_to_wake_up
|
2 |
C |
|
done |
707 |
1836d |
1866d
|
1/1 |
1805d |
cca8ea3b05c9
net: tun: set tun->dev->addr_len during TUNSETLINK processing
|
|
general protection fault in nl802154_add_llsec_key
|
2 |
C |
|
done |
168 |
1836d |
1896d
|
1/1 |
1805d |
20d5fe2d7103
net: ieee802154: fix nl802154 add llsec key
|
|
general protection fault in nl802154_del_llsec_dev
|
2 |
C |
|
done |
136 |
1836d |
1898d
|
1/1 |
1806d |
3d1eac2f4558
net: ieee802154: fix nl802154 del llsec dev
|
|
INFO: trying to register non-static key in ieee802154_get_llsec_params
|
-1 |
C |
|
done |
8 |
1839d |
1863d
|
1/1 |
1809d |
1534efc7bbc1
net: ieee802154: stop dump llsec params for monitors
|
|
WARNING in cfg80211_connect
|
-1 |
C |
|
done |
101 |
1854d |
2033d
|
1/1 |
1819d |
1b5ab825d9ac
cfg80211: remove WARN_ON() in cfg80211_sme_connect
|
|
BUG: unable to handle kernel NULL pointer dereference in __lookup_hash
|
10 |
C |
|
done |
31 |
1849d |
2042d
|
1/1 |
1819d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
general protection fault in selinux_socket_sendmsg
|
2 |
C |
|
done |
3 |
1858d |
2031d
|
1/1 |
1827d |
363eaa3a450a
usbip: synchronize event handler with sysfs code paths
|
|
KASAN: use-after-free Read in ieee80211_ibss_build_presp
|
19 |
C |
|
done |
2 |
1860d |
2006d
|
1/1 |
1829d |
3bd801b14e0c
mac80211: fix double free in ibss_leave
|
|
possible deadlock in red_adaptative_timer
|
4 |
C |
|
done |
2 |
1862d |
1953d
|
1/1 |
1831d |
e323d865b361
net: sched: validate stab values
|
|
BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
|
10 |
syz |
|
done |
1335 |
1866d |
1957d
|
1/1 |
1833d |
363eaa3a450a
usbip: synchronize event handler with sysfs code paths
|
|
WARNING in ext4_xattr_set_entry
|
-1 |
C |
|
done |
19 |
1877d |
2033d
|
1/1 |
1845d |
6b22489911b7
ext4: do not try to set xattr into ea_inode if value is empty
|
|
BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
|
10 |
C |
|
done |
207 |
1878d |
2095d
|
1/1 |
1845d |
e8bd76ede155
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
|
KASAN: use-after-free Read in ntfs_iget
|
19 |
C |
|
done |
2 |
1890d |
1966d
|
1/1 |
1860d |
4dfe6bd94959
ntfs: check for valid standard information attribute
|
|
KASAN: use-after-free Read in ntfs_read_locked_inode
|
19 |
C |
|
done |
2 |
1892d |
2043d
|
1/1 |
1861d |
4dfe6bd94959
ntfs: check for valid standard information attribute
|
|
KASAN: slab-out-of-bounds Read in squashfs_export_iget
|
17 |
C |
|
done |
4 |
1919d |
2023d
|
1/1 |
1886d |
eabac19e40c0
squashfs: add more sanity checks in inode lookup
|
|
general protection fault in ieee80211_subif_start_xmit
|
2 |
syz |
|
done |
1 |
1916d |
1976d
|
1/1 |
1886d |
054c9939b480
mac80211: pause TX while changing interface type
|
|
general protection fault in ioctl_standard_call
|
2 |
C |
|
done |
24 |
1917d |
2013d
|
1/1 |
1886d |
5122565188ba
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
|
KASAN: slab-out-of-bounds Read in squashfs_get_id
|
17 |
C |
|
|
11 |
1889d |
2042d
|
1/1 |
1888d |
f37aa4c7366e
squashfs: add more sanity checks in id lookup
|
|
KASAN: use-after-free Read in squashfs_get_id
|
19 |
C |
|
|
1 |
1888d |
1984d
|
1/1 |
1888d |
f37aa4c7366e
squashfs: add more sanity checks in id lookup
|
|
KASAN: use-after-free Read in reiserfs_fill_super
|
19 |
C |
|
done |
2 |
1937d |
1937d
|
1/1 |
1890d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
