| general protection fault in ieee802154_llsec_parse_key_id |
C |
|
done |
101 |
165d |
220d
|
134d |
37580e6837c0
net: ieee802154: nl-mac: fix check on panid
|
| general protection fault in nl802154_del_llsec_devkey |
C |
|
done |
171 |
165d |
226d
|
134d |
266e3f2ef0d1
net: ieee802154: fix nl802154 del llsec devkey
|
| general protection fault in nl802154_del_llsec_key |
C |
|
done |
135 |
165d |
221d
|
134d |
1804bf103e73
net: ieee802154: fix nl802154 del llsec key
|
| general protection fault in try_to_wake_up |
C |
|
done |
707 |
165d |
194d
|
134d |
f6420532cfd7
net: tun: set tun->dev->addr_len during TUNSETLINK processing
|
| general protection fault in nl802154_add_llsec_key |
C |
|
done |
168 |
165d |
225d
|
134d |
3a94a5b2e0ba
net: ieee802154: fix nl802154 add llsec key
|
| general protection fault in nl802154_del_llsec_dev |
C |
|
done |
136 |
165d |
227d
|
135d |
3ee9f1bafd06
net: ieee802154: fix nl802154 del llsec dev
|
| INFO: trying to register non-static key in ieee802154_get_llsec_params |
C |
|
done |
8 |
168d |
192d
|
138d |
df9aa96b613d
net: ieee802154: stop dump llsec params for monitors
|
| WARNING in cfg80211_connect |
C |
|
done |
101 |
182d |
362d
|
148d |
bd7b29fb365e
cfg80211: remove WARN_ON() in cfg80211_sme_connect
|
| BUG: unable to handle kernel NULL pointer dereference in __lookup_hash |
C |
|
done |
31 |
178d |
371d
|
148d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in selinux_socket_sendmsg |
C |
|
done |
3 |
187d |
359d
|
156d |
534d2cf487b9
usbip: synchronize event handler with sysfs code paths
|
| KASAN: use-after-free Read in ieee80211_ibss_build_presp |
C |
|
done |
2 |
188d |
334d
|
158d |
d2ddd5417f6d
mac80211: fix double free in ibss_leave
|
| possible deadlock in red_adaptative_timer |
C |
|
done |
2 |
190d |
281d
|
160d |
43c9bffda3a2
net: sched: validate stab values
|
| BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection |
syz |
|
done |
1335 |
194d |
285d
|
162d |
534d2cf487b9
usbip: synchronize event handler with sysfs code paths
|
| WARNING in ext4_xattr_set_entry |
C |
|
done |
19 |
206d |
362d
|
174d |
470f69cb3742
ext4: do not try to set xattr into ea_inode if value is empty
|
| BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data |
C |
|
done |
207 |
207d |
424d
|
174d |
2f642a2b3365
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
| KASAN: use-after-free Read in ntfs_iget |
C |
|
done |
2 |
219d |
295d
|
188d |
49ee014a2070
ntfs: check for valid standard information attribute
|
| KASAN: use-after-free Read in ntfs_read_locked_inode |
C |
|
done |
2 |
220d |
372d
|
190d |
49ee014a2070
ntfs: check for valid standard information attribute
|
| KASAN: slab-out-of-bounds Read in squashfs_export_iget |
C |
|
done |
4 |
248d |
351d
|
215d |
69396cfd7908
squashfs: add more sanity checks in inode lookup
|
| general protection fault in ieee80211_subif_start_xmit |
syz |
|
done |
1 |
245d |
305d
|
215d |
d882652c1c6f
mac80211: pause TX while changing interface type
|
| general protection fault in ioctl_standard_call |
C |
|
done |
24 |
246d |
342d
|
215d |
173b67cf1e72
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
| KASAN: slab-out-of-bounds Read in squashfs_get_id |
C |
|
|
11 |
217d |
371d
|
217d |
8d9ca7e328ef
squashfs: add more sanity checks in id lookup
|
| KASAN: use-after-free Read in squashfs_get_id |
