| general protection fault in batadv_iv_ogm_schedule_buff |
|
|
1 |
84d |
84d
|
2d06h |
e181bb93
batman-adv: Don't schedule OGM for disabled interface
|
| KASAN: null-ptr-deref Write in choke_reset |
C |
fix
|
283 |
51d |
81d
|
21d |
4836eb6b
sch_choke: avoid potential panic in choke_reset()
|
| KASAN: use-after-free Read in do_blk_trace_setup |
C |
fix
|
342 |
52d |
456d
|
21d |
b390c22c
blktrace: fix unlocked access to init/start-stop/teardown
|
| WARNING in xfrm_policy_insert |
syz |
fix
|
8 |
56d |
314d
|
25d |
1cd914b0
xfrm: fix a warning in xfrm_policy_insert_list
|
| KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1 |
C |
fix
|
1 |
57d |
87d
|
27d |
8645ac36
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
| WARNING: ODEBUG bug in route4_change |
C |
fix
|
23 |
99d |
127d
|
69d |
f0c92f59
net_sched: cls_route: remove the right filter from hashtable
|
| KASAN: use-after-free Write in release_tty |
C |
fix
|
124 |
100d |
219d
|
70d |
b9eb60a0
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| WARNING: ODEBUG bug in rfcomm_dev_ioctl |
C |
fix
|
2 |
109d |
109d
|
78d |
0da9c032
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user |
C |
fix
|
1 |
110d |
110d
|
80d |
25106012
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
| WARNING: refcount bug in sock_wfree |
C |
cause+fix
|
3 |
111d |
231d
|
81d |
968f831d
sctp: fix refcount bug in sctp_wfree
|
| KASAN: use-after-free Write in tcindex_set_parms |
C |
fix
|
3 |
113d |
114d
|
83d |
9f8b6c44
net_sched: keep alloc_hash updated after hash allocation
|
| KASAN: slab-out-of-bounds Write in tcindex_set_parms |
C |
fix
|
2 |
114d |
114d
|
84d |
9f8b6c44
net_sched: keep alloc_hash updated after hash allocation
|
| WARNING: ODEBUG bug in rfcomm_dlc_free |
C |
fix
|
16 |
116d |
349d
|
85d |
0da9c032
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: use-after-free Read in tty_open |
C |
fix
|
5 |
118d |
220d
|
88d |
b9eb60a0
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in tty_buffer_cancel_work |
C |
fix
|
2 |
127d |
216d
|
97d |
b9eb60a0
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in get_work_pool |
C |
fix
|
1 |
128d |
219d
|
98d |
b9eb60a0
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| KASAN: use-after-free Read in n_tty_receive_buf_common |
C |
fix
|
25 |
130d |
219d
|
99d |
a4719f6d
vt: selection, push sel_lock up
|
| WARNING: kernel stack frame pointer has bad value |
C |
fix
|
65 |
135d |
439d
|
101d |
377d7378
fjes: fix missed check in fjes_acpi_add
|
| INFO: task hung in paste_selection |
C |
fix
|
8 |
136d |
211d
|
105d |
7c315855
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
|
| INFO: task hung in drain_all_pages |
C |
fix
|
1 |
136d |
136d
|
106d |
a86265ed
netfilter: xt_hashlimit: limit the max size of hashtable
|
| INFO: task hung in tty_ldisc_hangup |
C |
fix
|
17 |
144d |
215d
|
114d |
a4719f6d
vt: selection, push sel_lock up
|
| INFO: task hung in hashlimit_mt_check_common |
C |
fix
|
6 |
147d |
198d
|
115d |
a86265ed
netfilter: xt_hashlimit: limit the max size of hashtable
|
| KASAN: stack-out-of-bounds Write in ax25_getname |
C |
fix
|
4 |
146d |
442d
|
115d |
ff8e12b0
vhost: Check docket sk_family instead of call getname
|
| KASAN: slab-out-of-bounds Read in tcf_exts_destroy |
C |
fix
|
1 |
150d |
263d
|
120d |
6cb448ee
net_sched: fix an OOB access in cls_tcindex
|
| general protection fault in path_openat |
C |
fix
|
40 |
156d |
163d
|
126d |
40642747
vfs: fix do_last() regression
|
| BUG: sleeping function called from invalid context in tpk_write |
C |
fix
|
10 |
156d |
218d
|
126d |
ab84fd0d
ttyprintk: fix a potential deadlock in interrupt context issue