divide error in do_journal_end
|
2 |
C |
|
done |
1 |
1934d |
1994d
|
1/1 |
1890d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
KASAN: use-after-free Read in search_by_entry_key
|
19 |
C |
|
done |
3 |
1936d |
2042d
|
1/1 |
1890d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
KASAN: use-after-free Read in reiserfs_read_locked_inode
|
19 |
C |
|
done |
5 |
1939d |
2043d
|
1/1 |
1891d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
general protection fault in dqput
|
2 |
C |
|
done |
1 |
1945d |
1945d
|
1/1 |
1915d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
|
KASAN: use-after-free Read in leaf_paste_entries
|
19 |
C |
|
done |
6 |
1947d |
1991d
|
1/1 |
1916d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
general protection fault in hci_phy_link_complete_evt
|
2 |
C |
|
done |
40 |
1947d |
2093d
|
1/1 |
1916d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
|
BUG: unable to handle kernel paging request in dquot_add_inodes
|
8 |
C |
|
done |
2 |
1949d |
1971d
|
1/1 |
1919d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
|
BUG: unable to handle kernel paging request in dqput
|
8 |
C |
|
done |
9 |
1951d |
2041d
|
1/1 |
1920d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
|
kernel BUG at net/core/dev.c:LINE!
|
-1 |
C |
|
inconclusive |
3 |
1944d |
2213d
|
1/1 |
1925d |
54970a2fbb67
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
|
|
kernel BUG at fs/reiserfs/prints.c:LINE!
|
-1 |
C |
|
done |
3 |
1960d |
2040d
|
1/1 |
1930d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
|
general protection fault in get_work_pool
|
2 |
C |
|
done |
1 |
1963d |
1993d
|
1/1 |
1932d |
905b2032fa42
mac80211: mesh: fix mesh_pathtbl_init() error path
|
|
BUG: corrupted list in dquot_disable
|
8 |
C |
|
done |
1 |
1964d |
1964d
|
1/1 |
1933d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
|
KASAN: use-after-free Read in sco_chan_del
|
19 |
C |
|
done |
10 |
1966d |
2092d
|
1/1 |
1936d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
|
INFO: trying to register non-static key in rhashtable_free_and_destroy
|
-1 |
C |
|
done |
4 |
1971d |
1984d
|
1/1 |
1938d |
905b2032fa42
mac80211: mesh: fix mesh_pathtbl_init() error path
|
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt
|
17 |
C |
|
done |
15 |
1973d |
2093d
|
1/1 |
1943d |
f7e0e8b2f1b0
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
|
BUG: unable to handle kernel paging request in dquot_add_space
|
8 |
C |
|
done |
1 |
1974d |
2034d
|
1/1 |
1943d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
|
BUG: sleeping function called from invalid context in sta_info_move_state
|
5 |
C |
|
done |
1101 |
1979d |
1981d
|
1/1 |
1948d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
|
general protection fault in qp_release_pages
|
2 |
C |
|
done |
2 |
1981d |
2011d
|
1/1 |
1950d |
90ca6333fd65
VMCI: check return value of get_user_pages_fast() for errors
|
|
WARNING in unlock_new_inode
|
-1 |
C |
|
done |
55 |
2007d |
2045d
|
1/1 |
1977d |
8859bf2b1278
reiserfs: only call unlock_new_inode() if I_NEW
|
|
KASAN: slab-out-of-bounds Write in init_sb
|
21 |
C |
|
done |
3 |
2009d |
2042d
|
1/1 |
1978d |
0ddc5154b24c
gfs2: add validation checks for size of superblock
|
|
KASAN: global-out-of-bounds Read in fbcon_resize
|
17 |
C |
|
done |
529 |
2013d |
2061d
|
1/1 |
1982d |
ec0972adecb3
fbcon: Fix user font detection test at fbcon_resize().