C |
|
|
1 |
217d |
313d
|
217d |
8d9ca7e328ef
squashfs: add more sanity checks in id lookup
|
| KASAN: use-after-free Read in reiserfs_fill_super |
C |
|
done |
2 |
265d |
265d
|
218d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| divide error in do_journal_end |
C |
|
done |
1 |
262d |
322d
|
218d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| KASAN: use-after-free Read in search_by_entry_key |
C |
|
done |
3 |
265d |
371d
|
218d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| KASAN: use-after-free Read in reiserfs_read_locked_inode |
C |
|
done |
5 |
267d |
372d
|
220d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in dqput |
C |
|
done |
1 |
274d |
274d
|
244d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
| KASAN: use-after-free Read in leaf_paste_entries |
C |
|
done |
6 |
276d |
320d
|
244d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in hci_phy_link_complete_evt |
C |
|
done |
40 |
275d |
422d
|
244d |
4113f6f73f6e
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
| BUG: unable to handle kernel paging request in dquot_add_inodes |
C |
|
done |
2 |
278d |
299d
|
247d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
| BUG: unable to handle kernel paging request in dqput |
C |
|
done |
9 |
280d |
369d
|
248d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
| kernel BUG at net/core/dev.c:LINE! |
C |
|
inconclusive |
3 |
273d |
542d
|
254d |
8f9a69a92fc6
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
|
| kernel BUG at fs/reiserfs/prints.c:LINE! |
C |
|
done |
3 |
289d |
369d
|
258d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in get_work_pool |
C |
|
done |
1 |
291d |
321d
|
261d |
42a387dc80c3
mac80211: mesh: fix mesh_pathtbl_init() error path
|
| BUG: corrupted list in dquot_disable |
C |
|
done |
1 |
293d |
293d
|
262d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
| KASAN: use-after-free Read in sco_chan_del |
C |
|
done |
10 |
295d |
421d
|
265d |
4113f6f73f6e
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
| INFO: trying to register non-static key in rhashtable_free_and_destroy |
C |
|
done |
4 |
299d |
313d
|
266d |
42a387dc80c3
mac80211: mesh: fix mesh_pathtbl_init() error path
|
| KASAN: slab-out-of-bounds Read in hci_le_meta_evt |
C |
|
done |
15 |
302d |
422d
|
272d |
7ee2cd49f722
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
| BUG: unable to handle kernel paging request in dquot_add_space |
C |
|
done |
1 |
302d |
363d
|
272d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
| BUG: sleeping function called from invalid context in sta_info_move_state |
C |
|
done |
1101 |
308d |
310d
|
277d |
89ab6b90b7d9
mac80211: free sta in sta_info_insert_finish() on errors
|
| general protection fault in qp_release_pages |
C |
|
done |
2 |
310d |
340d
|
279d |
2b8c7395d275
VMCI: check return value of get_user_pages_fast() for errors
|
| WARNING in unlock_new_inode |
C |
|
done |
55 |
336d |
374d
|
306d |
a8ca9f684674
reiserfs: only call unlock_new_inode() if I_NEW
|
| KASAN: slab-out-of-bounds Write in init_sb |
C |
|
done |
3 |
337d |
371d
|
307d |
78734edd11cc
gfs2: add validation checks for size of superblock
|
| KASAN: global-out-of-bounds Read in fbcon_resize |
C |
|
done |
529 |
342d |
390d
|
311d |
d31eccab7abd
fbcon: Fix user font detection test at fbcon_resize().
