| general protection fault in __sock_release |
syz |
fix
|
8 |
41d |
54d
|
11d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING in snd_pcm_plugin_build_mulaw |
C |
fix
|
2 |
43d |
53d
|
12d |
569e1b62
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
|
| KASAN: use-after-free Read in seq_release_private |
syz |
fix
|
1 |
42d |
42d
|
12d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in get_signal |
syz |
fix
|
3 |
44d |
54d
|
13d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING in snd_pcm_drop |
syz |
fix
|
1 |
45d |
45d
|
13d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| WARNING: ODEBUG bug in exit_to_usermode_loop |
syz |
fix
|
2 |
44d |
46d
|
13d |
dff6a2c2
nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
|
| general protection fault in tty_release |
C |
fix
|
9 |
46d |
52d
|
15d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Write in __sock_release |
syz |
fix
|
1 |
47d |
47d
|
16d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in locks_remove_file |
syz |
fix
|
4 |
46d |
54d
|
16d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in cuse_channel_release |
syz |
fix
|
1 |
48d |
48d
|
17d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in __fput |
syz |
fix
|
1 |
48d |
48d
|
17d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Write in ex_handler_refcount |
C |
fix
|
11 |
48d |
257d
|
18d |
29e1dfcd
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
| kernel BUG at include/linux/fs.h:LINE! |
syz |
fix
|
1 |
48d |
48d
|
18d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in snd_pcm_oss_release |
syz |
fix
|
1 |
48d |
48d
|
18d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| kernel BUG at fs/inode.c:LINE! |
syz |
fix
|
2 |
49d |
78d
|
19d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: invalid-free in vcs_release |
syz |
fix
|
1 |
49d |
49d
|
19d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in fbcon_cursor |
syz |
fix
|
4 |
50d |
310d
|
20d |
770adb5d
fbcon: remove soft scrollback code
|
| BUG: corrupted list in mousedev_release |
syz |
fix
|
1 |
51d |
51d
|
20d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| KASAN: use-after-free Read in eventfd_release |
syz |
fix
|
1 |
52d |
52d
|
21d |
37d933e8
fix regression in "epoll: Keep a reference on files added to the check list"
|
| INFO: trying to register non-static key in uhid_char_release |
C |
fix
|
3 |
52d |
74d
|
21d |
abae259f
HID: core: Correctly handle ReportSize being zero
|
| WARNING in corrupted (2) |
C |
fix
|
1 |
53d |
53d
|
22d |
569e1b62
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
|
| INFO: trying to register non-static key in uhid_dev_destroy |
C |
fix
|
14 |
61d |
228d
|
30d |
abae259f
HID: core: Correctly handle ReportSize being zero
|
| KASAN: slab-out-of-bounds Read in vcs_scr_readw |
C |
fix
|
80 |
313d |
322d
|
32d |
627f3b9e
vcs: prevent write access to vcsu devices
|
| WARNING in inc_nlink |
C |
fix
|
8 |
62d |
211d
|
32d |
169f7f37
fs/minix: don't allow getting deleted inodes
|
| BUG: unable to handle kernel NULL pointer dereference in get_block |
C |
fix
|
60 |
66d |
217d
|
35d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in get_block |
C |
fix
|
3 |
69d |
185d
|
38d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: use-after-free Read in get_block |
C |
fix
|
6 |
69d |
201d
|
39d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in hci_event_packet |
C |
fix
|
15 |
70d |
280d
|
39d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: slab-out-of-bounds Read in bacpy |
C |
fix
|
3 |
75d |
537d
|
41d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt |
C |
fix
|
6 |
74d |
108d
|
41d |
8c4a649c
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
| KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor |
C |
fix
|
1 |
74d |
134d
|
41d |
954fc7da
fs/minix: reject too-large maximum file size
|
| KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt |
C |
fix
|
4 |
73d |
102d
|
41d |
48f70ecd
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
| KASAN: use-after-free Read in l2cap_chan_close |
C |
fix
|
8 |
74d |
257d
|
41d |
29e1dfcd
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
| BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) |
C |
fix
|
4 |
78d |
91d
|
47d |
dd58bd1b
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
| divide error in fbcon_switch |
C |
fix
|
259 |
83d |
322d
|
49d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| general protection fault in do_con_write |
C |
fix
|
3008 |
83d |
322d
|
49d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| kernel BUG at fs/buffer.c:LINE! |
syz |
fix
|
23 |
79d |
533d
|
49d |
954fc7da
fs/minix: reject too-large maximum file size
|
| general protection fault in free_netdev |
C |
fix
|
99 |
81d |
111d
|
49d |
abcf95e0
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
|
| BUG: unable to handle kernel paging request in do_con_trol |
C |
fix
|
36 |
84d |
316d
|
53d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| WARNING in snd_info_get_line |
C |
fix
|
23 |
83d |
96d
|
53d |
0c9d4b18
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
|
| BUG: unable to handle kernel paging request in insert_char |
C |
fix
|
46 |
97d |
318d
|
67d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| INFO: task hung in __flush_work |
syz |
fix
|
6 |
99d |
548d
|
68d |
af224c2e
net/9p: validate fds in p9_fd_open
|
| KASAN: null-ptr-deref Read in do_con_trol |
C |
fix
|
1 |
99d |
249d
|
68d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| KASAN: null-ptr-deref Read in insert_char |
C |
fix
|
3 |
100d |
295d
|
69d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| KASAN: user-memory-access Read in insert_char |
C |
fix
|
2 |
102d |
315d
|
71d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| BUG: unable to handle kernel paging request in csi_J |
C |
fix
|
3 |
110d |
279d
|
79d |
74752b81
vt: Reject zero-sized screen buffer size.
