| BUG: sleeping function called from invalid context in htb_destroy |
C |
|
done |
2 |
31d |
552d
|
1d00h |
66f6f409
net: sched: validate stab values
|
| possible deadlock in red_change |
C |
|
done |
10 |
32d |
272d
|
2d04h |
66f6f409
net: sched: validate stab values
|
| BUG: unable to handle kernel NULL pointer dereference in __lookup_slow |
C |
|
done |
23 |
45d |
203d
|
13d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| WARNING in ext4_xattr_set_entry |
C |
|
done |
12 |
46d |
180d
|
16d |
a8fb57ec
ext4: do not try to set xattr into ea_inode if value is empty
|
| BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data |
C |
|
done |
114 |
50d |
266d
|
16d |
99c2c8b0
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
| KASAN: use-after-free Read in skb_dequeue |
syz |
|
done |
1 |
57d |
262d
|
24d |
c1a77dbc
btrfs: raid56: simplify tracking of Q stripe presence
|
| KASAN: use-after-free Read in ntfs_iget |
C |
|
done |
1 |
57d |
117d
|
24d |
23e89586
ntfs: check for valid standard information attribute
|
| KASAN: use-after-free Read in ntfs_read_locked_inode |
C |
|
done |
2 |
60d |
210d
|
30d |
23e89586
ntfs: check for valid standard information attribute
|
| kernel BUG in pfkey_send_acquire |
C |
|
done |
56 |
66d |
95d
|
36d |
fa137b50
block: split .sysfs_lock into two locks
|
| general protection fault in ioctl_standard_call |
C |
|
done |
23 |
70d |
184d
|
39d |
3f33e522
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
| KASAN: slab-out-of-bounds Read in squashfs_export_iget |
C |
|
done |
5 |
82d |
182d
|
51d |
a6f933a3
squashfs: add more sanity checks in inode lookup
|
| general protection fault in ieee80211_subif_start_xmit |
C |
|
done |
4 |
86d |
127d
|
52d |
b26b5e08
mac80211: pause TX while changing interface type
|
| UBSAN: undefined-behaviour in tcindex_set_parms |
C |
|
done |
39 |
98d |
213d
|
59d |
22c1b226
net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
|
| kernel BUG at fs/reiserfs/prints.c:LINE! |
C |
|
done |
5 |
108d |
199d
|
60d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| KASAN: use-after-free Read in search_by_entry_key |
C |
|
done |
1 |
108d |
198d
|
62d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| KASAN: slab-out-of-bounds Read in squashfs_get_id |
C |
|
|
58 |
67d |
211d
|
62d |
e5099c0e
squashfs: add more sanity checks in id lookup
|
| KASAN: use-after-free Read in squashfs_get_id |
C |
|
|
3 |
106d |
160d
|
62d |
e5099c0e
squashfs: add more sanity checks in id lookup
|
| KASAN: use-after-free Read in tls_write_space |
C |
|
done |
25 |
114d |
739d
|
84d |
d71f3fb9
net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
|
| divide error in do_journal_end |
C |
|
done |
2 |
116d |
176d
|
86d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in dqput |
C |
|
done |
2 |
117d |
130d
|
86d |
7bae8482
quota: Sanity-check quota file headers on load
|
| WARNING in md_ioctl |
C |
|
done |
199 |
117d |
734d
|
86d |
b85abab5
md: fix a warning caused by a race between concurrent md_ioctl()s
|
| general protection fault in hci_phy_link_complete_evt |
C |
|
done |
28 |
121d |
264d
|
90d |
abae1003
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
| KASAN: use-after-free Read in leaf_paste_entries |
C |
|
done |
1 |
124d |
124d
|
93d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| general protection fault in hci_event_packet |
C |
|
done |
3 |
125d |
191d
|
94d |
abae1003
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
| KASAN: slab-out-of-bounds Read in hci_le_meta_evt |
C |
|
done |
12 |
125d |
266d
|
94d |
61490c48
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
| KASAN: use-after-free Read in reiserfs_read_locked_inode |
C |
|
done |
4 |
128d |
210d
|
98d |
b8590c82
reiserfs: add check for an invalid ih_entry_count
|
| INFO: task hung in rdma_destroy_id |
C |
|
done |
2 |
129d |
159d
|
