general protection fault in em_cmp_match
|
2 |
C |
|
|
1 |
1012d |
1012d
|
1/1 |
982d |
b9b47801cef5
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
|
KASAN: use-after-free Read in bcm_can_tx
|
19 |
C |
|
|
2 |
1355d |
1811d
|
1/1 |
1336d |
632881680ba0
can: bcm: fix UAF of bcm op
|
general protection fault in ieee802154_llsec_parse_key_id
|
11 |
C |
|
done |
101 |
1624d |
1680d
|
1/1 |
1593d |
37580e6837c0
net: ieee802154: nl-mac: fix check on panid
|
general protection fault in nl802154_del_llsec_devkey
|
2 |
C |
|
done |
171 |
1624d |
1686d
|
1/1 |
1593d |
266e3f2ef0d1
net: ieee802154: fix nl802154 del llsec devkey
|
general protection fault in nl802154_del_llsec_key
|
2 |
C |
|
done |
135 |
1624d |
1680d
|
1/1 |
1593d |
1804bf103e73
net: ieee802154: fix nl802154 del llsec key
|
general protection fault in try_to_wake_up
|
2 |
C |
|
done |
707 |
1624d |
1653d
|
1/1 |
1593d |
f6420532cfd7
net: tun: set tun->dev->addr_len during TUNSETLINK processing
|
general protection fault in nl802154_add_llsec_key
|
2 |
C |
|
done |
168 |
1624d |
1684d
|
1/1 |
1593d |
3a94a5b2e0ba
net: ieee802154: fix nl802154 add llsec key
|
general protection fault in nl802154_del_llsec_dev
|
2 |
C |
|
done |
136 |
1624d |
1686d
|
1/1 |
1594d |
3ee9f1bafd06
net: ieee802154: fix nl802154 del llsec dev
|
INFO: trying to register non-static key in ieee802154_get_llsec_params
|
-1 |
C |
|
done |
8 |
1627d |
1651d
|
1/1 |
1597d |
df9aa96b613d
net: ieee802154: stop dump llsec params for monitors
|
WARNING in cfg80211_connect
|
-1 |
C |
|
done |
101 |
1642d |
1821d
|
1/1 |
1607d |
bd7b29fb365e
cfg80211: remove WARN_ON() in cfg80211_sme_connect
|
BUG: unable to handle kernel NULL pointer dereference in __lookup_hash
|
10 |
C |
|
done |
31 |
1637d |
1830d
|
1/1 |
1607d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
general protection fault in selinux_socket_sendmsg
|
2 |
C |
|
done |
3 |
1646d |
1818d
|
1/1 |
1615d |
534d2cf487b9
usbip: synchronize event handler with sysfs code paths
|
KASAN: use-after-free Read in ieee80211_ibss_build_presp
|
19 |
C |
|
done |
2 |
1647d |
1794d
|
1/1 |
1617d |
d2ddd5417f6d
mac80211: fix double free in ibss_leave
|
possible deadlock in red_adaptative_timer
|
4 |
C |
|
done |
2 |
1650d |
1741d
|
1/1 |
1619d |
43c9bffda3a2
net: sched: validate stab values
|
BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection
|
10 |
syz |
|
done |
1335 |
1654d |
1744d
|
1/1 |
1621d |
534d2cf487b9
usbip: synchronize event handler with sysfs code paths
|
WARNING in ext4_xattr_set_entry
|
-1 |
C |
|
done |
19 |
1665d |
1821d
|
1/1 |
1633d |
470f69cb3742
ext4: do not try to set xattr into ea_inode if value is empty
|
BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
|
10 |
C |
|
done |
207 |
1666d |
1883d
|
1/1 |
1633d |
2f642a2b3365
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
KASAN: use-after-free Read in ntfs_iget
|
19 |
C |
|
done |
2 |
1678d |
1754d
|
1/1 |
1648d |
49ee014a2070
ntfs: check for valid standard information attribute
|
KASAN: use-after-free Read in ntfs_read_locked_inode
|
19 |
C |
|
done |
2 |
1680d |
1831d
|
1/1 |
1649d |
49ee014a2070
ntfs: check for valid standard information attribute
|
KASAN: slab-out-of-bounds Read in squashfs_export_iget
|
17 |
C |
|
done |
4 |
1707d |
1811d
|
1/1 |
1674d |
69396cfd7908
squashfs: add more sanity checks in inode lookup
|
general protection fault in ieee80211_subif_start_xmit
|
2 |
syz |
|
done |
1 |
1704d |
1764d
|
1/1 |
1674d |
d882652c1c6f
mac80211: pause TX while changing interface type
|
general protection fault in ioctl_standard_call
|
2 |
C |
|
done |
24 |
1705d |
1801d
|
1/1 |
1674d |
173b67cf1e72
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
KASAN: slab-out-of-bounds Read in squashfs_get_id
|
17 |
C |
|
|
11 |
1677d |
1830d
|
1/1 |
1676d |
8d9ca7e328ef