|
| INFO: task hung in ucma_close |
C |
|
done |
421 |
342d |
754d
|
311d |
ef13017d65b0
RDMA/ucma: ucma_context reference leak in error path
|
| KASAN: global-out-of-bounds Read in vga16fb_imageblit |
C |
|
done |
723 |
342d |
665d
|
311d |
0472aa0c36c7
video: fbdev: fix OOB read in vga_8planes_imageblit()
|
| KASAN: slab-out-of-bounds Read in ntfs_attr_find |
C |
|
done |
10 |
342d |
370d
|
311d |
d2918cca649f
ntfs: add check for mft record size in superblock
|
| KASAN: global-out-of-bounds Read in fbcon_get_font |
C |
|
done |
42 |
349d |
665d
|
318d |
30386c13a1bf
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
|
| KASAN: use-after-free Read in ntfs_attr_find |
C |
|
done |
4 |
350d |
370d
|
320d |
d2918cca649f
ntfs: add check for mft record size in superblock
|
| KASAN: global-out-of-bounds Read in get_unique_tuple |
C |
|
done |
5 |
363d |
535d
|
333d |
60634d81cb43
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
| general protection fault in open_xa_dir |
C |
|
done |
1 |
371d |
371d
|
340d |
e2b6b34324c4
reiserfs: Fix oops during mount
|
| KASAN: use-after-free Read in rxrpc_see_skb |
syz |
|
done |
1 |
392d |
392d
|
342d |
38eefb196438
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
|
| INFO: task hung in nbd_ioctl (2) |
C |
|
done |
16 |
388d |
633d
|
342d |
7241d653bcc1
tipc: fix shutdown() of connection oriented socket
|
| WARNING in restore_regulatory_settings |
C |
|
done |
2264 |
383d |
630d
|
353d |
02015d244d9c
cfg80211: regulatory: reject invalid hints
|
| general protection fault in __sock_release |
syz |
|
done |
12 |
384d |
396d
|
353d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| general protection fault in locks_remove_file |
syz |
|
done |
6 |
384d |
395d
|
354d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| general protection fault in tty_release |
C |
|
done |
10 |
385d |
395d
|
355d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in seq_release_private |
syz |
|
done |
1 |
386d |
386d
|
355d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in corrupted |
syz |
|
done |
1 |
387d |
387d
|
355d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in exit_to_usermode_loop |
syz |
|
done |
2 |
389d |
391d
|
358d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in __sock_release |
syz |
|
done |
3 |
389d |
397d
|
358d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING in snd_pcm_drop |
syz |
|
done |
1 |
388d |
388d
|
358d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| BUG: corrupted list in fuse_dev_free |
syz |
|
done |
1 |
390d |
390d
|
359d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| general protection fault in kmem_cache_free |
syz |
|
done |
3 |
391d |
391d
|
360d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in snd_pcm_oss_release |
syz |
|
done |
1 |
391d |
391d
|
360d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Write in ex_handler_refcount |
C |
|
done |
16 |
391d |
600d
|
360d |
af7122cfbaee
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
| KASAN: double-free or invalid-free in (null) |
syz |
|
done |
1 |
392d |
392d
|
361d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| BUG: corrupted list in mousedev_release |
syz |
|
done |
1 |
393d |
393d
|
363d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
| INFO: trying to register non-static key in uhid_char_release |
C |
|
done |
2 |
394d |
414d
|
364d |
9e5894b7e222
HID: core: Correctly handle ReportSize being zero
|
| KASAN: slab-out-of-bounds Read in hci_event_packet |
C |