98d |
01413361
usb: uas: Add PNY USB Portable SSD to unusual_uas
|
| INFO: task hung in do_read_cache_page |
C |
|
done |
2 |
130d |
190d
|
100d |
8e63266b
fcntl: Fix potential deadlock in send_sig{io, urg}()
|
| BUG: unable to handle kernel paging request in dquot_add_space |
C |
|
done |
1 |
132d |
192d
|
100d |
7bae8482
quota: Sanity-check quota file headers on load
|
| BUG: unable to handle kernel paging request in dqput |
C |
|
done |
8 |
130d |
200d
|
100d |
7bae8482
quota: Sanity-check quota file headers on load
|
| general protection fault in gfs2_ri_update |
C |
|
done |
28 |
136d |
212d
|
104d |
6790f8b9
gfs2: check for empty rgrp tree in gfs2_ri_update
|
| KASAN: use-after-free Write in sco_chan_del |
C |
|
done |
10 |
139d |
263d
|
108d |
abae1003
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
| KASAN: use-after-free Read in btrfs_scan_one_device |
C |
|
done |
43 |
143d |
218d
|
113d |
aec62fa4
btrfs: don't access possibly stale fs_info data for printing duplicate device
|
| BUG: sleeping function called from invalid context in corrupted |
C |
|
done |
2 |
150d |
151d
|
119d |
499b109b
mac80211: free sta in sta_info_insert_finish() on errors
|
| BUG: sleeping function called from invalid context in sta_info_move_state |
C |
|
done |
760 |
149d |
152d
|
119d |
499b109b
mac80211: free sta in sta_info_insert_finish() on errors
|
| KASAN: slab-out-of-bounds Read in ntfs_attr_find |
C |
|
done |
10 |
151d |
208d
|
121d |
dff5d774
ntfs: add check for mft record size in superblock
|
| general protection fault in rose_send_frame |
C |
|
done |
5 |
155d |
733d
|
121d |
731b9890
rose: Fix Null pointer dereference in rose_send_frame()
|
| KASAN: slab-out-of-bounds Read in soft_cursor |
C |
|
done |
61 |
168d |
507d
|
138d |
3e1600cc
ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
|
| KASAN: use-after-free Read in debugfs_remove |
C |
|
done |
15 |
173d |
669d
|
143d |
8a78b4c0
blktrace: fix debugfs use after free
|
| UBSAN: undefined-behaviour in init_sb |
C |
|
done |
2 |
175d |
208d
|
145d |
6a253f38
gfs2: add validation checks for size of superblock
|
| WARNING in unlock_new_inode |
C |
|
done |
66 |
175d |
214d
|
145d |
7a1e074b
reiserfs: only call unlock_new_inode() if I_NEW
|
| KASAN: use-after-free Read in tipc_mcast_xmit |
C |
|
done |
3 |
176d |
200d
|
146d |
26217e06
tipc: fix the skb_unshare() in tipc_buf_append()
|
| KASAN: global-out-of-bounds Read in fb_pad_aligned_buffer |
C |
|
done |
5 |
176d |
502d
|
146d |
6612b754
vt: Disable KD_FONT_OP_COPY
|
| KASAN: use-after-free Read in ntfs_attr_find |
C |
|
done |
13 |
177d |
208d
|
147d |
dff5d774
ntfs: add check for mft record size in superblock
|
| divide error in tabledist |
C |
|
done |
3 |
187d |
544d
|
157d |
95ba2236
netem: fix zero division in tabledist
|
| general protection fault in qp_release_pages |
C |
|
done |
4 |
188d |
190d
|
157d |
0b02a432
VMCI: check return value of get_user_pages_fast() for errors
|
| UBSAN: undefined-behaviour in tabledist |
C |
|
done |
2 |
196d |
196d
|
164d |
95ba2236
netem: fix zero division in tabledist
|
| KASAN: global-out-of-bounds Read in fbcon_get_font |
C |
|
done |
47 |
195d |
507d
|
164d |
43198a5b
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
|
| KASAN: slab-out-of-bounds Read in fbcon_get_font |
C |
|
done |
97 |
199d |
507d
|
169d |
1221d11e
vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
|
| general protection fault in get_unique_tuple |
C |
|
done |
33 |
200d |
461d
|
169d |
289fe546
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
| general protection fault in nf_nat_setup_info |
C |
|
done |
22 |
204d |
295d
|
174d |
289fe546
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
| KASAN: use-after-free Read in soft_cursor |
C |
|
done |
16 |
209d |
505d
|
178d |
76fe9298
fbcon: Fix user font detection test at fbcon_resize().