|
|
INFO: task hung in ucma_close
|
1 |
C |
|
done |
421 |
2013d |
2426d
|
1/1 |
1983d |
ef95a90ae6f4
RDMA/ucma: ucma_context reference leak in error path
|
|
KASAN: global-out-of-bounds Read in vga16fb_imageblit
|
17 |
C |
|
done |
723 |
2013d |
2336d
|
1/1 |
1983d |
bd018a6a75ce
video: fbdev: fix OOB read in vga_8planes_imageblit()
|
|
KASAN: slab-out-of-bounds Read in ntfs_attr_find
|
17 |
C |
|
done |
10 |
2013d |
2041d
|
1/1 |
1983d |
4f8c94022f0b
ntfs: add check for mft record size in superblock
|
|
KASAN: global-out-of-bounds Read in fbcon_get_font
|
17 |
C |
|
done |
42 |
2020d |
2336d
|
1/1 |
1989d |
5af08640795b
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
|
|
KASAN: use-after-free Read in ntfs_attr_find
|
19 |
C |
|
done |
4 |
2022d |
2041d
|
1/1 |
1991d |
4f8c94022f0b
ntfs: add check for mft record size in superblock
|
|
KASAN: global-out-of-bounds Read in get_unique_tuple
|
17 |
C |
|
done |
5 |
2035d |
2207d
|
1/1 |
2004d |
1cc5ef91d2ff
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
|
general protection fault in open_xa_dir
|
2 |
C |
|
done |
1 |
2042d |
2042d
|
1/1 |
2012d |
c2bb80b8bdd0
reiserfs: Fix oops during mount
|
|
KASAN: use-after-free Read in rxrpc_see_skb
|
19 |
syz |
|
done |
1 |
2063d |
2063d
|
1/1 |
2013d |
564c836fd945
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
|
|
INFO: task hung in nbd_ioctl (2)
|
1 |
C |
|
done |
16 |
2060d |
2305d
|
1/1 |
2013d |
a4b5cc9e1080
tipc: fix shutdown() of connection oriented socket
|
|
WARNING in restore_regulatory_settings
|
-1 |
C |
|
done |
2264 |
2055d |
2301d
|
1/1 |
2025d |
47caf685a685
cfg80211: regulatory: reject invalid hints
|
|
general protection fault in __sock_release
|
2 |
syz |
|
done |
12 |
2055d |
2067d
|
1/1 |
2025d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
general protection fault in locks_remove_file
|
2 |
syz |
|
done |
6 |
2055d |
2067d
|
1/1 |
2025d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
general protection fault in tty_release
|
2 |
C |
|
done |
10 |
2056d |
2066d
|
1/1 |
2026d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
KASAN: use-after-free Read in seq_release_private
|
19 |
syz |
|
done |
1 |
2058d |
2058d
|
1/1 |
2026d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
WARNING: ODEBUG bug in corrupted
|
-1 |
syz |
|
done |
1 |
2058d |
2058d
|
1/1 |
2026d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
WARNING: ODEBUG bug in exit_to_usermode_loop
|
-1 |
syz |
|
done |
2 |
2060d |
2062d
|
1/1 |
2029d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
KASAN: use-after-free Read in __sock_release
|
19 |
syz |
|
done |
3 |
2060d |
2068d
|
1/1 |
2029d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
WARNING in snd_pcm_drop
|
-1 |
syz |
|
done |
1 |
2059d |
2059d
|
1/1 |
2029d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
BUG: corrupted list in fuse_dev_free
|
8 |
syz |
|
done |
1 |
2062d |
2062d
|
1/1 |
2031d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
general protection fault in kmem_cache_free
|
2 |
syz |
|
done |
3 |
2062d |
2063d
|
1/1 |
2031d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
KASAN: use-after-free Read in snd_pcm_oss_release
|
19 |
syz |
|
done |
1 |
2062d |
2062d
|
1/1 |
2031d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
KASAN: use-after-free Write in ex_handler_refcount
|
22 |
C |
|
done |
16 |
2062d |
2271d
|
1/1 |
2031d |
f9c70bdc279b
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
|
KASAN: double-free or invalid-free in (null)
|
24 |
syz |