|
| BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) |
C |
fix
|
1 |
122d |
212d
|
91d |
5dbb6255
ext4: avoid race conditions when remounting with options that change dax
|
| WARNING in enqueue_task_dl |
syz |
fix
|
1 |
129d |
458d
|
99d |
edf55b5e
sched/deadline: Initialize ->dl_boosted
|
| general protection fault in batadv_iv_ogm_schedule_buff |
|
|
6 |
217d |
273d
|
104d |
bf0ef794
batman-adv: Don't schedule OGM for disabled interface
|
| general protection fault in fq_codel_enqueue |
C |
fix
|
5 |
151d |
179d
|
121d |
8920e8ae
net: check untrusted gso_size at kernel entry
|
| kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) |
C |
fix
|
82 |
152d |
292d
|
121d |
a3da2984
vt: fix unicode console freeing with a common interface
|
| INFO: trying to register non-static key in hci_uart_flush |
syz |
fix
|
4 |
156d |
400d
|
126d |
8efa59fc
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
|
| KASAN: use-after-free Write in snd_rawmidi_kernel_write1 |
C |
fix
|
1 |
158d |
188d
|
127d |
a507658f
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
|
| KASAN: null-ptr-deref Write in choke_reset |
C |
fix
|
236 |
159d |
184d
|
129d |
1733fe42
USB: serial: garmin_gps: add sanity checking for data length
|
| KASAN: use-after-free Read in rdma_listen |
syz |
fix
|
143 |
190d |
503d
|
160d |
abc4ea7f
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
| KASAN: use-after-free Read in cma_cancel_operation |
C |
fix
|
6 |
202d |
353d
|
172d |
abc4ea7f
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
| WARNING in geneve_exit_batch_net |
C |
fix
|
2 |
205d |
249d
|
174d |
2c1a05e9
geneve: move debug check after netdev unregister
|
| WARNING: ODEBUG bug in rfcomm_dev_ioctl |
C |
fix
|
1 |
206d |
206d
|
175d |
78a4ad28
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: use-after-free Write in release_tty |
C |
fix
|
148 |
205d |
322d
|
175d |
54584f79
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| WARNING: ODEBUG bug in route4_change |
C |
fix
|
28 |
210d |
229d
|
179d |
ea3d6652
net_sched: cls_route: remove the right filter from hashtable
|
| WARNING: refcount bug in sock_wfree |
C |
cause+fix
|
1 |
213d |
333d
|
182d |
6ce6aea3
sctp: fix refcount bug in sctp_wfree
|
| KASAN: use-after-free Read in tty_open |
C |
fix
|
2 |
216d |
322d
|
186d |
54584f79
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
| BUG: unable to handle kernel paging request in init_srcu_struct_fields |
syz |
fix
|
3 |
217d |
415d
|
186d |
e36be795
usbip: tools: Fix read_usb_vudc_device() error path handling
|
| KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user |
C |
fix
|
3 |
219d |
223d
|
187d |
0a7b397c
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
| WARNING: ODEBUG bug in rfcomm_dlc_free |
C |
fix
|
21 |
219d |
450d
|
189d |
78a4ad28
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
| KASAN: slab-out-of-bounds Write in tcindex_set_parms |
C |
fix
|
2 |
223d |
223d
|
191d |
557d015f
net_sched: keep alloc_hash updated after hash allocation
|
| KASAN: use-after-free Write in tcindex_set_parms |
C |
fix
|
3 |
222d |
226d
|
191d |
557d015f
net_sched: keep alloc_hash updated after hash allocation
|
| possible deadlock in ovl_write_iter (2) |
syz |
fix
|
2 |
225d |
225d
|
194d |
eae6b4a4
USB: Disable LPM on WD19's Realtek Hub
|
| KASAN: use-after-free Read in n_tty_receive_buf_common |
C |
fix
|
40 |
226d |
321d
|
196d |
b4492f1e
vt: selection, push sel_lock up
|
| inconsistent lock state in rxrpc_put_client_connection_id |
C |
fix
|
89 |
235d |
252d
|
204d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| KASAN: use-after-free Read in ext4_xattr_set_entry |
syz |
fix
|
10 |
234d |
483d
|
204d |
cb1702c4
ext4: validate the debug_want_extra_isize mount option at parse time