|
| KASAN: global-out-of-bounds Read in get_unique_tuple |
C |
|
done |
1 |
209d |
450d
|
179d |
289fe546
netfilter: ctnetlink: add a range check for l3/l4 protonum
|
| KASAN: global-out-of-bounds Read in fbcon_resize |
C |
|
done |
286 |
212d |
231d
|
181d |
76fe9298
fbcon: Fix user font detection test at fbcon_resize().
|
| general protection fault in __sock_release |
syz |
|
done |
8 |
226d |
238d
|
196d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING in snd_pcm_plugin_build_mulaw |
C |
|
done |
2 |
228d |
238d
|
197d |
569e1b62
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
|
| KASAN: use-after-free Read in seq_release_private |
syz |
|
done |
1 |
227d |
227d
|
197d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in get_signal |
syz |
|
done |
3 |
229d |
239d
|
198d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING in snd_pcm_drop |
syz |
|
done |
1 |
229d |
229d
|
198d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in exit_to_usermode_loop |
syz |
|
done |
2 |
229d |
231d
|
198d |
dff6a2c2
nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
|
| general protection fault in tty_release |
C |
|
done |
9 |
230d |
237d
|
199d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Write in __sock_release |
syz |
|
done |
1 |
231d |
231d
|
201d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in locks_remove_file |
syz |
|
done |
4 |
231d |
239d
|
201d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in cuse_channel_release |
syz |
|
done |
1 |
232d |
232d
|
201d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in __fput |
syz |
|
done |
1 |
233d |
233d
|
202d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Write in ex_handler_refcount |
C |
|
done |
11 |
233d |
441d
|
202d |
29e1dfcd
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
| kernel BUG at include/linux/fs.h:LINE! |
syz |
|
done |
1 |
233d |
233d
|
202d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in snd_pcm_oss_release |
syz |
|
done |
1 |
233d |
233d
|
202d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| kernel BUG at fs/inode.c:LINE! |
syz |
|
done |
2 |
234d |
263d
|
203d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: invalid-free in vcs_release |
syz |
|
done |
1 |
234d |
234d
|
204d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in fbcon_cursor |
syz |
|
done |
4 |
235d |
495d
|
205d |
770adb5d
fbcon: remove soft scrollback code
|
| BUG: corrupted list in mousedev_release |
syz |
|
done |
1 |
235d |
235d
|
205d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in eventfd_release |
syz |
|
done |
1 |
237d |
237d
|
206d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| INFO: trying to register non-static key in uhid_char_release |
C |
|
done |
3 |
237d |
259d
|
206d |
abae259f
HID: core: Correctly handle ReportSize being zero
|
| WARNING in corrupted (2) |
C |
|
done |
1 |
238d |
238d
|
207d |
569e1b62
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
|
| INFO: trying to register non-static key in uhid_dev_destroy |
C |
|
done |
14 |
245d |
413d
|
214d |
abae259f
HID: core: Correctly handle ReportSize being zero
|
| KASAN: slab-out-of-bounds Read in vcs_scr_readw |
C |
|
inconclusive |
80 |
497d |
507d
|
217d |
627f3b9e
vcs: prevent write access to vcsu devices
|
| WARNING in inc_nlink |
C |
|
done |
8 |
247d |
396d
|
217d |
169f7f37
fs/minix: don't allow getting deleted inodes
|
| BUG: unable to handle kernel NULL pointer dereference in get_block |
C |
|
done |
60 |
251d |
402d
|
220d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in get_block |
C |
|
done |
3 |
254d |
369d
|
223d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: use-after-free Read in get_block |
C |
|
done |
6 |
254d |
386d
|
224d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in hci_event_packet |
C |
|
done |
15 |
254d |
464d
|
224d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: slab-out-of-bounds Read in bacpy |
C |
|
done |
3 |
260d |
722d
|
226d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt |
C |
|
done |
6 |
258d |
292d
|
226d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor |
C |
|
done |
1 |
259d |
319d
|
226d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt |
C |
|
done |
4 |
258d |
287d
|
226d |
48f70ecd
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
| KASAN: use-after-free Read in l2cap_chan_close |
C |
|
done |
8 |
259d |
441d
|
226d |
29e1dfcd
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
| BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) |
C |
|
done |
4 |
263d |
275d
|
232d |
dd58bd1b
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
| divide error in fbcon_switch |
C |
|
done |
259 |
268d |
507d
|
233d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| general protection fault in do_con_write |
C |
|
done |
3008 |
268d |
507d
|
233d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| kernel BUG at fs/buffer.c:LINE! |
syz |
|
done |
23 |
264d |
717d
|
233d |
954fc7da
fs/minix: reject too-large maximum file size
|
| general protection fault in free_netdev |
C |
|
done |
99 |
265d |
296d
|
233d |
abcf95e0
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
|
| BUG: unable to handle kernel paging request in do_con_trol |
C |
|
done |
36 |
268d |
500d
|
237d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| WARNING in snd_info_get_line |
C |
|
done |
23 |
268d |
280d
|
237d |
0c9d4b18
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
|
| BUG: unable to handle kernel paging request in insert_char |
C |
|
done |
46 |
282d |
502d
|
252d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| INFO: task hung in __flush_work |
syz |
|
done |
6 |
283d |
733d
|
253d |
af224c2e
net/9p: validate fds in p9_fd_open
|
| KASAN: null-ptr-deref Read in do_con_trol |
C |
|
done |
1 |
283d |
434d
|
253d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| KASAN: null-ptr-deref Read in insert_char |
C |
|
done |
3 |
284d |
479d
|
254d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| KASAN: user-memory-access Read in insert_char |
C |
|
done |
2 |
286d |
499d
|
256d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| BUG: unable to handle kernel paging request in csi_J |
C |
|
done |
3 |
295d |
463d
|
264d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) |
C |
|
done |
1 |
306d |
396d
|
276d |
5dbb6255
ext4: avoid race conditions when remounting with options that change dax
|
| WARNING in enqueue_task_dl |
syz |
|
done |
1 |
314d |
643d
|
283d |
edf55b5e
sched/deadline: Initialize ->dl_boosted
|
| general protection fault in batadv_iv_ogm_schedule_buff |
|
|
|
6 |
401d |
457d
|
288d |
bf0ef794
batman-adv: Don't schedule OGM for disabled interface
|
| general protection fault in fq_codel_enqueue |
C |
|
done |
5 |
336d |
364d
|
305d |
8920e8ae
net: check untrusted gso_size at kernel entry
|
| kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) |
C |
|
done |
82 |
336d |
477d
|
306d |
a3da2984
vt: fix unicode console freeing with a common interface
|
| INFO: trying to register non-static key in hci_uart_flush |
syz |
|
done |
4 |
341d |
585d
|
311d |
8efa59fc
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
|
| KASAN: use-after-free Write in snd_rawmidi_kernel_write1 |
C |
|
done |
1 |
342d |
372d
|
312d |
a507658f
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
| KASAN: null-ptr-deref Write in choke_reset |
C |
|
done |
236 |
344d |
369d
|
314d |
1733fe42
USB: serial: garmin_gps: add sanity checking for data length
|
| KASAN: use-after-free Read in rdma_listen |
syz |
|
done |
143 |
375d |
687d
|
345d |
abc4ea7f
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
| KASAN: use-after-free Read in cma_cancel_operation |
C |
|
done |
6 |
387d |
537d
|
357d |
abc4ea7f
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
| WARNING in geneve_exit_batch_net |
C |
|
done |
2 |
389d |
434d
|
359d |
2c1a05e9
geneve: move debug check after netdev unregister
|
| WARNING: ODEBUG bug in rfcomm_dev_ioctl |
C |
|
done |
1 |
391d |
391d
|
360d |
78a4ad28
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: use-after-free Write in release_tty |
C |
|
done |
148 |
390d |
507d
|
360d |
54584f79
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| WARNING: ODEBUG bug in route4_change |
C |
|
done |
28 |
394d |
414d
|
364d |
ea3d6652
net_sched: cls_route: remove the right filter from hashtable
|
| WARNING: refcount bug in sock_wfree |