|
done |
1 |
2063d |
2063d
|
1/1 |
2033d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
BUG: corrupted list in mousedev_release
|
8 |
syz |
|
done |
1 |
2065d |
2065d
|
1/1 |
2034d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
|
INFO: trying to register non-static key in uhid_char_release
|
-1 |
C |
|
done |
2 |
2066d |
2085d
|
1/1 |
2035d |
bce1305c0ece
HID: core: Correctly handle ReportSize being zero
|
|
KASAN: slab-out-of-bounds Read in hci_event_packet
|
17 |
C |
|
done |
17 |
2078d |
2551d
|
1/1 |
2047d |
629b49c848ee
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
|
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt
|
17 |
C |
|
done |
6 |
2078d |
2095d
|
1/1 |
2048d |
629b49c848ee
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
|
KASAN: use-after-free Read in get_block
|
19 |
C |
|
done |
8 |
2083d |
2208d
|
1/1 |
2052d |
270ef41094e9
fs/minix: reject too-large maximum file size
|
|
WARNING in inc_nlink
|
-1 |
C |
|
done |
21 |
2084d |
2226d
|
1/1 |
2053d |
facb03dddec0
fs/minix: don't allow getting deleted inodes
|
|
KASAN: slab-out-of-bounds Read in get_block
|
17 |
C |
|
done |
2 |
2084d |
2114d
|
1/1 |
2053d |
270ef41094e9
fs/minix: reject too-large maximum file size
|
|
BUG: unable to handle kernel NULL pointer dereference in get_block
|
10 |
C |
|
done |
45 |
2084d |
2231d
|
1/1 |
2054d |
da27e0a0e5f6
fs/minix: check return value of sb_getblk()
|
|
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt
|
17 |
C |
|
done |
5 |
2088d |
2093d
|
1/1 |
2055d |
51c19bf3d5cf
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
|
KASAN: use-after-free Read in delete_and_unsubscribe_port
|
19 |
syz |
|
done |
2 |
2096d |
2096d
|
1/1 |
2063d |
80982c7e834e
ALSA: seq: oss: Serialize ioctls
|
|
KASAN: double-free or invalid-free in 0x2
|
24 |
syz |
|
done |
1 |
2096d |
2096d
|
1/1 |
2063d |
80982c7e834e
ALSA: seq: oss: Serialize ioctls
|
|
INFO: task hung in fb_release
|
1 |
C |
|
done |
48 |
2098d |
2329d
|
1/1 |
2067d |
033724d68642
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
|
unregister_netdevice: waiting for DEV to become free
|
2 |
C |
|
done |
120 |
2124d |
2563d
|
1/1 |
2093d |
5db7c8b9f9fc
ipvs: fix tinfo memory leak in start_sync_thread
|
|
general protection fault in batadv_iv_ogm_schedule_buff
|
2 |
|
|
|
1 |
2200d |
2200d
|
1/1 |
2118d |
8e8ce08198de
batman-adv: Don't schedule OGM for disabled interface
|
|
KASAN: null-ptr-deref Write in choke_reset
|
12 |
C |
|
done |
283 |
2167d |
2197d
|
1/1 |
2137d |
8738c85c72b3
sch_choke: avoid potential panic in choke_reset()
|
|
KASAN: use-after-free Read in do_blk_trace_setup
|
19 |
C |
|
done |
342 |
2168d |
2572d
|
1/1 |
2137d |
1f2cac107c59
blktrace: fix unlocked access to init/start-stop/teardown
|
|
WARNING in xfrm_policy_insert
|
-1 |
syz |
|
done |
8 |
2172d |
2430d
|
1/1 |
2141d |
ed17b8d377ea
xfrm: fix a warning in xfrm_policy_insert_list
|
|
KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1
|
21 |
C |
|
done |
1 |
2173d |
2203d
|
1/1 |
2142d |
c1f6e3c818dd
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
|
WARNING: ODEBUG bug in route4_change
|
-1 |
C |
|
done |
23 |
2215d |
2243d
|
1/1 |
2185d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
|
KASAN: use-after-free Write in release_tty
|
22 |
C |
|
done |
124 |
2216d |
2335d
|
1/1 |
2186d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
|
WARNING: ODEBUG bug in rfcomm_dev_ioctl
|
-1 |
C |
|
done |
2 |
2225d |
2225d
|
1/1 |
2194d |
71811cac8532
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