|
| inconsistent lock state in rxrpc_put_client_conn |
C |
fix
|
6584 |
235d |
252d
|
204d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| kernel BUG at net/rxrpc/local_object.c:LINE! |
C |
fix
|
13912 |
237d |
447d
|
206d |
79266814
rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
|
| general protection fault in selinux_socket_sendmsg |
C |
fix
|
36 |
237d |
418d
|
207d |
43cac315
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
| INFO: task hung in paste_selection |
C |
fix
|
10 |
238d |
313d
|
208d |
b4492f1e
vt: selection, push sel_lock up
|
| INFO: task hung in htable_put |
C |
fix
|
8 |
240d |
286d
|
210d |
acbc5071
netfilter: xt_hashlimit: limit the max size of hashtable
|
| kernel BUG at fs/reiserfs/lock.c:LINE! (2) |
C |
fix
|
2 |
243d |
243d
|
213d |
ef3d73fe
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
|
| INFO: task hung in drain_all_pages |
C |
fix
|
1 |
244d |
274d
|
213d |
8541452a
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
|
| KASAN: stack-out-of-bounds Write in ax25_getname |
C |
fix
|
4 |
247d |
543d
|
217d |
ad598a48
vhost: Check docket sk_family instead of call getname
|
| INFO: task hung in hashlimit_mt_check_common |
C |
fix
|
3 |
250d |
265d
|
218d |
acbc5071
netfilter: xt_hashlimit: limit the max size of hashtable
|
| INFO: task hung in tty_ldisc_hangup |
C |
fix
|
10 |
249d |
317d
|
218d |
b4492f1e
vt: selection, push sel_lock up
|
| general protection fault in padata_reorder |
C |
fix
|
90 |
249d |
252d
|
218d |
cad926f7
padata: fix null pointer deref of pd->pinst
|
| KASAN: slab-out-of-bounds Read in tcf_exts_destroy |
C |
fix
|
1 |
253d |
369d
|
222d |
478c4b2f
net_sched: fix an OOB access in cls_tcindex
|
| BUG: sleeping function called from invalid context in tpk_write |
C |
fix
|
30 |
258d |
320d
|
228d |
fb566870
ttyprintk: fix a potential deadlock in interrupt context issue
|
| general protection fault in path_openat |
C |
fix
|
13 |
258d |
264d
|
228d |
8d7a5100
vfs: fix do_last() regression
|
| KASAN: slab-out-of-bounds Read in __nla_put_nohdr |
C |
fix
|
1 |
265d |
265d
|
235d |
66ac8ee9
net_sched: fix datalen for ematch
|
| general protection fault in nft_chain_parse_hook |
C |
fix
|
5 |
265d |
278d
|
235d |
1f7a1bcd
netfilter: nf_tables: add __nft_chain_type_get()
|
| WARNING in cbq_destroy_class |
C |
fix
|
1 |
270d |
270d
|
240d |
9f7a3283
net_sched: fix ops->bind_class() implementations
|
| KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock |
C |
fix
|
1 |
271d |
271d
|
241d |
d3b5ecce
gtp: make sure only SOCK_DGRAM UDP sockets are accepted
|
| KASAN: use-after-free Read in snd_timer_resolution |
C |
fix
|
2 |
275d |
275d
|
244d |
20f2e4c2
ALSA: seq: Fix racy access for queue timer in proc read
|
| KASAN: use-after-free Read in tcp_check_sack_reordering |
C |
fix
|
1 |
275d |
275d
|
244d |
fb566870
ttyprintk: fix a potential deadlock in interrupt context issue
|
| general protection fault in xt_rateest_put |
C |
fix
|
10 |
276d |
278d
|
245d |
e3282417
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
| BUG: corrupted list in nf_tables_commit |
C |
fix
|
2 |
278d |
278d
|
247d |
8260ce5a
netfilter: nf_tables: fix flowtable list del corruption
|
| WARNING in nft_request_module |
C |
fix
|
1 |
278d |
278d
|
247d |
1632efb3
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
|
| general protection fault in nft_tunnel_get_init |
C |
fix
|
1 |
278d |
278d
|
247d |
6de941ce
netfilter: nft_tunnel: fix null-attribute check
|
| general protection fault in nf_ct_netns_do_get |
C |
fix
|
11 |
283d |
297d
|
249d |
46abb2a5
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
|
| KASAN: use-after-free Write in __alloc_skb |
C |
fix
|
2 |
282d |
350d
|
252d |
be1a2be7
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