squashfs: add more sanity checks in id lookup
|
KASAN: use-after-free Read in squashfs_get_id
|
19 |
C |
|
|
1 |
1676d |
1772d
|
1/1 |
1676d |
8d9ca7e328ef
squashfs: add more sanity checks in id lookup
|
KASAN: use-after-free Read in reiserfs_fill_super
|
19 |
C |
|
done |
2 |
1725d |
1725d
|
1/1 |
1678d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
divide error in do_journal_end
|
2 |
C |
|
done |
1 |
1722d |
1782d
|
1/1 |
1678d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
KASAN: use-after-free Read in search_by_entry_key
|
19 |
C |
|
done |
3 |
1724d |
1830d
|
1/1 |
1678d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
KASAN: use-after-free Read in reiserfs_read_locked_inode
|
19 |
C |
|
done |
5 |
1726d |
1831d
|
1/1 |
1679d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
general protection fault in dqput
|
2 |
C |
|
done |
1 |
1733d |
1733d
|
1/1 |
1703d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
KASAN: use-after-free Read in leaf_paste_entries
|
19 |
C |
|
done |
6 |
1735d |
1779d
|
1/1 |
1704d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
general protection fault in hci_phy_link_complete_evt
|
2 |
C |
|
done |
40 |
1735d |
1881d
|
1/1 |
1704d |
4113f6f73f6e
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
BUG: unable to handle kernel paging request in dquot_add_inodes
|
8 |
C |
|
done |
2 |
1737d |
1759d
|
1/1 |
1707d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
BUG: unable to handle kernel paging request in dqput
|
8 |
C |
|
done |
9 |
1739d |
1829d
|
1/1 |
1707d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
kernel BUG at net/core/dev.c:LINE!
|
-1 |
C |
|
inconclusive |
3 |
1732d |
2001d
|
1/1 |
1713d |
8f9a69a92fc6
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
|
kernel BUG at fs/reiserfs/prints.c:LINE!
|
-1 |
C |
|
done |
3 |
1748d |
1828d
|
1/1 |
1718d |
b74d5f70523a
reiserfs: add check for an invalid ih_entry_count
|
general protection fault in get_work_pool
|
2 |
C |
|
done |
1 |
1751d |
1781d
|
1/1 |
1720d |
42a387dc80c3
mac80211: mesh: fix mesh_pathtbl_init() error path
|
BUG: corrupted list in dquot_disable
|
8 |
C |
|
done |
1 |
1752d |
1752d
|
1/1 |
1721d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
KASAN: use-after-free Read in sco_chan_del
|
19 |
C |
|
done |
10 |
1754d |
1880d
|
1/1 |
1724d |
4113f6f73f6e
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
INFO: trying to register non-static key in rhashtable_free_and_destroy
|
-1 |
C |
|
done |
4 |
1758d |
1772d
|
1/1 |
1725d |
42a387dc80c3
mac80211: mesh: fix mesh_pathtbl_init() error path
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt
|
17 |
C |
|
done |
15 |
1761d |
1881d
|
1/1 |
1731d |
7ee2cd49f722
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
BUG: unable to handle kernel paging request in dquot_add_space
|
8 |
C |
|
done |
1 |
1762d |
1822d
|
1/1 |
1731d |
a9c625fcddc0
quota: Sanity-check quota file headers on load
|
BUG: sleeping function called from invalid context in sta_info_move_state
|
5 |
C |
|
done |
1101 |
1767d |
1769d
|
1/1 |
1736d |
89ab6b90b7d9
mac80211: free sta in sta_info_insert_finish() on errors
|
general protection fault in qp_release_pages
|
2 |
C |
|
done |
2 |
1769d |
1799d
|
1/1 |
1738d |
2b8c7395d275
VMCI: check return value of get_user_pages_fast() for errors
|
WARNING in unlock_new_inode
|
-1 |
C |
|
done |
55 |
1795d |
1833d
|
1/1 |
1765d |
a8ca9f684674
reiserfs: only call unlock_new_inode() if I_NEW
|
KASAN: slab-out-of-bounds Write in init_sb
|
23 |
C |
|
done |
3 |
1797d |
1830d
|
1/1 |
1766d |
78734edd11cc
gfs2: add validation checks for size of superblock
|
KASAN: global-out-of-bounds Read in fbcon_resize
|
17 |
C |
|
done |
529 |
1801d |
1849d
|
1/1 |
1770d |
d31eccab7abd
fbcon: Fix user font detection test at fbcon_resize().