C |
done |
done |
1 |
397d |
517d
|
367d |
6ce6aea3
sctp: fix refcount bug in sctp_wfree
|
| KASAN: use-after-free Read in tty_open |
C |
|
done |
2 |
401d |
507d
|
371d |
54584f79
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| BUG: unable to handle kernel paging request in init_srcu_struct_fields |
syz |
|
done |
3 |
401d |
599d
|
371d |
e36be795
usbip: tools: Fix read_usb_vudc_device() error path handling
|
| KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user |
C |
|
done |
3 |
403d |
408d
|
372d |
0a7b397c
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
| WARNING: ODEBUG bug in rfcomm_dlc_free |
C |
|
done |
21 |
404d |
635d
|
374d |
78a4ad28
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: slab-out-of-bounds Write in tcindex_set_parms |
C |
|
done |
2 |
408d |
408d
|
376d |
557d015f
net_sched: keep alloc_hash updated after hash allocation
|
| KASAN: use-after-free Write in tcindex_set_parms |
C |
|
done |
3 |
407d |
411d
|
376d |
557d015f
net_sched: keep alloc_hash updated after hash allocation
|
| possible deadlock in ovl_write_iter (2) |
syz |
|
done |
2 |
409d |
410d
|
379d |
eae6b4a4
USB: Disable LPM on WD19's Realtek Hub
|
| KASAN: use-after-free Read in n_tty_receive_buf_common |
C |
|
done |
40 |
411d |
506d
|
380d |
b4492f1e
vt: selection, push sel_lock up
|
| inconsistent lock state in rxrpc_put_client_connection_id |
C |
|
done |
89 |
419d |
436d
|
389d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| KASAN: use-after-free Read in ext4_xattr_set_entry |
syz |
|
done |
10 |
419d |
667d
|
389d |
cb1702c4
ext4: validate the debug_want_extra_isize mount option at parse time
|
| inconsistent lock state in rxrpc_put_client_conn |
C |
|
done |
6584 |
419d |
436d
|
389d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| kernel BUG at net/rxrpc/local_object.c:LINE! |
C |
|
done |
13912 |
421d |
631d
|
391d |
79266814
rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
|
| general protection fault in selinux_socket_sendmsg |
C |
|
done |
36 |
422d |
602d
|
392d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| INFO: task hung in paste_selection |
C |
|
done |
10 |
423d |
498d
|
392d |
b4492f1e
vt: selection, push sel_lock up
|
| INFO: task hung in htable_put |
C |
|
done |
8 |
425d |
470d
|
394d |
acbc5071
netfilter: xt_hashlimit: limit the max size of hashtable
|
| kernel BUG at fs/reiserfs/lock.c:LINE! (2) |
C |
|
done |
2 |
428d |
428d
|
397d |
ef3d73fe
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
|
| INFO: task hung in drain_all_pages |
C |
|
done |
1 |
428d |
458d
|
398d |
8541452a
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
|
| KASAN: stack-out-of-bounds Write in ax25_getname |
C |
|
done |
4 |
432d |
728d
|
401d |
ad598a48
vhost: Check docket sk_family instead of call getname
|
| INFO: task hung in hashlimit_mt_check_common |
C |
|
done |
3 |
435d |
450d
|
403d |
acbc5071
netfilter: xt_hashlimit: limit the max size of hashtable
|
| INFO: task hung in tty_ldisc_hangup |
C |
|
done |
10 |
434d |
501d
|
403d |
b4492f1e
vt: selection, push sel_lock up
|
| general protection fault in padata_reorder |
C |
|
done |
90 |
433d |
436d
|
403d |
cad926f7
padata: fix null pointer deref of pd->pinst
|
| KASAN: slab-out-of-bounds Read in tcf_exts_destroy |
C |
|
done |
1 |
437d |
554d
|
407d |
478c4b2f
net_sched: fix an OOB access in cls_tcindex
|
| BUG: sleeping function called from invalid context in tpk_write |
C |
|
done |
30 |
443d |
504d
|
412d |
fb566870
ttyprintk: fix a potential deadlock in interrupt context issue
|
| general protection fault in path_openat |
C |
|
done |
13 |
443d |
449d
|
413d |
8d7a5100
vfs: fix do_last() regression
|
| KASAN: slab-out-of-bounds Read in __nla_put_nohdr |
C |
|
done |
1 |
450d |
450d
|
419d |
66ac8ee9
net_sched: fix datalen for ematch
|
| general protection fault in nft_chain_parse_hook |
C |
|
done |
5 |
450d |
462d
|
419d |
1f7a1bcd
netfilter: nf_tables: add __nft_chain_type_get()
|
| WARNING in cbq_destroy_class |
C |
|
done |
1 |
455d |
455d
|
424d |
9f7a3283
net_sched: fix ops->bind_class() implementations
|
| KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock |
C |
|
done |
1 |
456d |