| general protection fault in xt_rateest_tg_checkentry |
C |
fix
|
12 |
282d |
299d
|
252d |
e3282417
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
| KASAN: slab-out-of-bounds Read in macvlan_broadcast |
C |
fix
|
10 |
283d |
288d
|
253d |
5f3274c5
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| KASAN: use-after-free Read in macvlan_broadcast |
C |
fix
|
7 |
285d |
288d
|
254d |
5f3274c5
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
| WARNING: bad unlock balance in gtp_encap_enable_socket |
C |
fix
|
2 |
286d |
289d
|
256d |
776a81a0
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
| BUG: sleeping function called from invalid context in lock_sock_nested |
syz |
fix
|
1 |
290d |
320d
|
258d |
6b544caa
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
| general protection fault in rxrpc_connect_call |
C |
fix
|
285 |
293d |
457d
|
263d |
79266814
rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
|
| possible deadlock in refcount_dec_and_mutex_lock |
C |
cause+fix
|
5 |
296d |
352d
|
266d |
e83a26a4
nbd: fix shutdown and recv work deadlock v2
|
| INFO: rcu detected stall in addrconf_dad_work (2) |
C |
fix
|
1 |
305d |
305d
|
275d |
94ac4a4d
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
| WARNING: refcount bug in cdev_get |
C |
fix
|
12 |
305d |
430d
|
275d |
f57fd58d
bridge/mdb: remove wrong use of NLM_F_MULTI
|
| possible deadlock in __might_fault |
C |
fix
|
385 |
306d |
557d
|
276d |
3757e381
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| INFO: task hung in fsnotify_mark_destroy_workfn |
syz |
fix
|
3 |
309d |
496d
|
278d |
42a929ed
rtc: disable uie before setting time and enable after
|
| possible deadlock in mon_bin_vma_fault |
C |
fix
|
375 |
309d |
558d
|
279d |
3757e381
usb: mon: Fix a deadlock in usbmon between mmap and read
|
| WARNING in xfrm6_tunnel_net_exit |
syz |
fix
|
34 |
310d |
559d
|
280d |
bbbe4746
xfrm: destroy xfrm_state synchronously on net exit path
|
| inconsistent lock state in sp_get |
C |
fix
|
1 |
313d |
313d
|
282d |
9b8e63d0
6pack,mkiss: fix possible deadlock
|
| KASAN: slab-out-of-bounds Read in linear_transfer |
C |
fix
|
2 |
321d |
321d
|
290d |
c6bebccd
ALSA: pcm: oss: Avoid potential buffer overflows
|
| WARNING: refcount bug in kobject_get |
C |
fix
|
21 |
321d |
551d
|
291d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| KASAN: use-after-free Read in slip_open |
C |
cause+fix
|
7 |
322d |
334d
|
291d |
0c6e6cea
slip: Fix use-after-free Read in slip_open
|
| INFO: task hung in vivid_stop_generating_vid_cap |
C |
fix
|
291 |
325d |
558d
|
294d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| INFO: task hung in sdr_cap_stop_streaming |
C |
fix
|
152 |
324d |
558d
|
294d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| KASAN: use-after-free Read in __vb2_perform_fileio |
C |
fix
|
13 |
325d |
555d
|
295d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| KASAN: use-after-free Read in kfree_skb |
C |
fix
|
95 |
329d |
449d
|
297d |
03bf4876
Bluetooth: Fix invalid-free in bcsp_close()
|
| WARNING in __vb2_queue_cancel |
C |
fix
|
11 |
332d |
544d
|
302d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| WARNING: suspicious RCU usage in memfd_fcntl |
C |
cause+fix
|
1879 |
335d |
357d
|
304d |
e4cc9c81
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
|
| possible deadlock in ovl_write_iter |
syz |
fix
|
84 |
342d |
551d
|
306d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| KASAN: use-after-free Read in rxrpc_send_keepalive |
syz |
fix
|
6 |
356d |
430d
|
307d |
570ab0dd
rxrpc: Fix call ref leak
|
| BUG: corrupted list in p9_fd_cancelled |
syz |
fix
|
2 |
342d |
405d
|
307d |
78a917be
perf/core: Consistently fail fork on allocation failures
|
| KASAN: use-after-free Read in __lock_sock |