|
| BUG: sleeping function called from invalid context in lock_sock_nested (2) |
syz |
fix
|
1 |
158d |
219d
|
128d |
713ff7e4
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
| KASAN: use-after-free Read in ext4_xattr_set_entry |
C |
fix
|
9 |
161d |
253d
|
131d |
08e4a312
ext4: validate the debug_want_extra_isize mount option at parse time
|
| KASAN: slab-out-of-bounds Read in __nla_put_nohdr |
C |
fix
|
2 |
165d |
165d
|
134d |
c5fd8a37
net-sysfs: Fix reference count leak
|
| KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock |
C |
fix
|
1 |
168d |
168d
|
138d |
c57b0f88
Documentation: Document arm64 kpti control
|
| KASAN: use-after-free Read in snd_timer_resolution |
C |
fix
|
1 |
171d |
171d
|
140d |
43bb0a16
ALSA: seq: Fix racy access for queue timer in proc read
|
| INFO: task hung in genl_rcv_msg |
syz |
fix
|
2 |
175d |
175d
|
145d |
24070b40
tcp: clear tp->total_retrans in tcp_disconnect()
|
| WARNING in reconnect_path |
C |
cause+fix
|
1 |
176d |
236d
|
145d |
b6e209a1
exportfs: fix 'passing zero to ERR_PTR()' warning
|
| KASAN: use-after-free Write in __alloc_skb |
C |
fix
|
1 |
180d |
210d
|
147d |
e8412528
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
| KASAN: use-after-free Read in cdev_put |
C |
fix
|
6 |
180d |
223d
|
149d |
0ce254bc
xen-blkback: prevent premature module unload
|
| KASAN: slab-out-of-bounds Read in macvlan_broadcast |
C |
fix
|
6 |
181d |
186d
|
151d |
4a953272
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| KASAN: use-after-free Read in macvlan_broadcast |
C |
fix
|
8 |
183d |
186d
|
152d |
4a953272
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| WARNING: bad unlock balance in gtp_encap_enable_socket |
C |
fix
|
2 |
183d |
186d
|
152d |
887b0296
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_tail |
C |
fix
|
2 |
189d |
335d
|
156d |
7fed98f4
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_proto |
C |
fix
|
2 |
189d |
336d
|
156d |
7fed98f4
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_clone_redirect |
C |
fix
|
11 |
194d |
357d
|
164d |
7fed98f4
bpf: reject passing modified ctx to helper functions
|
| KASAN: slab-out-of-bounds Read in bpf_skb_change_head |
C |
fix
|
2 |
198d |
267d
|
167d |
7fed98f4
bpf: reject passing modified ctx to helper functions
|
| possible deadlock in refcount_dec_and_mutex_lock |
C |
fix
|
10 |
197d |
270d
|
167d |
4df72865
nbd: verify socket is supported during setup
|
| WARNING: refcount bug in cdev_get |
C |
fix
|
21 |
198d |
329d
|
168d |
03a70959
net: usb: lan78xx: Connect PHY before registering MAC
|
| INFO: rcu detected stall in br_handle_frame (2) |
C |
fix
|
1 |
203d |
203d
|
173d |
73a6f18d
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
| WARNING in ovl_rename |
syz |
fix
|
2 |
207d |
439d
|
174d |
6890751c
ovl: relax WARN_ON() on rename to self
|
| inconsistent lock state in sp_get |
C |
fix
|
2 |
211d |
211d
|
180d |
8b58905f
6pack,mkiss: fix possible deadlock
|
| KASAN: slab-out-of-bounds Read in linear_transfer |
C |
fix
|
4 |
212d |
219d
|
182d |
2a76606d
ALSA: pcm: oss: Avoid potential buffer overflows
|
| possible deadlock in __might_fault |
C |
fix
|
295 |
214d |
454d
|
183d |
d4197149
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| possible deadlock in mon_bin_vma_fault |
C |
fix
|
282 |
215d |
451d
|
185d |
d4197149
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| WARNING: refcount bug in kobject_get |
C |
fix
|
20 |
219d |
453d
|
189d |
227db8e4
tipc: fix unlimited bundling of small messages
|
| WARNING in refcount_error_report |
syz |
fix
|
1 |
222d |
221d
|
189d |
7272e8e3
inet: protect against too small mtu values.