456d
|
426d |
d3b5ecce
gtp: make sure only SOCK_DGRAM UDP sockets are accepted
|
| KASAN: use-after-free Read in snd_timer_resolution |
C |
|
done |
2 |
459d |
460d
|
429d |
20f2e4c2
ALSA: seq: Fix racy access for queue timer in proc read
|
| KASAN: use-after-free Read in tcp_check_sack_reordering |
C |
|
done |
1 |
459d |
459d
|
429d |
fb566870
ttyprintk: fix a potential deadlock in interrupt context issue
|
| general protection fault in xt_rateest_put |
C |
|
done |
10 |
460d |
463d
|
430d |
e3282417
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
| BUG: corrupted list in nf_tables_commit |
C |
|
done |
2 |
463d |
463d
|
432d |
8260ce5a
netfilter: nf_tables: fix flowtable list del corruption
|
| WARNING in nft_request_module |
C |
|
done |
1 |
463d |
463d
|
432d |
1632efb3
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
|
| general protection fault in nft_tunnel_get_init |
C |
|
done |
1 |
463d |
463d
|
432d |
6de941ce
netfilter: nft_tunnel: fix null-attribute check
|
| general protection fault in nf_ct_netns_do_get |
C |
|
done |
11 |
467d |
482d
|
434d |
46abb2a5
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
|
| KASAN: use-after-free Write in __alloc_skb |
C |
|
done |
2 |
467d |
535d
|
436d |
be1a2be7
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
| general protection fault in xt_rateest_tg_checkentry |
C |
|
done |
12 |
467d |
483d
|
437d |
e3282417
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
| KASAN: slab-out-of-bounds Read in macvlan_broadcast |
C |
|
done |
10 |
468d |
472d
|
437d |
5f3274c5
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| KASAN: use-after-free Read in macvlan_broadcast |
C |
|
done |
7 |
469d |
472d
|
439d |
5f3274c5
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| WARNING: bad unlock balance in gtp_encap_enable_socket |
C |
|
done |
2 |
471d |
473d
|
440d |
776a81a0
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
| BUG: sleeping function called from invalid context in lock_sock_nested |
syz |
|
done |
1 |
475d |
505d
|
442d |
6b544caa
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
| general protection fault in rxrpc_connect_call |
C |
|
done |
285 |
477d |
642d
|
447d |
79266814
rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
|
| possible deadlock in refcount_dec_and_mutex_lock |
C |
done |
done |
5 |
481d |
536d
|
450d |
e83a26a4
nbd: fix shutdown and recv work deadlock v2
|
| INFO: rcu detected stall in addrconf_dad_work (2) |
C |
|
done |
1 |
490d |
490d
|
459d |
94ac4a4d
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
| WARNING: refcount bug in cdev_get |
C |
|
done |
12 |
490d |
615d
|
459d |
f57fd58d
bridge/mdb: remove wrong use of NLM_F_MULTI
|
| possible deadlock in __might_fault |
C |
|
done |
385 |
491d |
742d
|
460d |
3757e381
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| INFO: task hung in fsnotify_mark_destroy_workfn |
syz |
|
done |
3 |
493d |
681d
|
463d |
42a929ed
rtc: disable uie before setting time and enable after
|
| possible deadlock in mon_bin_vma_fault |
C |
|
done |
375 |
494d |
743d
|
463d |
3757e381
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| WARNING in xfrm6_tunnel_net_exit |
syz |
|
done |
34 |
495d |
743d
|
464d |
bbbe4746
xfrm: destroy xfrm_state synchronously on net exit path
|
| inconsistent lock state in sp_get |
C |
|
done |
1 |
497d |
497d
|
467d |
9b8e63d0
6pack,mkiss: fix possible deadlock
|
| KASAN: slab-out-of-bounds Read in linear_transfer |
C |
|
done |
2 |
506d |
506d
|
475d |
c6bebccd
ALSA: pcm: oss: Avoid potential buffer overflows
|
| WARNING: refcount bug in kobject_get |
C |
|
done |
21 |
506d |
735d
|
476d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| KASAN: use-after-free Read in slip_open |
C |
done |
done |
7 |
506d |
518d
|
476d |
0c6e6cea
slip: Fix use-after-free Read in slip_open
|
| INFO: task hung in vivid_stop_generating_vid_cap |
C |
|
done |
291 |
509d |
743d
|
479d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| INFO: task hung in sdr_cap_stop_streaming |
C |
|
done |
152 |
509d |
743d
|
479d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| KASAN: use-after-free Read in __vb2_perform_fileio |
C |
|
done |
13 |
510d |