|
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user
|
17 |
C |
|
done |
1 |
2226d |
2226d
|
1/1 |
2195d |
a1a7e3a36e01
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
|
WARNING: refcount bug in sock_wfree
|
13 |
C |
done |
done |
3 |
2227d |
2347d
|
1/1 |
2196d |
5c3e82fe1596
sctp: fix refcount bug in sctp_wfree
|
|
KASAN: use-after-free Write in tcindex_set_parms
|
22 |
C |
|
done |
3 |
2229d |
2230d
|
1/1 |
2199d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
|
KASAN: slab-out-of-bounds Write in tcindex_set_parms
|
21 |
C |
|
done |
2 |
2230d |
2230d
|
1/1 |
2200d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
|
WARNING: ODEBUG bug in rfcomm_dlc_free
|
-1 |
C |
|
done |
16 |
2232d |
2465d
|
1/1 |
2201d |
71811cac8532
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
|
KASAN: use-after-free Read in tty_open
|
19 |
C |
|
done |
5 |
2234d |
2336d
|
1/1 |
2204d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
|
KASAN: use-after-free Read in tty_buffer_cancel_work
|
19 |
C |
|
done |
2 |
2243d |
2331d
|
1/1 |
2213d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
|
KASAN: use-after-free Read in get_work_pool
|
19 |
C |
|
done |
1 |
2244d |
2334d
|
1/1 |
2214d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
|
KASAN: use-after-free Read in n_tty_receive_buf_common
|
19 |
C |
|
done |
25 |
2246d |
2335d
|
1/1 |
2215d |
e8c75a30a23c
vt: selection, push sel_lock up
|
|
WARNING: kernel stack frame pointer has bad value
|
-1 |
C |
|
done |
65 |
2251d |
2555d
|
1/1 |
2217d |
a288f105a03a
fjes: fix missed check in fjes_acpi_add
|
|
INFO: task hung in paste_selection
|
1 |
C |
|
done |
8 |
2252d |
2327d
|
1/1 |
2221d |
afe207d80a61
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
|
|
INFO: task hung in drain_all_pages
|
1 |
C |
|
done |
1 |
2252d |
2252d
|
1/1 |
2222d |
8d0015a7ab76
netfilter: xt_hashlimit: limit the max size of hashtable
|
|
INFO: task hung in tty_ldisc_hangup
|
1 |
C |
|
done |
17 |
2260d |
2331d
|
1/1 |
2229d |
e8c75a30a23c
vt: selection, push sel_lock up
|
|
INFO: task hung in hashlimit_mt_check_common
|
1 |
C |
|
done |
6 |
2263d |
2314d
|
1/1 |
2230d |
8d0015a7ab76
netfilter: xt_hashlimit: limit the max size of hashtable
|
|
KASAN: stack-out-of-bounds Write in ax25_getname
|
21 |
C |
|
done |
4 |
2262d |
2557d
|
1/1 |
2230d |
42d84c8490f9
vhost: Check docket sk_family instead of call getname
|
|
KASAN: slab-out-of-bounds Read in tcf_exts_destroy
|
17 |
C |
|
done |
1 |
2266d |
2379d
|
1/1 |
2236d |
599be01ee567
net_sched: fix an OOB access in cls_tcindex
|
|
general protection fault in path_openat
|
2 |
C |
|
done |
40 |
2272d |
2278d
|
1/1 |
2242d |
6404674acd59
vfs: fix do_last() regression
|
|
BUG: sleeping function called from invalid context in tpk_write
|
5 |
C |
|
done |
10 |
2272d |
2334d
|
1/1 |
2242d |
9a655c77ff8f
ttyprintk: fix a potential deadlock in interrupt context issue
|
|
BUG: sleeping function called from invalid context in lock_sock_nested (2)
|
5 |
syz |
|
done |
1 |
2274d |
2334d
|
1/1 |
2244d |
37f96694cf73
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
|
KASAN: use-after-free Read in ext4_xattr_set_entry
|
19 |
C |
|
done |
9 |
2277d |
2369d
|
1/1 |
2247d |
9803387c55f7
ext4: validate the debug_want_extra_isize mount option at parse time
|
|
KASAN: slab-out-of-bounds Read in __nla_put_nohdr
|
17 |
C |
|
done |
2 |
2280d |
2280d
|
1/1 |
2250d |
cb626bf566eb
net-sysfs: Fix reference count leak
|
|
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