|
done |
17 |
406d |
880d
|
376d |
68bb9eddbf5d
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
| KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt |
C |
|
done |
6 |
407d |
424d
|
377d |
68bb9eddbf5d
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
| KASAN: use-after-free Read in get_block |
C |
|
done |
8 |
412d |
537d
|
381d |
0900097ef667
fs/minix: reject too-large maximum file size
|
| WARNING in inc_nlink |
C |
|
done |
21 |
412d |
555d
|
382d |
12490f06ef08
fs/minix: don't allow getting deleted inodes
|
| KASAN: slab-out-of-bounds Read in get_block |
C |
|
done |
2 |
412d |
442d
|
382d |
0900097ef667
fs/minix: reject too-large maximum file size
|
| BUG: unable to handle kernel NULL pointer dereference in get_block |
C |
|
done |
45 |
413d |
560d
|
383d |
3c775629a5ff
fs/minix: check return value of sb_getblk()
|
| KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt |
C |
|
done |
5 |
416d |
422d
|
384d |
d91299b8382b
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: use-after-free Read in delete_and_unsubscribe_port |
syz |
|
done |
2 |
425d |
425d
|
391d |
ccafbed8b2f6
ALSA: seq: oss: Serialize ioctls
|
| KASAN: double-free or invalid-free in 0x2 |
syz |
|
done |
1 |
425d |
425d
|
391d |
ccafbed8b2f6
ALSA: seq: oss: Serialize ioctls
|
| INFO: task hung in fb_release |
C |
|
done |
48 |
427d |
658d
|
395d |
c388072f90cc
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
| unregister_netdevice: waiting for DEV to become free |
C |
|
done |
120 |
453d |
892d
|
422d |
0f7f0b057417
ipvs: fix tinfo memory leak in start_sync_thread
|
| general protection fault in batadv_iv_ogm_schedule_buff |
|
|
|
1 |
529d |
529d
|
446d |
e181bb93c904
batman-adv: Don't schedule OGM for disabled interface
|
| KASAN: null-ptr-deref Write in choke_reset |
C |
|
done |
283 |
496d |
526d
|
466d |
4836eb6b5965
sch_choke: avoid potential panic in choke_reset()
|
| KASAN: use-after-free Read in do_blk_trace_setup |
C |
|
done |
342 |
496d |
901d
|
466d |
b390c22c0bc7
blktrace: fix unlocked access to init/start-stop/teardown
|
| WARNING in xfrm_policy_insert |
syz |
|
done |
8 |
500d |
759d
|
470d |
1cd914b02b5a
xfrm: fix a warning in xfrm_policy_insert_list
|
| KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1 |
C |
|
done |
1 |
501d |
531d
|
471d |
8645ac3684a7
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
| WARNING: ODEBUG bug in route4_change |
C |
|
done |
23 |
544d |
572d
|
513d |
f0c92f59cf52
net_sched: cls_route: remove the right filter from hashtable
|
| KASAN: use-after-free Write in release_tty |
C |
|
done |
124 |
545d |
664d
|
514d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| WARNING: ODEBUG bug in rfcomm_dev_ioctl |
C |
|
done |
2 |
553d |
553d
|
522d |
0da9c032adbb
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user |
C |
|
done |
1 |
554d |
554d
|
524d |
25106012e91a
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
| WARNING: refcount bug in sock_wfree |
C |
done |
done |
3 |
555d |
676d
|
525d |
968f831d9056
sctp: fix refcount bug in sctp_wfree
|
| KASAN: use-after-free Write in tcindex_set_parms |
C |
|
done |
3 |
558d |
558d
|
527d |
9f8b6c44be17
net_sched: keep alloc_hash updated after hash allocation
|
| KASAN: slab-out-of-bounds Write in tcindex_set_parms |
C |
|
done |
2 |
558d |
558d
|
528d |
9f8b6c44be17
net_sched: keep alloc_hash updated after hash allocation
|
| WARNING: ODEBUG bug in rfcomm_dlc_free |
C |
|
done |
16 |
561d |
793d
|
530d |
0da9c032adbb