740d
|
479d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| KASAN: use-after-free Read in kfree_skb |
C |
|
done |
95 |
513d |
634d
|
482d |
03bf4876
Bluetooth: Fix invalid-free in bcsp_close()
|
| WARNING in __vb2_queue_cancel |
C |
|
done |
11 |
517d |
729d
|
487d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| WARNING: suspicious RCU usage in memfd_fcntl |
C |
done |
done |
1879 |
519d |
542d
|
489d |
e4cc9c81
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
| possible deadlock in ovl_write_iter |
syz |
|
done |
84 |
526d |
736d
|
490d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| KASAN: use-after-free Read in rxrpc_send_keepalive |
syz |
|
done |
6 |
541d |
614d
|
491d |
570ab0dd
rxrpc: Fix call ref leak
|
| BUG: corrupted list in p9_fd_cancelled |
syz |
|
done |
2 |
527d |
590d
|
491d |
78a917be
perf/core: Consistently fail fork on allocation failures
|
| KASAN: use-after-free Read in __lock_sock |
syz |
|
done |
2 |
543d |
543d
|
492d |
51f0c108
libata/ahci: Fix PCS quirk application
|
| WARNING in corrupted |
syz |
|
done |
25 |
564d |
716d
|
492d |
ed568ca7
bpf: fix use after free in prog symbol exposure
|
| possible deadlock in io_submit_one |
syz |
|
done |
406 |
566d |
743d
|
492d |
052b3181
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
| WARNING in bpf_jit_free |
syz |
|
done |
293 |
566d |
743d
|
493d |
ed568ca7
bpf: fix use after free in prog symbol exposure
|
| KASAN: use-after-free Read in pneigh_get_next |
syz |
|
done |
1 |
677d |
677d
|
494d |
103835df
neigh: fix use-after-free read in pneigh_get_next
|
| WARNING in ovl_rename |
syz |
|
done |
1 |
726d |
726d
|
494d |
f1c5aa5e
ovl: detect overlapping layers
|
| kernel BUG at arch/x86/mm/physaddr.c:LINE! |
syz |
|
done |
1 |
664d |
664d
|
494d |
4736bb27
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
|
| WARNING in ovl_instantiate |
syz |
|
done |
5 |
734d |
738d
|
494d |
f1c5aa5e
ovl: detect overlapping layers
|
| WARNING: suspicious RCU usage in llc_sap_close |
C |
|
done |
10 |
532d |
688d
|
494d |
9a484516
llc: avoid blocking in llc_sap_close()
|
| BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue |
C |
|
done |
12 |
542d |
727d
|
496d |
9f0f39c9
nbd: fix max number of supported devs
|
| KASAN: null-ptr-deref Write in kvm_write_guest_virt_system |
C |
|
done |
50 |
560d |
578d
|
498d |
3683dd70
crypto: cavium/zip - Add missing single_release()
|
| possible deadlock in free_ioctx_users |
C |
|
done |
77 |
566d |
688d
|
498d |
5bead06b
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
|
| KASAN: use-after-free Read in wait_consider_task |
C |
|
done |
58 |
570d |
580d
|
498d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| WARNING: ODEBUG bug in free_task |
C |
|
done |
165 |
570d |
580d
|
498d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in tcf_action_destroy |
C |
|
done |
15 |
567d |
589d
|
498d |
50dddec6
mISDN: enforce CAP_NET_RAW for raw sockets
|
| WARNING: suspicious RCU usage in netem_enqueue |
C |
|
done |
2 |
572d |
577d
|
499d |
195a3ea4
net_sched: add max len check for TCA_KIND
|
| KASAN: use-after-free Read in __change_pid |
C |
|
done |
4 |
572d |
579d
|
499d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| possible deadlock in do_io_accounting |
C |
|
done |
4 |
571d |
682d
|
499d |
f1c5aa5e
ovl: detect overlapping layers
|
| KASAN: use-after-free Read in pids_release |
C |
|
done |
7 |
572d |
579d
|
499d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in release_task |
C |
|
done |
3 |
573d |
580d
|
500d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in wait_consider_task |
C |
|
done |
5 |
572d |
578d
|
500d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| INFO: rcu detected stall in netlink_sendmsg |
C |
|
done |
3 |
584d |
589d
|
500d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| KASAN: use-after-free Read in release_task |
C |
|
done |
2 |
574d |
577d
|
500d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| WARNING in handle_desc |
C |
|
done |
1 |
581d |
581d
|
500d |
21874027
KVM: X86: Fix userspace set invalid CR4
|
| BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass |
C |
|
done |
18 |
575d |
594d
|
500d |
07f7ec87