|
21 |
C |
|
done |
1 |
2284d |
2284d
|
1/1 |
2254d |
de19055564c8
Documentation: Document arm64 kpti control
|
|
KASAN: use-after-free Read in snd_timer_resolution
|
19 |
C |
|
done |
1 |
2286d |
2286d
|
1/1 |
2256d |
60adcfde92fa
ALSA: seq: Fix racy access for queue timer in proc read
|
|
INFO: task hung in genl_rcv_msg
|
1 |
syz |
|
done |
2 |
2291d |
2291d
|
1/1 |
2260d |
c13c48c00a6b
tcp: clear tp->total_retrans in tcp_disconnect()
|
|
WARNING in reconnect_path
|
-1 |
C |
done |
done |
1 |
2292d |
2352d
|
1/1 |
2261d |
909e22e05353
exportfs: fix 'passing zero to ERR_PTR()' warning
|
|
KASAN: use-after-free Write in __alloc_skb
|
22 |
C |
|
done |
1 |
2296d |
2326d
|
1/1 |
2262d |
d836f5c69d87
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
|
KASAN: use-after-free Read in cdev_put
|
19 |
C |
|
done |
6 |
2296d |
2339d
|
1/1 |
2265d |
fa2ac657f978
xen-blkback: prevent premature module unload
|
|
KASAN: slab-out-of-bounds Read in macvlan_broadcast
|
17 |
C |
|
done |
6 |
2297d |
2302d
|
1/1 |
2267d |
96cc4b69581d
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
|
KASAN: use-after-free Read in macvlan_broadcast
|
19 |
C |
|
done |
8 |
2299d |
2302d
|
1/1 |
2268d |
96cc4b69581d
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
|
WARNING: bad unlock balance in gtp_encap_enable_socket
|
4 |
C |
|
done |
2 |
2299d |
2302d
|
1/1 |
2268d |
90d72256addf
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_tail
|
17 |
C |
|
done |
2 |
2305d |
2451d
|
1/1 |
2272d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto
|
17 |
C |
|
done |
2 |
2304d |
2451d
|
1/1 |
2272d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
|
KASAN: slab-out-of-bounds Read in bpf_clone_redirect
|
17 |
C |
|
done |
11 |
2310d |
2473d
|
1/1 |
2280d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_head
|
17 |
C |
|
done |
2 |
2314d |
2383d
|
1/1 |
2282d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
|
possible deadlock in refcount_dec_and_mutex_lock
|
4 |
C |
|
done |
10 |
2313d |
2385d
|
1/1 |
2282d |
cf1b2326b734
nbd: verify socket is supported during setup
|
|
WARNING: refcount bug in cdev_get
|
13 |
C |
|
done |
21 |
2314d |
2444d
|
1/1 |
2284d |
38b4fe320119
net: usb: lan78xx: Connect PHY before registering MAC
|
|
INFO: rcu detected stall in br_handle_frame (2)
|
1 |
C |
|
done |
1 |
2319d |
2319d
|
1/1 |
2289d |
d9e15a273306
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
|
WARNING in ovl_rename
|
-1 |
syz |
|
done |
2 |
2323d |
2555d
|
1/1 |
2290d |
6889ee5a53b8
ovl: relax WARN_ON() on rename to self
|
|
inconsistent lock state in sp_get
|
4 |
C |
|
done |
2 |
2327d |
2327d
|
1/1 |
2296d |
5c9934b6767b
6pack,mkiss: fix possible deadlock
|
|
KASAN: slab-out-of-bounds Read in linear_transfer
|
17 |
C |
|
done |
4 |
2328d |
2335d
|
1/1 |
2298d |
4cc8d6505ab8
ALSA: pcm: oss: Avoid potential buffer overflows
|
|
possible deadlock in __might_fault
|
4 |
C |
|
done |
295 |
2330d |
2570d
|
1/1 |
2299d |
19e6317d24c2
usb: mon: Fix a deadlock in usbmon between mmap and read
|
|
possible deadlock in mon_bin_vma_fault
|
4 |
C |
|
done |
282 |
2331d |
2567d
|
1/1 |
2300d |
19e6317d24c2
usb: mon: Fix a deadlock in usbmon between mmap and read
|
|
WARNING: refcount bug in kobject_get
|
13 |
C |
|
done |
20 |
2335d |
2569d
|
1/1 |
2305d |
e95584a889e1
tipc: fix unlimited bundling of small messages
|
|
WARNING in refcount_error_report
|
-1 |
syz |
|
done |
1 |
2337d |
2337d
|
1/1 |
2305d |
501a90c94510
inet: protect against too small mtu values.