|
INFO: task hung in ucma_close
|
1 |
C |
|
done |
421 |
1801d |
2214d
|
1/1 |
1771d |
ef13017d65b0
RDMA/ucma: ucma_context reference leak in error path
|
KASAN: global-out-of-bounds Read in vga16fb_imageblit
|
17 |
C |
|
done |
723 |
1801d |
2124d
|
1/1 |
1771d |
0472aa0c36c7
video: fbdev: fix OOB read in vga_8planes_imageblit()
|
KASAN: slab-out-of-bounds Read in ntfs_attr_find
|
17 |
C |
|
done |
10 |
1801d |
1829d
|
1/1 |
1771d |
d2918cca649f
ntfs: add check for mft record size in superblock
|
KASAN: global-out-of-bounds Read in fbcon_get_font
|
17 |
C |
|
done |
42 |
1808d |
2124d
|
1/1 |
1777d |
30386c13a1bf
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
|
KASAN: use-after-free Read in ntfs_attr_find
|
19 |
C |
|
done |
4 |
1810d |
1829d
|
1/1 |
1779d |
d2918cca649f
ntfs: add check for mft record size in superblock
|
KASAN: global-out-of-bounds Read in get_unique_tuple
|
17 |
C |
|
done |
5 |
1822d |
1995d
|
1/1 |
1792d |
60634d81cb43
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
general protection fault in open_xa_dir
|
2 |
C |
|
done |
1 |
1830d |
1830d
|
1/1 |
1799d |
e2b6b34324c4
reiserfs: Fix oops during mount
|
KASAN: use-after-free Read in rxrpc_see_skb
|
19 |
syz |
|
done |
1 |
1851d |
1851d
|
1/1 |
1801d |
38eefb196438
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
|
INFO: task hung in nbd_ioctl (2)
|
1 |
C |
|
done |
16 |
1847d |
2093d
|
1/1 |
1801d |
7241d653bcc1
tipc: fix shutdown() of connection oriented socket
|
WARNING in restore_regulatory_settings
|
-1 |
C |
|
done |
2264 |
1843d |
2089d
|
1/1 |
1812d |
02015d244d9c
cfg80211: regulatory: reject invalid hints
|
general protection fault in __sock_release
|
2 |
syz |
|
done |
12 |
1843d |
1855d
|
1/1 |
1812d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
general protection fault in locks_remove_file
|
2 |
syz |
|
done |
6 |
1843d |
1854d
|
1/1 |
1813d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
general protection fault in tty_release
|
2 |
C |
|
done |
10 |
1844d |
1854d
|
1/1 |
1814d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
KASAN: use-after-free Read in seq_release_private
|
19 |
syz |
|
done |
1 |
1845d |
1845d
|
1/1 |
1814d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
WARNING: ODEBUG bug in corrupted
|
-1 |
syz |
|
done |
1 |
1846d |
1846d
|
1/1 |
1814d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
WARNING: ODEBUG bug in exit_to_usermode_loop
|
-1 |
syz |
|
done |
2 |
1848d |
1850d
|
1/1 |
1817d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
KASAN: use-after-free Read in __sock_release
|
19 |
syz |
|
done |
3 |
1848d |
1856d
|
1/1 |
1817d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
WARNING in snd_pcm_drop
|
-1 |
syz |
|
done |
1 |
1847d |
1847d
|
1/1 |
1817d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
BUG: corrupted list in fuse_dev_free
|
8 |
syz |
|
done |
1 |
1850d |
1850d
|
1/1 |
1819d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
general protection fault in kmem_cache_free
|
2 |
syz |
|
done |
3 |
1850d |
1850d
|
1/1 |
1819d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
KASAN: use-after-free Read in snd_pcm_oss_release
|
19 |
syz |
|
done |
1 |
1850d |
1850d
|
1/1 |
1819d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
KASAN: use-after-free Write in ex_handler_refcount
|
24 |
C |
|
done |
16 |
1850d |
2059d
|
1/1 |
1819d |
af7122cfbaee
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
KASAN: double-free or invalid-free in (null)
|
22 |