net_sched: check cops->tcf_block in tc_bind_tclass()
|
| general protection fault in qdisc_destroy |
C |
|
done |
9 |
580d |
590d
|
500d |
7a1bad56
net_sched: let qdisc_put() accept NULL pointer
|
| INFO: rcu detected stall in addrconf_dad_work |
C |
|
done |
19 |
582d |
594d
|
502d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in mld_ifc_timer_expire |
C |
|
done |
33 |
582d |
594d
|
502d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in br_handle_frame |
C |
|
done |
41 |
582d |
594d
|
502d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: task hung in __x64_sys_io_destroy |
C |
|
done |
1 |
583d |
583d
|
502d |
ec2a3681
media: tvp5150: fix switch exit in set control handler
|
| WARNING: refcount bug in hci_register_dev |
C |
|
done |
3 |
588d |
600d
|
504d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in kernfs_get |
C |
|
done |
14 |
588d |
728d
|
504d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in kernfs_add_one |
C |
|
done |
8 |
597d |
736d
|
505d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in packet_lookup_frame |
C |
|
done |
1 |
618d |
618d
|
505d |
154e6bc4
net/packet: fix race in tpacket_snd()
|
| WARNING in tty_set_termios |
C |
|
done |
151 |
628d |
738d
|
506d |
56966212
Bluetooth: hci_uart: check for missing tty operations
|
| general protection fault in tcf_ife_init |
C |
|
done |
15 |
626d |
643d
|
506d |
c4c88993
ife: error out when nla attributes are empty
|
| KASAN: null-ptr-deref Write in kthread_stop |
C |
|
done |
12 |
626d |
731d
|
506d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| general protection fault in rds_recv_rcvbuf_delta |
C |
|
done |
7 |
634d |
680d
|
507d |
3de749d6
net/rds: An rds_sock is added too early to the hash table
|
| INFO: task hung in blkdev_issue_flush |
C |
|
done |
2 |
661d |
661d
|
507d |
76cf93f0
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
|
| general protection fault in iptunnel_xmit |
C |
|
done |
2 |
635d |
635d
|
507d |
4736bb27
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
|
| WARNING in kernfs_put |
C |
|
done |
1 |
666d |
666d
|
508d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in notify_change |
C |
|
done |
12 |
671d |
728d
|
509d |
e8e448b0
Abort file_remove_privs() for non-reg. files
|
| BUG: unable to handle kernel paging request in coalesced_mmio_write |
C |
|
done |
2 |
670d |
670d
|
509d |
232a6462
KVM: coalesced_mmio: add bounds checking
|
| possible deadlock in userfaultfd_release |
C |
|
done |
4 |
671d |
676d
|
509d |
052b3181
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
| possible deadlock in acct_pin_kill |
C |
|
done |
125 |
702d |
736d
|
509d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| WARNING in xfrm_state_fini |
C |
|
done |
78 |
718d |
743d
|
510d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| WARNING in __flush_work |
C |
|
done |
135 |
716d |
722d
|
510d |
af48f7d7
drm/udl: Replace drm_dev_unref with drm_dev_put
|
| KASAN: use-after-free Read in get_mem_cgroup_from_mm |
C |
|
done |
6 |
724d |
738d
|
510d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in ip6erspan_set_version |
C |
|
done |
7 |
734d |
743d
|
511d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| possible deadlock in pipe_lock |
C |
|
done |
2 |
726d |
729d
|
511d |
f1c5aa5e
ovl: detect overlapping layers
|
| general protection fault in sctp_timeout_obj_to_nlattr |
C |
|
done |
7 |
738d |
742d
|
511d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in generic_timeout_obj_to_nlattr |
C |
|
done |
11 |
739d |
743d
|
511d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in gre_timeout_obj_to_nlattr |
C |
|
done |
13 |
738d |
743d
|
511d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in tcp_timeout_obj_to_nlattr |
C |
|
done |
7 |
739d |
741d
|
512d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in icmp_timeout_obj_to_nlattr |
C |
|
done |
3 |
741d |
743d
|
512d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in udp_timeout_obj_to_nlattr |
C |
|
done |
8 |
739d |
743d
|
512d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in dccp_timeout_obj_to_nlattr |
C |
|
done |
7 |
739d |
743d
|
512d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|