|
| BUG: corrupted list in p9_fd_cancelled |
syz |
fix
|
2 |
221d |
266d
|
189d |
8a82aee7
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
|
| BUG: unable to handle kernel paging request in slhc_free |
C |
fix
|
4 |
224d |
451d
|
193d |
da0bbf51
slip: make slhc_free() silently accept an error pointer
|
| WARNING in dio_complete |
C |
fix
|
27 |
224d |
454d
|
193d |
365874a0
blk-mq: avoid sysfs buffer overflow with too many CPU cores
|
| KASAN: use-after-free Read in slip_open |
C |
cause+fix
|
2 |
228d |
228d
|
195d |
f5bcc687
slip: Fix use-after-free Read in slip_open
|
| KASAN: use-after-free Read in kfree_skb |
C |
fix
|
98 |
226d |
353d
|
195d |
79d404a2
Bluetooth: Fix invalid-free in bcsp_close()
|
| INFO: task hung in nbd_ioctl |
C |
fix
|
18 |
197d |
271d
|
195d |
4df72865
nbd: verify socket is supported during setup
|
| WARNING: suspicious RCU usage in shmem_add_seals |
C |
cause+fix
|
1435 |
233d |
255d
|
202d |
988f701a
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
| possible deadlock in flush_workqueue |
C |
fix
|
15 |
235d |
328d
|
205d |
4df72865
nbd: verify socket is supported during setup
|
| WARNING in bpf_jit_free |
syz |
fix
|
60 |
277d |
450d
|
206d |
47569360
bpf: fix use after free in prog symbol exposure
|
| INFO: task hung in lo_release |
syz |
fix
|
128 |
343d |
456d
|
207d |
22f36db4
Revert "block/loop: Use global lock for ioctl() operation."
|
| BUG: unable to handle kernel NULL pointer dereference in inet_autobind |
C |
cause+fix
|
3133 |
247d |
255d
|
207d |
7c3c0d51
sctp: not bind the socket in sctp_connect
|
| BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue |
C |
fix
|
20 |
208d |
446d
|
207d |
0b584bf5
nbd: fix max number of supported devs
|
| BUG: unable to handle kernel paging request in dummy_set_vf_vlan |
C |
fix
|
5 |
241d |
335d
|
207d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk |
C |
fix
|
6 |
244d |
356d
|
207d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_get_vf_config |
C |
fix
|
4 |
260d |
357d
|
210d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING: suspicious RCU usage in netem_enqueue |
C |
fix
|
3 |
264d |
287d
|
210d |
6f492e80
net_sched: add max len check for TCA_KIND
|
| BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en |
C |
fix
|
5 |
264d |
356d
|
210d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel paging request in dummy_set_vf_mac |
C |
fix
|
5 |
273d |
346d
|
211d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass |
C |
fix
|
14 |
267d |
307d
|
211d |
54b9f579
net_sched: check cops->tcf_block in tc_bind_tclass()
|
| KASAN: null-ptr-deref Write in kvm_write_guest_virt_system |
C |
fix
|
53 |
273d |
291d
|
211d |
2890b718
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
|
| WARNING in tcp_send_loss_probe |
C |
fix
|
22 |
294d |
304d
|
214d |
ba2ddb43
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
| general protection fault in tcp_push |
C |
fix
|
55 |
293d |
304d
|
214d |
f1dcc5ed
tcp: Reset send_head when removing skb from write-queue
|
| BUG: unable to handle kernel paging request in dummy_set_vf_rate |
C |
fix
|
3 |
294d |
309d
|
214d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING in tcp_retransmit_timer |
C |