syz |
fix
|
2 |
358d |
359d
|
307d |
51f0c108
libata/ahci: Fix PCS quirk application
|
| WARNING in corrupted |
syz |
fix
|
25 |
379d |
531d
|
308d |
ed568ca7
bpf: fix use after free in prog symbol exposure
|
| possible deadlock in io_submit_one |
syz |
fix
|
406 |
381d |
559d
|
308d |
052b3181
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
| WARNING in bpf_jit_free |
syz |
fix
|
293 |
381d |
559d
|
308d |
ed568ca7
bpf: fix use after free in prog symbol exposure
|
| KASAN: use-after-free Read in pneigh_get_next |
syz |
fix
|
1 |
493d |
493d
|
309d |
103835df
neigh: fix use-after-free read in pneigh_get_next
|
| WARNING in ovl_rename |
syz |
fix
|
1 |
541d |
541d
|
309d |
f1c5aa5e
ovl: detect overlapping layers
|
| kernel BUG at arch/x86/mm/physaddr.c:LINE! |
syz |
fix
|
1 |
479d |
479d
|
309d |
4736bb27
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
|
| WARNING in ovl_instantiate |
syz |
fix
|
5 |
549d |
553d
|
309d |
f1c5aa5e
ovl: detect overlapping layers
|
| WARNING: suspicious RCU usage in llc_sap_close |
C |
fix
|
10 |
348d |
504d
|
309d |
9a484516
llc: avoid blocking in llc_sap_close()
|
| BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue |
C |
fix
|
12 |
358d |
542d
|
311d |
9f0f39c9
nbd: fix max number of supported devs
|
| KASAN: null-ptr-deref Write in kvm_write_guest_virt_system |
C |
fix
|
50 |
375d |
393d
|
313d |
3683dd70
crypto: cavium/zip - Add missing single_release()
|
| possible deadlock in free_ioctx_users |
C |
fix
|
77 |
381d |
504d
|
313d |
5bead06b
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
|
| KASAN: use-after-free Read in wait_consider_task |
C |
fix
|
58 |
385d |
395d
|
314d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| WARNING: ODEBUG bug in free_task |
C |
fix
|
165 |
385d |
395d
|
314d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in tcf_action_destroy |
C |
fix
|
15 |
383d |
405d
|
314d |
50dddec6
mISDN: enforce CAP_NET_RAW for raw sockets
|
| WARNING: suspicious RCU usage in netem_enqueue |
C |
fix
|
2 |
387d |
392d
|
315d |
195a3ea4
net_sched: add max len check for TCA_KIND
|
| KASAN: use-after-free Read in __change_pid |
C |
fix
|
4 |
387d |
395d
|
315d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| possible deadlock in do_io_accounting |
C |
fix
|
4 |
386d |
498d
|
315d |
f1c5aa5e
ovl: detect overlapping layers
|
| KASAN: use-after-free Read in pids_release |
C |
fix
|
7 |
387d |
394d
|
315d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in release_task |
C |
fix
|
3 |
388d |
395d
|
315d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| general protection fault in wait_consider_task |
C |
fix
|
5 |
388d |
393d
|
315d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| INFO: rcu detected stall in netlink_sendmsg |
C |
fix
|
3 |
399d |
404d
|
315d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| KASAN: use-after-free Read in release_task |
C |
fix
|
2 |
390d |
392d
|
316d |
4eb92a11
RDMA/restrack: Protect from reentry to resource return path
|
| WARNING in handle_desc |
C |
fix
|
1 |
396d |
396d
|
316d |
21874027
KVM: X86: Fix userspace set invalid CR4
|
| BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass |
C |
fix
|
18 |
391d |
409d
|
316d |
07f7ec87
net_sched: check cops->tcf_block in tc_bind_tclass()
|
| general protection fault in qdisc_destroy |
C |
fix
|
9 |
395d |
405d
|
316d |
7a1bad56
net_sched: let qdisc_put() accept NULL pointer
|
| INFO: rcu detected stall in addrconf_dad_work |
C |
fix
|
19 |
397d |
409d
|
318d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in mld_ifc_timer_expire |
C |
fix
|
33 |
397d |
409d
|
318d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: rcu detected stall in br_handle_frame |
C |
fix
|
41 |
397d |
410d
|
318d |