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: use-after-free Read in tty_open |
C |
|
done |
5 |
563d |
665d
|
533d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in tty_buffer_cancel_work |
C |
|
done |
2 |
572d |
660d
|
542d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in get_work_pool |
C |
|
done |
1 |
573d |
663d
|
543d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in n_tty_receive_buf_common |
C |
|
done |
25 |
575d |
664d
|
543d |
a4719f6d07b2
vt: selection, push sel_lock up
|
| WARNING: kernel stack frame pointer has bad value |
C |
|
done |
65 |
580d |
884d
|
546d |
377d7378a605
fjes: fix missed check in fjes_acpi_add
|
| INFO: task hung in paste_selection |
C |
|
done |
8 |
580d |
656d
|
550d |
7c315855c6f4
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
|
| INFO: task hung in drain_all_pages |
C |
|
done |
1 |
581d |
581d
|
551d |
a86265edeb33
netfilter: xt_hashlimit: limit the max size of hashtable
|
| INFO: task hung in tty_ldisc_hangup |
C |
|
done |
17 |
588d |
659d
|
558d |
a4719f6d07b2
vt: selection, push sel_lock up
|
| INFO: task hung in hashlimit_mt_check_common |
C |
|
done |
6 |
591d |
643d
|
559d |
a86265edeb33
netfilter: xt_hashlimit: limit the max size of hashtable
|
| KASAN: stack-out-of-bounds Write in ax25_getname |
C |
|
done |
4 |
590d |
886d
|
559d |
ff8e12b0cfe2
vhost: Check docket sk_family instead of call getname
|
| KASAN: slab-out-of-bounds Read in tcf_exts_destroy |
C |
|
done |
1 |
595d |
708d
|
565d |
6cb448ee493c
net_sched: fix an OOB access in cls_tcindex
|
| general protection fault in path_openat |
C |
|
done |
40 |
601d |
607d
|
570d |
40642747dd9f
vfs: fix do_last() regression
|
| BUG: sleeping function called from invalid context in tpk_write |
C |
|
done |
10 |
601d |
662d
|
570d |
ab84fd0d3dc8
ttyprintk: fix a potential deadlock in interrupt context issue
|
| BUG: sleeping function called from invalid context in lock_sock_nested (2) |
syz |
|
done |
1 |
603d |
663d
|
573d |
713ff7e4d605
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
| KASAN: use-after-free Read in ext4_xattr_set_entry |
C |
|
done |
9 |
605d |
697d
|
575d |
08e4a312439c
ext4: validate the debug_want_extra_isize mount option at parse time
|
| KASAN: slab-out-of-bounds Read in __nla_put_nohdr |
C |
|
done |
2 |
609d |
609d
|
579d |
c5fd8a37e971
net-sysfs: Fix reference count leak
|
| KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock |
C |
|
done |
1 |
613d |
613d
|
582d |
c57b0f88fce8
Documentation: Document arm64 kpti control
|
| KASAN: use-after-free Read in snd_timer_resolution |
C |
|
done |
1 |
615d |
615d
|
585d |
43bb0a16b25d
ALSA: seq: Fix racy access for queue timer in proc read
|
| INFO: task hung in genl_rcv_msg |
syz |
|
done |
2 |
619d |
619d
|
589d |
24070b40926b
tcp: clear tp->total_retrans in tcp_disconnect()
|
| WARNING in reconnect_path |
C |
done |
done |
1 |
621d |
681d
|
590d |
b6e209a13a61
exportfs: fix 'passing zero to ERR_PTR()' warning
|
| KASAN: use-after-free Write in __alloc_skb |
C |
|
done |
1 |
625d |
655d
|
591d |
e841252840c4
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
| KASAN: use-after-free Read in cdev_put |
C |
|
done |
6 |
625d |
668d
|
594d |
0ce254bc68ed
xen-blkback: prevent premature module unload
|
| KASAN: slab-out-of-bounds Read in macvlan_broadcast |
C |
|
done |
6 |
626d |
630d
|
595d |
4a953272f2d2
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| KASAN: use-after-free Read in macvlan_broadcast |
C |
|
done |
8 |
628d |
631d
|
597d |
4a953272f2d2