syz |
|
done |
1 |
1851d |
1851d
|
1/1 |
1820d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
BUG: corrupted list in mousedev_release
|
8 |
syz |
|
done |
1 |
1853d |
1853d
|
1/1 |
1822d |
c5c6e00f6cc5
fix regression in "epoll: Keep a reference on files added to the check list"
|
INFO: trying to register non-static key in uhid_char_release
|
-1 |
C |
|
done |
2 |
1854d |
1873d
|
1/1 |
1823d |
9e5894b7e222
HID: core: Correctly handle ReportSize being zero
|
KASAN: slab-out-of-bounds Read in hci_event_packet
|
17 |
C |
|
done |
17 |
1865d |
2339d
|
1/1 |
1835d |
68bb9eddbf5d
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt
|
17 |
C |
|
done |
6 |
1866d |
1883d
|
1/1 |
1836d |
68bb9eddbf5d
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
KASAN: use-after-free Read in get_block
|
19 |
C |
|
done |
8 |
1871d |
1996d
|
1/1 |
1840d |
0900097ef667
fs/minix: reject too-large maximum file size
|
WARNING in inc_nlink
|
-1 |
C |
|
done |
21 |
1872d |
2014d
|
1/1 |
1841d |
12490f06ef08
fs/minix: don't allow getting deleted inodes
|
KASAN: slab-out-of-bounds Read in get_block
|
17 |
C |
|
done |
2 |
1871d |
1902d
|
1/1 |
1841d |
0900097ef667
fs/minix: reject too-large maximum file size
|
BUG: unable to handle kernel NULL pointer dereference in get_block
|
10 |
C |
|
done |
45 |
1872d |
2019d
|
1/1 |
1842d |
3c775629a5ff
fs/minix: check return value of sb_getblk()
|
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt
|
17 |
C |
|
done |
5 |
1876d |
1881d
|
1/1 |
1843d |
d91299b8382b
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
KASAN: use-after-free Read in delete_and_unsubscribe_port
|
19 |
syz |
|
done |
2 |
1884d |
1884d
|
1/1 |
1851d |
ccafbed8b2f6
ALSA: seq: oss: Serialize ioctls
|
KASAN: double-free or invalid-free in 0x2
|
22 |
syz |
|
done |
1 |
1884d |
1884d
|
1/1 |
1851d |
ccafbed8b2f6
ALSA: seq: oss: Serialize ioctls
|
INFO: task hung in fb_release
|
1 |
C |
|
done |
48 |
1886d |
2117d
|
1/1 |
1855d |
c388072f90cc
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
unregister_netdevice: waiting for DEV to become free
|
2 |
C |
|
done |
120 |
1912d |
2351d
|
1/1 |
1881d |
0f7f0b057417
ipvs: fix tinfo memory leak in start_sync_thread
|
general protection fault in batadv_iv_ogm_schedule_buff
|
2 |
|
|
|
1 |
1988d |
1988d
|
1/1 |
1906d |
e181bb93c904
batman-adv: Don't schedule OGM for disabled interface
|
KASAN: null-ptr-deref Write in choke_reset
|
12 |
C |
|
done |
283 |
1955d |
1985d
|
1/1 |
1925d |
4836eb6b5965
sch_choke: avoid potential panic in choke_reset()
|
KASAN: use-after-free Read in do_blk_trace_setup
|
19 |
C |
|
done |
342 |
1956d |
2360d
|
1/1 |
1925d |
b390c22c0bc7
blktrace: fix unlocked access to init/start-stop/teardown
|
WARNING in xfrm_policy_insert
|
-1 |
syz |
|
done |
8 |
1959d |
2218d
|
1/1 |
1929d |
1cd914b02b5a
xfrm: fix a warning in xfrm_policy_insert_list
|
KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1
|
23 |
C |
|
done |
1 |
1961d |
1991d
|
1/1 |
1930d |
8645ac3684a7
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
WARNING: ODEBUG bug in route4_change
|
-1 |
C |
|
done |
23 |
2003d |
2031d
|
1/1 |
1973d |
f0c92f59cf52
net_sched: cls_route: remove the right filter from hashtable
|
KASAN: use-after-free Write in release_tty
|
24 |
C |
|
done |
124 |
2004d |
2123d
|
1/1 |
1973d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
WARNING: ODEBUG bug in rfcomm_dev_ioctl
|
-1 |
C |
|
done |
2 |
2012d |
2013d
|
1/1 |
1982d |
0da9c032adbb