fix
|
215 |
293d |
304d
|
214d |
ba2ddb43
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
| general protection fault in qdisc_destroy |
C |
fix
|
4 |
294d |
298d
|
214d |
e0f600b6
net_sched: let qdisc_put() accept NULL pointer
|
| INFO: rcu detected stall in mld_dad_timer_expire |
C |
fix
|
1 |
300d |
300d
|
214d |
cc243e24
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in br_handle_frame |
C |
fix
|
15 |
296d |
307d
|
216d |
cc243e24
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| WARNING in kernfs_get |
C |
fix
|
17 |
326d |
446d
|
216d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| INFO: rcu detected stall in mld_ifc_timer_expire |
C |
fix
|
9 |
298d |
307d
|
217d |
cc243e24
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| WARNING in xfrm_state_fini |
C |
fix
|
193 |
300d |
455d
|
217d |
cd393b38
xfrm: clean up xfrm protocol checks
|
| INFO: rcu detected stall in addrconf_dad_work |
C |
fix
|
18 |
301d |
307d
|
217d |
cc243e24
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in corrupted |
C |
fix
|
3 |
301d |
323d
|
218d |
cc243e24
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| BUG: unable to handle kernel paging request in dummy_set_vf_trust |
C |
fix
|
2 |
309d |
343d
|
218d |
9ed49fc9
net: rtnetlink: prevent underflows in do_setvfinfo()
|
| WARNING in map_lookup_elem |
C |
fix
|
2 |
316d |
316d
|
218d |
95867919
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
| WARNING: refcount bug in hci_register_dev |
C |
fix
|
3 |
314d |
328d
|
218d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| kernel BUG at ./include/linux/skbuff.h:LINE! |
C |
fix
|
16 |
309d |
335d
|
218d |
e5df4bae
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
|
| general protection fault in packet_lookup_frame |
C |
fix
|
1 |
331d |
331d
|
219d |
5ac73816
net/packet: fix race in tpacket_snd()
|
| WARNING: refcount bug in kobject_put |
C |
fix
|
3 |
336d |
442d
|
219d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in tcf_ife_init |
C |
fix
|
12 |
347d |
357d
|
220d |
7fcc60e5
ife: error out when nla attributes are empty
|
| general protection fault in kernfs_add_one |
C |
fix
|
5 |
344d |
413d
|
220d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in sysfs_remove_group |
C |
fix
|
1 |
360d |
360d
|
221d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| BUG: unable to handle kernel paging request in coalesced_mmio_write |
C |
fix
|
4 |
377d |
384d
|
222d |
bf81752d
KVM: coalesced_mmio: add bounds checking
|
| WARNING in kernfs_put |
C |
fix
|
2 |
376d |
442d
|
222d |
5432923a
driver core: Fix use-after-free and double free on glue directory
|
| KASAN: use-after-free Read in erspan_build_header |
C |
fix
|
18 |
422d |
456d
|
223d |
1d629bf9
net: erspan: fix use-after-free
|
| KASAN: slab-out-of-bounds Read in erspan_build_header |
C |
fix
|
8 |
420d |
456d
|
223d |
d93fb604
tipc: fix modprobe tipc failed after switch order of device registration
|
| WARNING in notify_change |
C |
fix
|
14 |
385d |
451d
|
223d |
2c546242
Abort file_remove_privs() for non-reg. files
|
| KASAN: use-after-free Read in tcp_init_tso_segs |
C |
|
1424 |
293d |
304d
|
280d |
f1dcc5ed
tcp: Reset send_head when removing skb from write-queue
|