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| WARNING: bad unlock balance in gtp_encap_enable_socket |
C |
|
done |
2 |
628d |
631d
|
597d |
887b0296a905
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_tail |
C |
|
done |
2 |
633d |
780d
|
601d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_proto |
C |
|
done |
2 |
633d |
780d
|
601d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_clone_redirect |
C |
|
done |
11 |
639d |
802d
|
608d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_head |
C |
|
done |
2 |
643d |
712d
|
611d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
| possible deadlock in refcount_dec_and_mutex_lock |
C |
|
done |
10 |
642d |
714d
|
611d |
4df728651b8a
nbd: verify socket is supported during setup
|
| WARNING: refcount bug in cdev_get |
C |
|
done |
21 |
643d |
773d
|
613d |
03a709593040
net: usb: lan78xx: Connect PHY before registering MAC
|
| INFO: rcu detected stall in br_handle_frame (2) |
C |
|
done |
1 |
648d |
648d
|
617d |
73a6f18d8390
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
| WARNING in ovl_rename |
syz |
|
done |
2 |
651d |
884d
|
618d |
6890751cfea7
ovl: relax WARN_ON() on rename to self
|
| inconsistent lock state in sp_get |
C |
|
done |
2 |
656d |
656d
|
625d |
8b58905f212b
6pack,mkiss: fix possible deadlock
|
| KASAN: slab-out-of-bounds Read in linear_transfer |
C |
|
done |
4 |
657d |
664d
|
626d |
2a76606d8a83
ALSA: pcm: oss: Avoid potential buffer overflows
|
| possible deadlock in __might_fault |
C |
|
done |
295 |
659d |
899d
|
628d |
d41971493d28
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| possible deadlock in mon_bin_vma_fault |
C |
|
done |
282 |
660d |
895d
|
629d |
d41971493d28
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| WARNING: refcount bug in kobject_get |
C |
|
done |
20 |
664d |
898d
|
634d |
227db8e4c346
tipc: fix unlimited bundling of small messages
|
| WARNING in refcount_error_report |
syz |
|
done |
1 |
666d |
666d
|
634d |
7272e8e3bfa3
inet: protect against too small mtu values.
|
| BUG: corrupted list in p9_fd_cancelled |
syz |
|
done |
2 |
665d |
711d
|
634d |
8a82aee7bdfd
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
|
| BUG: unable to handle kernel paging request in slhc_free |
C |
|
done |
4 |
669d |
896d
|
637d |
da0bbf51bdcb
slip: make slhc_free() silently accept an error pointer
|
| WARNING in dio_complete |
C |
|
done |
27 |
669d |
898d
|
637d |
365874a0eab5
blk-mq: avoid sysfs buffer overflow with too many CPU cores
|
| KASAN: use-after-free Read in slip_open |
C |
done |
done |
2 |
672d |
672d
|
640d |
f5bcc687e3d6
slip: Fix use-after-free Read in slip_open
|
| KASAN: use-after-free Read in kfree_skb |
C |
|
done |
98 |
670d |
798d
|
640d |
79d404a2aa86
Bluetooth: Fix invalid-free in bcsp_close()
|
| INFO: task hung in nbd_ioctl |
C |
|
done |
18 |
641d |
715d
|
640d |
4df728651b8a
nbd: verify socket is supported during setup
|
| WARNING: suspicious RCU usage in shmem_add_seals |
C |
done |
done |
1435 |
677d |
700d
|
647d |
988f701a805b
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
| possible deadlock in flush_workqueue |
C |
|
done |
15 |
680d |
772d
|
649d |
4df728651b8a
nbd: verify socket is supported during setup
|
| WARNING in bpf_jit_free |
syz |
|
done |
60 |
722d |
895d
|
650d |
47569360be87
bpf: fix use after free in prog symbol exposure
|
| INFO: task hung in lo_release |
syz |
|
done |
128 |
788d |
900d
|
651d |
22f36db48781
Revert "block/loop: Use global lock for ioctl() operation."