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user
|
17 |
C |
|
done |
1 |
2013d |
2013d
|
1/1 |
1983d |
25106012e91a
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
WARNING: refcount bug in sock_wfree
|
13 |
C |
done |
done |
3 |
2014d |
2135d
|
1/1 |
1984d |
968f831d9056
sctp: fix refcount bug in sctp_wfree
|
KASAN: use-after-free Write in tcindex_set_parms
|
24 |
C |
|
done |
3 |
2017d |
2018d
|
1/1 |
1987d |
9f8b6c44be17
net_sched: keep alloc_hash updated after hash allocation
|
KASAN: slab-out-of-bounds Write in tcindex_set_parms
|
23 |
C |
|
done |
2 |
2018d |
2018d
|
1/1 |
1987d |
9f8b6c44be17
net_sched: keep alloc_hash updated after hash allocation
|
WARNING: ODEBUG bug in rfcomm_dlc_free
|
-1 |
C |
|
done |
16 |
2020d |
2253d
|
1/1 |
1989d |
0da9c032adbb
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
KASAN: use-after-free Read in tty_open
|
19 |
C |
|
done |
5 |
2022d |
2124d
|
1/1 |
1992d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
KASAN: use-after-free Read in tty_buffer_cancel_work
|
19 |
C |
|
done |
2 |
2031d |
2119d
|
1/1 |
2001d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
KASAN: use-after-free Read in get_work_pool
|
19 |
C |
|
done |
1 |
2032d |
2122d
|
1/1 |
2002d |
b9eb60a0ef39
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
KASAN: use-after-free Read in n_tty_receive_buf_common
|
19 |
C |
|
done |
25 |
2034d |
2123d
|
1/1 |
2003d |
a4719f6d07b2
vt: selection, push sel_lock up
|
WARNING: kernel stack frame pointer has bad value
|
-1 |
C |
|
done |
65 |
2039d |
2343d
|
1/1 |
2005d |
377d7378a605
fjes: fix missed check in fjes_acpi_add
|
INFO: task hung in paste_selection
|
1 |
C |
|
done |
8 |
2040d |
2115d
|
1/1 |
2009d |
7c315855c6f4
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
|
INFO: task hung in drain_all_pages
|
1 |
C |
|
done |
1 |
2040d |
2040d
|
1/1 |
2010d |
a86265edeb33
netfilter: xt_hashlimit: limit the max size of hashtable
|
INFO: task hung in tty_ldisc_hangup
|
1 |
C |
|
done |
17 |
2047d |
2119d
|
1/1 |
2017d |
a4719f6d07b2
vt: selection, push sel_lock up
|
INFO: task hung in hashlimit_mt_check_common
|
1 |
C |
|
done |
6 |
2050d |
2102d
|
1/1 |
2018d |
a86265edeb33
netfilter: xt_hashlimit: limit the max size of hashtable
|
KASAN: stack-out-of-bounds Write in ax25_getname
|
23 |
C |
|
done |
4 |
2050d |
2345d
|
1/1 |
2018d |
ff8e12b0cfe2
vhost: Check docket sk_family instead of call getname
|
KASAN: slab-out-of-bounds Read in tcf_exts_destroy
|
17 |
C |
|
done |
1 |
2054d |
2167d
|
1/1 |
2024d |
6cb448ee493c
net_sched: fix an OOB access in cls_tcindex
|
general protection fault in path_openat
|
2 |
C |
|
done |
40 |
2060d |
2066d
|
1/1 |
2029d |
40642747dd9f
vfs: fix do_last() regression
|
BUG: sleeping function called from invalid context in tpk_write
|
5 |
C |
|
done |
10 |
2060d |
2121d
|
1/1 |
2029d |
ab84fd0d3dc8
ttyprintk: fix a potential deadlock in interrupt context issue
|
BUG: sleeping function called from invalid context in lock_sock_nested (2)
|
5 |
syz |
|
done |
1 |
2062d |
2122d
|
1/1 |
2032d |
713ff7e4d605
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
KASAN: use-after-free Read in ext4_xattr_set_entry
|
19 |
C |
|
done |
9 |
2065d |
2157d
|
1/1 |
2034d |
08e4a312439c
ext4: validate the debug_want_extra_isize mount option at parse time
|
KASAN: slab-out-of-bounds Read in __nla_put_nohdr
|
17 |
C |
|
done |
2 |
2068d |
2068d
|
1/1 |
2038d |
c5fd8a37e971
net-sysfs: Fix reference count leak
|
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