|
|
BUG: corrupted list in p9_fd_cancelled
|
8 |
syz |
|
done |
2 |
2337d |
2382d
|
1/1 |
2305d |
6e616864f211
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
|
|
BUG: unable to handle kernel paging request in slhc_free
|
8 |
C |
|
done |
4 |
2340d |
2567d
|
1/1 |
2309d |
baf76f0c58ae
slip: make slhc_free() silently accept an error pointer
|
|
WARNING in dio_complete
|
-1 |
C |
|
done |
27 |
2340d |
2570d
|
1/1 |
2309d |
8962842ca5ab
blk-mq: avoid sysfs buffer overflow with too many CPU cores
|
|
KASAN: use-after-free Read in slip_open
|
19 |
C |
done |
done |
2 |
2343d |
2343d
|
1/1 |
2311d |
e58c19124189
slip: Fix use-after-free Read in slip_open
|
|
KASAN: use-after-free Read in kfree_skb
|
19 |
C |
|
done |
98 |
2341d |
2469d
|
1/1 |
2311d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
|
INFO: task hung in nbd_ioctl
|
1 |
C |
|
done |
18 |
2313d |
2386d
|
1/1 |
2311d |
cf1b2326b734
nbd: verify socket is supported during setup
|
|
WARNING: suspicious RCU usage in shmem_add_seals
|
4 |
C |
done |
done |
1435 |
2349d |
2371d
|
1/1 |
2318d |
988f701a805b
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
|
possible deadlock in flush_workqueue
|
4 |
C |
|
done |
15 |
2351d |
2444d
|
1/1 |
2321d |
cf1b2326b734
nbd: verify socket is supported during setup
|
|
WARNING in bpf_jit_free
|
-1 |
syz |
|
done |
60 |
2393d |
2566d
|
1/1 |
2322d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
|
INFO: task hung in lo_release
|
1 |
syz |
|
done |
128 |
2459d |
2572d
|
1/1 |
2322d |
22f36db48781
Revert "block/loop: Use global lock for ioctl() operation."
|
|
BUG: unable to handle kernel NULL pointer dereference in inet_autobind
|
10 |
C |
inconclusive |
done |
3133 |
2363d |
2371d
|
1/1 |
2323d |
9b6c08878e23
sctp: not bind the socket in sctp_connect
|
|
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
|
10 |
C |
|
done |
20 |
2324d |
2562d
|
1/1 |
2323d |
e9e006f5fcf2
nbd: fix max number of supported devs
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_vlan
|
8 |
C |
|
done |
5 |
2357d |
2450d
|
1/1 |
2323d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk
|
8 |
C |
|
done |
6 |
2360d |
2471d
|
1/1 |
2323d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
BUG: unable to handle kernel paging request in dummy_get_vf_config
|
8 |
C |
|
done |
4 |
2376d |
2473d
|
1/1 |
2326d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
WARNING: suspicious RCU usage in netem_enqueue
|
4 |
C |
|
done |
3 |
2380d |
2403d
|
1/1 |
2326d |
62794fc4fbf5
net_sched: add max len check for TCA_KIND
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en
|
8 |
C |
|
done |
5 |
2380d |
2471d
|
1/1 |
2326d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_mac
|
8 |
C |
|
done |
5 |
2389d |
2462d
|
1/1 |
2327d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
|
10 |
C |
|
done |
14 |
2383d |
2423d
|
1/1 |
2327d |
8b142a00edcf
net_sched: check cops->tcf_block in tc_bind_tclass()
|
|
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system
|
12 |
C |
|
done |
53 |
2389d |
2407d
|
1/1 |
2327d |
144783a80cd2
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
|
|
WARNING in tcp_send_loss_probe
|
-1 |
C |
|
done |
22 |
2410d |
2420d
|
1/1 |
2330d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
|
general protection fault in tcp_push
|
2 |
C |
|
done |
55 |
2409d |
2420d
|
1/1 |
2330d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_rate
|
8 |
C |
|
done |
3 |
2410d |
2424d
|
1/1 |
2330d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
WARNING in tcp_retransmit_timer
|
-1 |
C |
|
done |
215 |
2409d |
2420d
|
1/1 |