|
| BUG: unable to handle kernel NULL pointer dereference in inet_autobind |
C |
inconclusive |
done |
3133 |
692d |
700d
|
652d |
7c3c0d51129a
sctp: not bind the socket in sctp_connect
|
| BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue |
C |
|
done |
20 |
653d |
891d
|
652d |
0b584bf573ae
nbd: fix max number of supported devs
|
| BUG: unable to handle kernel paging request in dummy_set_vf_vlan |
C |
|
done |
5 |
685d |
779d
|
652d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk |
C |
|
done |
6 |
689d |
800d
|
652d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_get_vf_config |
C |
|
done |
4 |
704d |
802d
|
654d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING: suspicious RCU usage in netem_enqueue |
C |
|
done |
3 |
709d |
732d
|
655d |
6f492e801033
net_sched: add max len check for TCA_KIND
|
| BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en |
C |
|
done |
5 |
709d |
800d
|
655d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_set_vf_mac |
C |
|
done |
5 |
718d |
790d
|
655d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass |
C |
|
done |
14 |
712d |
752d
|
655d |
54b9f5791846
net_sched: check cops->tcf_block in tc_bind_tclass()
|
| KASAN: null-ptr-deref Write in kvm_write_guest_virt_system |
C |
|
done |
53 |
718d |
736d
|
656d |
2890b718f4a8
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
|
| WARNING in tcp_send_loss_probe |
C |
|
done |
22 |
739d |
749d
|
659d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
| general protection fault in tcp_push |
C |
|
done |
55 |
738d |
749d
|
659d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|
| BUG: unable to handle kernel paging request in dummy_set_vf_rate |
C |
|
done |
3 |
738d |
753d
|
659d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING in tcp_retransmit_timer |
C |
|
done |
215 |
738d |
749d
|
659d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
| general protection fault in qdisc_destroy |
C |
|
done |
4 |
738d |
743d
|
659d |
e0f600b69df3
net_sched: let qdisc_put() accept NULL pointer
|
| INFO: rcu detected stall in mld_dad_timer_expire |
C |
|
done |
1 |
744d |
744d
|
659d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in br_handle_frame |
C |
|
done |
15 |
740d |
752d
|
660d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| WARNING in kernfs_get |
C |
|
done |
17 |
771d |
890d
|
660d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| INFO: rcu detected stall in mld_ifc_timer_expire |
C |
|
done |
9 |
742d |
752d
|
661d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| WARNING in xfrm_state_fini |
C |
|
done |
193 |
745d |
899d
|
662d |
cd393b38514d
xfrm: clean up xfrm protocol checks
|
| INFO: rcu detected stall in addrconf_dad_work |
C |
|
done |
18 |
745d |
752d
|
662d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in corrupted |
C |
|
done |
3 |
746d |
768d
|
662d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| BUG: unable to handle kernel paging request in dummy_set_vf_trust |
C |
|
done |
2 |
754d |
787d
|
663d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING in map_lookup_elem |
C |
|
done |
2 |
760d |
760d
|
663d |
95867919494d
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
| WARNING: refcount bug in hci_register_dev |
C |
|
done |
3 |
758d |
773d
|
663d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| kernel BUG at ./include/linux/skbuff.h:LINE! |
C |
|
done |
16 |
754d |
780d
|
663d |
e5df4baea324
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
|
| general protection fault in packet_lookup_frame |
C |
|
done |
1 |
776d |
776d
|
664d |
5ac73816dda7
net/packet: fix race in tpacket_snd()
|
| WARNING: refcount bug in kobject_put |
C |
|
done |
3 |
780d |
887d
|
664d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in tcf_ife_init |
C |
|
done |
12 |
791d |
801d
|
664d |
7fcc60e5f837
ife: error out when nla attributes are empty
|
| general protection fault in kernfs_add_one |
C |
|
done |
5 |
788d |
857d
|
664d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in sysfs_remove_group |
C |
|
done |
1 |
804d |
804d
|
665d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| BUG: unable to handle kernel paging request in coalesced_mmio_write |
C |
|
done |
4 |
822d |
828d
|
666d |
bf81752d808c
KVM: coalesced_mmio: add bounds checking
|
| WARNING in kernfs_put |
C |
|
done |
2 |
820d |
887d
|
666d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
| KASAN: use-after-free Read in erspan_build_header |
C |
|
done |
18 |
866d |
901d
|
667d |
1d629bf9b576
net: erspan: fix use-after-free
|
| KASAN: slab-out-of-bounds Read in erspan_build_header |
C |
|
done |
8 |
865d |
901d
|
667d |
d93fb604c079
tipc: fix modprobe tipc failed after switch order of device registration
|
| WARNING in notify_change |
C |
|
done |
14 |
830d |
895d
|
667d |
2c5462425563
Abort file_remove_privs() for non-reg. files
|
| KASAN: use-after-free Read in tcp_init_tso_segs |
C |
|
|
1424 |
738d |
749d
|
725d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|