|
23 |
C |
|
done |
1 |
2072d |
2072d
|
1/1 |
2041d |
c57b0f88fce8
Documentation: Document arm64 kpti control
|
KASAN: use-after-free Read in snd_timer_resolution
|
19 |
C |
|
done |
1 |
2074d |
2074d
|
1/1 |
2044d |
43bb0a16b25d
ALSA: seq: Fix racy access for queue timer in proc read
|
INFO: task hung in genl_rcv_msg
|
1 |
syz |
|
done |
2 |
2078d |
2079d
|
1/1 |
2048d |
24070b40926b
tcp: clear tp->total_retrans in tcp_disconnect()
|
WARNING in reconnect_path
|
-1 |
C |
done |
done |
1 |
2080d |
2140d
|
1/1 |
2049d |
b6e209a13a61
exportfs: fix 'passing zero to ERR_PTR()' warning
|
KASAN: use-after-free Write in __alloc_skb
|
24 |
C |
|
done |
1 |
2084d |
2114d
|
1/1 |
2050d |
e841252840c4
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
KASAN: use-after-free Read in cdev_put
|
19 |
C |
|
done |
6 |
2084d |
2127d
|
1/1 |
2053d |
0ce254bc68ed
xen-blkback: prevent premature module unload
|
KASAN: slab-out-of-bounds Read in macvlan_broadcast
|
17 |
C |
|
done |
6 |
2085d |
2090d
|
1/1 |
2055d |
4a953272f2d2
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
KASAN: use-after-free Read in macvlan_broadcast
|
19 |
C |
|
done |
8 |
2087d |
2090d
|
1/1 |
2056d |
4a953272f2d2
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
WARNING: bad unlock balance in gtp_encap_enable_socket
|
4 |
C |
|
done |
2 |
2087d |
2090d
|
1/1 |
2056d |
887b0296a905
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_tail
|
17 |
C |
|
done |
2 |
2093d |
2239d
|
1/1 |
2060d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto
|
17 |
C |
|
done |
2 |
2092d |
2239d
|
1/1 |
2060d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
KASAN: slab-out-of-bounds Read in bpf_clone_redirect
|
17 |
C |
|
done |
11 |
2098d |
2261d
|
1/1 |
2068d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_head
|
17 |
C |
|
done |
2 |
2102d |
2171d
|
1/1 |
2070d |
7fed98f4a1e6
bpf: reject passing modified ctx to helper functions
|
possible deadlock in refcount_dec_and_mutex_lock
|
4 |
C |
|
done |
10 |
2101d |
2173d
|
1/1 |
2070d |
4df728651b8a
nbd: verify socket is supported during setup
|
WARNING: refcount bug in cdev_get
|
13 |
C |
|
done |
21 |
2102d |
2232d
|
1/1 |
2072d |
03a709593040
net: usb: lan78xx: Connect PHY before registering MAC
|
INFO: rcu detected stall in br_handle_frame (2)
|
1 |
C |
|
done |
1 |
2107d |
2107d
|
1/1 |
2077d |
73a6f18d8390
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
WARNING in ovl_rename
|
-1 |
syz |
|
done |
2 |
2111d |
2343d
|
1/1 |
2077d |
6890751cfea7
ovl: relax WARN_ON() on rename to self
|
inconsistent lock state in sp_get
|
4 |
C |
|
done |
2 |
2115d |
2115d
|
1/1 |
2084d |
8b58905f212b
6pack,mkiss: fix possible deadlock
|
KASAN: slab-out-of-bounds Read in linear_transfer
|
17 |
C |
|
done |
4 |
2116d |
2123d
|
1/1 |
2086d |
2a76606d8a83
ALSA: pcm: oss: Avoid potential buffer overflows
|
possible deadlock in __might_fault
|
4 |
C |
|
done |
295 |
2118d |
2358d
|
1/1 |
2087d |
d41971493d28
usb: mon: Fix a deadlock in usbmon between mmap and read
|
possible deadlock in mon_bin_vma_fault
|
4 |
C |
|
done |
282 |
2119d |
2354d
|
1/1 |
2088d |
d41971493d28
usb: mon: Fix a deadlock in usbmon between mmap and read
|
WARNING: refcount bug in kobject_get
|
13 |
C |
|
done |
20 |
2123d |
2357d
|
1/1 |
2093d |
227db8e4c346
tipc: fix unlimited bundling of small messages
|
WARNING in refcount_error_report
|
-1 |
syz |
|
done |
1 |
2125d |
2125d
|
1/1 |
2093d |
7272e8e3bfa3
inet: protect against too small mtu values.