a9e91767
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
| INFO: task hung in __x64_sys_io_destroy |
C |
fix
|
1 |
398d |
398d
|
318d |
ec2a3681
media: tvp5150: fix switch exit in set control handler
|
| WARNING: refcount bug in hci_register_dev |
C |
fix
|
3 |
404d |
415d
|
319d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in kernfs_get |
C |
fix
|
14 |
404d |
543d
|
319d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in kernfs_add_one |
C |
fix
|
8 |
413d |
552d
|
320d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| general protection fault in packet_lookup_frame |
C |
fix
|
1 |
433d |
433d
|
321d |
154e6bc4
net/packet: fix race in tpacket_snd()
|
| WARNING in tty_set_termios |
C |
fix
|
151 |
443d |
553d
|
322d |
56966212
Bluetooth: hci_uart: check for missing tty operations
|
| general protection fault in tcf_ife_init |
C |
fix
|
15 |
441d |
458d
|
322d |
c4c88993
ife: error out when nla attributes are empty
|
| KASAN: null-ptr-deref Write in kthread_stop |
C |
fix
|
12 |
442d |
546d
|
322d |
467052f6
media: vivid: Fix wrong locking that causes race conditions on streaming stop
|
| general protection fault in rds_recv_rcvbuf_delta |
C |
fix
|
7 |
449d |
496d
|
323d |
3de749d6
net/rds: An rds_sock is added too early to the hash table
|
| INFO: task hung in blkdev_issue_flush |
C |
fix
|
2 |
476d |
476d
|
323d |
76cf93f0
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
|
| general protection fault in iptunnel_xmit |
C |
fix
|
2 |
450d |
450d
|
323d |
4736bb27
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
|
| WARNING in kernfs_put |
C |
fix
|
1 |
481d |
481d
|
324d |
e1666bcb
driver core: Fix use-after-free and double free on glue directory
|
| WARNING in notify_change |
C |
fix
|
12 |
486d |
543d
|
324d |
e8e448b0
Abort file_remove_privs() for non-reg. files
|
| BUG: unable to handle kernel paging request in coalesced_mmio_write |
C |
fix
|
2 |
485d |
485d
|
324d |
232a6462
KVM: coalesced_mmio: add bounds checking
|
| possible deadlock in userfaultfd_release |
C |
fix
|
4 |
487d |
492d
|
324d |
052b3181
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
| possible deadlock in acct_pin_kill |
C |
fix
|
125 |
517d |
552d
|
325d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| WARNING in xfrm_state_fini |
C |
fix
|
78 |
534d |
558d
|
325d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| WARNING in __flush_work |
C |
fix
|
135 |
531d |
537d
|
325d |
af48f7d7
drm/udl: Replace drm_dev_unref with drm_dev_put
|
| KASAN: use-after-free Read in get_mem_cgroup_from_mm |
C |
fix
|
6 |
540d |
553d
|
325d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in ip6erspan_set_version |
C |
fix
|
7 |
549d |
558d
|
326d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| possible deadlock in pipe_lock |
C |
fix
|
2 |
541d |
544d
|
326d |
f1c5aa5e
ovl: detect overlapping layers
|
| general protection fault in sctp_timeout_obj_to_nlattr |
C |
fix
|
7 |
553d |
557d
|
326d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in generic_timeout_obj_to_nlattr |
C |
fix
|
11 |
554d |
559d
|
326d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in gre_timeout_obj_to_nlattr |
C |
fix
|
13 |
553d |
559d
|
326d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in tcp_timeout_obj_to_nlattr |
C |
fix
|
7 |
554d |
556d
|
327d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in icmp_timeout_obj_to_nlattr |
C |
fix
|
3 |
556d |
559d
|
327d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in udp_timeout_obj_to_nlattr |
C |
fix
|
8 |
554d |
559d
|
327d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|
| general protection fault in dccp_timeout_obj_to_nlattr |
C |
fix
|
7 |
554d |
559d
|
327d |
ab69a230
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
|