2330d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
|
general protection fault in qdisc_destroy
|
2 |
C |
|
done |
4 |
2410d |
2414d
|
1/1 |
2330d |
6efb971ba8ed
net_sched: let qdisc_put() accept NULL pointer
|
|
INFO: rcu detected stall in mld_dad_timer_expire
|
1 |
C |
|
done |
1 |
2415d |
2415d
|
1/1 |
2330d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
|
INFO: rcu detected stall in br_handle_frame
|
1 |
C |
|
done |
15 |
2412d |
2423d
|
1/1 |
2332d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
|
WARNING in kernfs_get
|
-1 |
C |
|
done |
17 |
2442d |
2562d
|
1/1 |
2332d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
INFO: rcu detected stall in mld_ifc_timer_expire
|
1 |
C |
|
done |
9 |
2414d |
2423d
|
1/1 |
2333d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
|
WARNING in xfrm_state_fini
|
-1 |
C |
|
done |
193 |
2416d |
2571d
|
1/1 |
2333d |
dbb2483b2a46
xfrm: clean up xfrm protocol checks
|
|
INFO: rcu detected stall in addrconf_dad_work
|
1 |
C |
|
done |
18 |
2416d |
2423d
|
1/1 |
2333d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
|
INFO: rcu detected stall in corrupted
|
1 |
C |
|
done |
3 |
2417d |
2439d
|
1/1 |
2333d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
|
BUG: unable to handle kernel paging request in dummy_set_vf_trust
|
8 |
C |
|
done |
2 |
2425d |
2458d
|
1/1 |
2334d |
ff08ddba3a55
net: rtnetlink: prevent underflows in do_setvfinfo()
|
|
WARNING in map_lookup_elem
|
-1 |
C |
|
done |
2 |
2432d |
2432d
|
1/1 |
2334d |
335e192a3fa4
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
|
WARNING: refcount bug in hci_register_dev
|
13 |
C |
|
done |
3 |
2429d |
2444d
|
1/1 |
2334d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
kernel BUG at ./include/linux/skbuff.h:LINE!
|
-1 |
C |
|
done |
16 |
2425d |
2451d
|
1/1 |
2334d |
e5df4baea324
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
|
|
general protection fault in packet_lookup_frame
|
2 |
C |
|
done |
1 |
2447d |
2447d
|
1/1 |
2335d |
32d3182cd2cd
net/packet: fix race in tpacket_snd()
|
|
WARNING: refcount bug in kobject_put
|
13 |
C |
|
done |
3 |
2452d |
2558d
|
1/1 |
2335d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
general protection fault in tcf_ife_init
|
2 |
C |
|
done |
12 |
2463d |
2472d
|
1/1 |
2336d |
c8ec4632c6ac
ife: error out when nla attributes are empty
|
|
general protection fault in kernfs_add_one
|
2 |
C |
|
done |
5 |
2459d |
2528d
|
1/1 |
2336d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
WARNING in sysfs_remove_group
|
-1 |
C |
|
done |
1 |
2475d |
2475d
|
1/1 |
2337d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
BUG: unable to handle kernel paging request in coalesced_mmio_write
|
8 |
C |
|
done |
4 |
2493d |
2500d
|
1/1 |
2338d |
b60fe990c6b0
KVM: coalesced_mmio: add bounds checking
|
|
WARNING in kernfs_put
|
-1 |
C |
|
done |
2 |
2491d |
2558d
|
1/1 |
2338d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
|
KASAN: use-after-free Read in erspan_build_header
|
19 |
C |
|
done |
18 |
2538d |
2572d
|
1/1 |
2339d |
b423d13c08a6
net: erspan: fix use-after-free
|
|
KASAN: slab-out-of-bounds Read in erspan_build_header
|
17 |
C |
|
done |
8 |
2536d |
2572d
|
1/1 |
2339d |
526f5b851a96
tipc: fix modprobe tipc failed after switch order of device registration
|
|
WARNING in notify_change
|
-1 |
C |
|
done |
14 |
2501d |
2567d
|
1/1 |
2339d |
f69e749a4935
Abort file_remove_privs() for non-reg. files
|
|
KASAN: use-after-free Read in tcp_init_tso_segs
|
19 |
C |
|
|
1424 |
2409d |
2420d
|
1/1 |
2396d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|