|
BUG: corrupted list in p9_fd_cancelled
|
8 |
syz |
|
done |
2 |
2124d |
2170d
|
1/1 |
2093d |
8a82aee7bdfd
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
|
BUG: unable to handle kernel paging request in slhc_free
|
8 |
C |
|
done |
4 |
2128d |
2355d
|
1/1 |
2097d |
da0bbf51bdcb
slip: make slhc_free() silently accept an error pointer
|
WARNING in dio_complete
|
-1 |
C |
|
done |
27 |
2128d |
2357d
|
1/1 |
2097d |
365874a0eab5
blk-mq: avoid sysfs buffer overflow with too many CPU cores
|
KASAN: use-after-free Read in slip_open
|
19 |
C |
done |
done |
2 |
2131d |
2131d
|
1/1 |
2099d |
f5bcc687e3d6
slip: Fix use-after-free Read in slip_open
|
KASAN: use-after-free Read in kfree_skb
|
19 |
C |
|
done |
98 |
2129d |
2257d
|
1/1 |
2099d |
79d404a2aa86
Bluetooth: Fix invalid-free in bcsp_close()
|
INFO: task hung in nbd_ioctl
|
1 |
C |
|
done |
18 |
2100d |
2174d
|
1/1 |
2099d |
4df728651b8a
nbd: verify socket is supported during setup
|
WARNING: suspicious RCU usage in shmem_add_seals
|
4 |
C |
done |
done |
1435 |
2136d |
2159d
|
1/1 |
2106d |
988f701a805b
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
possible deadlock in flush_workqueue
|
4 |
C |
|
done |
15 |
2139d |
2232d
|
1/1 |
2109d |
4df728651b8a
nbd: verify socket is supported during setup
|
WARNING in bpf_jit_free
|
-1 |
syz |
|
done |
60 |
2181d |
2354d
|
1/1 |
2110d |
47569360be87
bpf: fix use after free in prog symbol exposure
|
INFO: task hung in lo_release
|
1 |
syz |
|
done |
128 |
2247d |
2360d
|
1/1 |
2110d |
22f36db48781
Revert "block/loop: Use global lock for ioctl() operation."
|
BUG: unable to handle kernel NULL pointer dereference in inet_autobind
|
10 |
C |
inconclusive |
done |
3133 |
2151d |
2159d
|
1/1 |
2111d |
7c3c0d51129a
sctp: not bind the socket in sctp_connect
|
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
|
10 |
C |
|
done |
20 |
2112d |
2350d
|
1/1 |
2111d |
0b584bf573ae
nbd: fix max number of supported devs
|
BUG: unable to handle kernel paging request in dummy_set_vf_vlan
|
8 |
C |
|
done |
5 |
2145d |
2238d
|
1/1 |
2111d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk
|
8 |
C |
|
done |
6 |
2148d |
2259d
|
1/1 |
2111d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
BUG: unable to handle kernel paging request in dummy_get_vf_config
|
8 |
C |
|
done |
4 |
2164d |
2261d
|
1/1 |
2114d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
WARNING: suspicious RCU usage in netem_enqueue
|
4 |
C |
|
done |
3 |
2168d |
2191d
|
1/1 |
2114d |
6f492e801033
net_sched: add max len check for TCA_KIND
|
BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en
|
8 |
C |
|
done |
5 |
2168d |
2259d
|
1/1 |
2114d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
BUG: unable to handle kernel paging request in dummy_set_vf_mac
|
8 |
C |
|
done |
5 |
2177d |
2249d
|
1/1 |
2115d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
|
10 |
C |
|
done |
14 |
2171d |
2211d
|
1/1 |
2115d |
54b9f5791846
net_sched: check cops->tcf_block in tc_bind_tclass()
|
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system
|
12 |
C |
|
done |
53 |
2177d |
2195d
|
1/1 |
2115d |
2890b718f4a8
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
|
WARNING in tcp_send_loss_probe
|
-1 |
C |
|
done |
22 |
2198d |
2208d
|
1/1 |
2118d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
general protection fault in tcp_push
|
2 |
C |
|
done |
55 |
2197d |
2208d
|
1/1 |
2118d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|
BUG: unable to handle kernel paging request in dummy_set_vf_rate
|
8 |
C |
|
done |
3 |
2198d |
2212d
|
1/1 |
2118d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
WARNING in tcp_retransmit_timer
|
-1 |
C |
|
done |
215 |
2197d |
2208d
|
1/1 |
2118d |
ba2ddb43f270
tcp: Don't dequeue SYN/FIN-segments from write-queue
|
general protection fault in qdisc_destroy
|
2 |
C |
|
done |
4 |
2197d |
2202d
|
1/1 |
2118d |
e0f600b69df3
net_sched: let qdisc_put() accept NULL pointer
|
INFO: rcu detected stall in mld_dad_timer_expire
|
1 |
C |
|
done |
1 |
2203d |
2203d
|
1/1 |
2118d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in br_handle_frame
|
1 |
C |
|
done |
15 |
2200d |
2211d
|
1/1 |
2119d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
WARNING in kernfs_get
|
-1 |
C |
|
done |
17 |
2230d |
2350d
|
1/1 |
2119d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
INFO: rcu detected stall in mld_ifc_timer_expire
|
1 |
C |
|
done |
9 |
2202d |
2211d
|
1/1 |
2121d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
WARNING in xfrm_state_fini
|
-1 |
C |
|
done |
193 |
2204d |
2359d
|
1/1 |
2121d |
cd393b38514d
xfrm: clean up xfrm protocol checks
|
INFO: rcu detected stall in addrconf_dad_work
|
1 |
C |
|
done |
18 |
2204d |
2211d
|
1/1 |
2121d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in corrupted
|
1 |
C |
|
done |
3 |
2205d |
2227d
|
1/1 |
2121d |
cc243e2427ce
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
BUG: unable to handle kernel paging request in dummy_set_vf_trust
|
8 |
C |
|
done |
2 |
2213d |
2246d
|
1/1 |
2122d |
9ed49fc95f37
net: rtnetlink: prevent underflows in do_setvfinfo()
|
WARNING in map_lookup_elem
|
-1 |
C |
|
done |
2 |
2220d |
2220d
|
1/1 |
2122d |
95867919494d
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
WARNING: refcount bug in hci_register_dev
|
13 |
C |
|
done |
3 |
2217d |
2232d
|
1/1 |
2122d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
kernel BUG at ./include/linux/skbuff.h:LINE!
|
-1 |
C |
|
done |
16 |
2213d |
2239d
|
1/1 |
2122d |
e5df4baea324
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
|
general protection fault in packet_lookup_frame
|
2 |
C |
|
done |
1 |
2235d |
2235d
|
1/1 |
2123d |
5ac73816dda7
net/packet: fix race in tpacket_snd()
|
WARNING: refcount bug in kobject_put
|
13 |
C |
|
done |
3 |
2239d |
2346d
|
1/1 |
2123d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
general protection fault in tcf_ife_init
|
2 |
C |
|
done |
12 |
2251d |
2260d
|
1/1 |
2124d |
7fcc60e5f837
ife: error out when nla attributes are empty
|
general protection fault in kernfs_add_one
|
2 |
C |
|
done |
5 |
2247d |
2316d
|
1/1 |
2124d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
WARNING in sysfs_remove_group
|
-1 |
C |
|
done |
1 |
2263d |
2263d
|
1/1 |
2125d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
BUG: unable to handle kernel paging request in coalesced_mmio_write
|
8 |
C |
|
done |
4 |
2281d |
2287d
|
1/1 |
2125d |
bf81752d808c
KVM: coalesced_mmio: add bounds checking
|
WARNING in kernfs_put
|
-1 |
C |
|
done |
2 |
2279d |
2346d
|
1/1 |
2125d |
5432923a6b20
driver core: Fix use-after-free and double free on glue directory
|
KASAN: use-after-free Read in erspan_build_header
|
19 |
C |
|
done |
18 |
2326d |
2360d
|
1/1 |
2126d |
1d629bf9b576
net: erspan: fix use-after-free
|
KASAN: slab-out-of-bounds Read in erspan_build_header
|
17 |
C |
|
done |
8 |
2324d |
2360d
|
1/1 |
2126d |
d93fb604c079
tipc: fix modprobe tipc failed after switch order of device registration
|
WARNING in notify_change
|
-1 |
C |
|
done |
14 |
2289d |
2355d
|
1/1 |
2126d |
2c5462425563
Abort file_remove_privs() for non-reg. files
|
KASAN: use-after-free Read in tcp_init_tso_segs
|
19 |
C |
|
|
1424 |
2197d |
2208d
|
1/1 |
2184d |
f1dcc5ed4bea
tcp: Reset send_head when removing skb from write-queue
|