|
KMSAN: kernel-infoleak in move_addr_to_user (7)
prio:high
hams
wpan
|
9 |
C |
|
|
46 |
55d |
642d
|
24/29 |
never |
4db86f8ab11b
ieee802154: fix kernel-infoleak in dgram_recvmsg()
|
|
KMSAN: uninit-value in sixpack_receive_buf (4)
hams
|
7 |
|
|
|
8 |
164d |
213d
|
29/29 |
36d |
bf9a38803b26
net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
|
|
general protection fault in rose_transmit_link (4)
hams
|
21 |
C |
error |
|
2058 |
91d |
162d
|
29/29 |
36d |
e1f0a18c9564
net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
|
|
BUG: unable to handle kernel paging request in sk_skb_reason_drop
hams
|
22 |
C |
|
|
39 |
72d |
162d
|
29/29 |
51d |
ba1096c31528
netrom: fix double-free in nr_route_frame()
|
|
memory leak in nr_sendmsg
hams
|
3 |
C |
|
|
1 |
213d |
209d
|
29/29 |
156d |
613d12dd794e
netrom: Fix memory leak in nr_sendmsg()
|
|
possible deadlock in serial8250_handle_irq
hams
|
4 |
C |
|
|
180 |
269d |
1070d
|
29/29 |
239d |
38b04ed7072e
6pack: drop redundant locking and refcounting
|
|
general protection fault in rose_rt_ioctl
hams
|
2 |
C |
|
|
64 |
302d |
303d
|
29/29 |
260d |
1cc8a5b534e5
net: rose: fix a typo in rose_clear_routes()
|
|
KASAN: slab-use-after-free Read in rose_timer_expiry (3)
hams
|
19 |
|
|
|
6059 |
296d |
403d
|
29/29 |
260d |
da9c9c877597
net: rose: include node references in rose_neigh refcount
|
|
KASAN: slab-use-after-free Read in rose_get_neigh
hams
|
19 |
C |
error |
|
1449 |
353d |
745d
|
29/29 |
295d |
34a500caf48c
rose: fix dangling neighbour pointers in rose_rt_device_down()
|
|
WARNING: refcount bug in ax25_release (3)
hams
|
13 |
C |
done |
|
5256 |
456d |
760d
|
28/29 |
381d |
bca0902e6173
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
2f6efbabceb6
ax25: Remove broken autobind
|
|
BUG: soft lockup in rose_loopback_timer
hams
|
1 |
C |
|
|
1 |
512d |
508d
|
28/29 |
381d |
a1300691aed9
net: rose: lock the socket in rose_bind()
|
|
KASAN: slab-use-after-free Read in rose_timer_expiry (2)
hams
|
19 |
|
|
|
158 |
408d |
532d
|
28/29 |
407d |
5de7665e0a07
net: rose: fix timer races against user threads
|
|
possible deadlock in ax25_setsockopt
hams
|
4 |
|
|
|
2 |
534d |
542d
|
28/29 |
413d |
95fc45d1dea8
ax25: rcu protect dev->ax25_ptr
|
|
kernel BUG in nr_header
hams
|
-1 |
|
|
|
2 |
582d |
569d
|
28/29 |
416d |
a6d75ecee2bf
net: lapb: increase LAPB_HEADER_LEN
|
|
memory leak in nr_create (3)
hams
|
3 |
C |
|
|
9 |
919d |
1109d
|
26/29 |
717d |
0b9130247f3b
netrom: Fix a memory leak in nr_heartbeat_expiry()
|
|
possible deadlock in nr_rt_ioctl
hams
|
4 |
C |
inconclusive |
|
8 |
755d |
782d
|
25/29 |
749d |
e03e7f20ebf7
netrom: fix possible dead-lock in nr_rt_ioctl()
|
|
WARNING: refcount bug in ax25_release (2)
hams
|
13 |
C |
|
|
240 |
764d |
830d
|
25/29 |
764d |
467324bcfe1a
ax25: Fix netdev refcount issue
|
|
WARNING in rose_device_event
hams
|
-1 |
|
|
|
1 |
926d |
926d
|
25/29 |
886d |
64b8bc7d5f14
net/rose: fix races in rose_kill_by_device()
|
|
general protection fault in prepare_to_wait (2)
hams
|
8 |
syz |
inconclusive |
|
4 |
1005d |
1043d
|
23/29 |
988d |
c2f8fd794960
netrom: Deny concurrent connect().
|
|
KASAN: use-after-free Write in nr_release
hams
|
22 |
C |
done |
error |
1784 |
1128d |
2401d
|
22/29 |
1114d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
|
WARNING: refcount bug in nr_release (4)
hams
|
13 |
C |
|
|
24 |
1228d |
1533d
|
22/29 |
1114d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
|
KASAN: use-after-free Read in do_accept
hams
|
19 |
|
|
|
1 |
1260d |
1255d
|
22/29 |
1114d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
|
memory leak in nr_create (2)
hams
|
3 |
C |
|
|
11 |
1184d |
1244d
|
22/29 |
1114d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
|
general protection fault in ax25_send_frame (2)
hams
|
10 |
|
|
|
13 |
1329d |
1316d
|
22/29 |
1218d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
|
general protection fault in rose_send_frame (2)
hams
|
2 |
|
|
|
7 |
1331d |
1356d
|
22/29 |
1218d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
|
KASAN: use-after-free Read in sixpack_close
hams
|
19 |
C |
done |
|
879 |
1680d |
1685d
|
20/29 |
1571d |
81b1d548d00b
hamradio: remove needs_free_netdev to avoid UAF
|
|
memory leak in nr_create
hams
|
3 |
C |
|
|
250 |
1801d |
2586d
|
20/29 |
1689d |
517a16b1a88b
netrom: Decrease sock refcount when sock timers expire
|
|
KASAN: slab-out-of-bounds Write in decode_data
hams
|
21 |
C |
done |
error |
7 |
2240d |
2395d
|
20/29 |
1689d |
19d1532a1876
net: 6pack: fix slab-out-of-bounds in decode_data
|
|
KMSAN: uninit-value in ax25_connect
hams
|
7 |
C |
|
|
15 |
2117d |
2250d
|
15/29 |
2108d |
2f2a7ffad5c6
AX.25: Fix out-of-bounds read in ax25_connect()
|
|
KMSAN: uninit-value in __dev_get_by_name
hams
|
7 |
C |
|
|
2 |
2232d |
2232d
|
15/29 |
2170d |
687775cec056
ax25: fix setsockopt(SO_BINDTODEVICE)
|
|
WARNING: held lock freed! (2)
hams
|
-1 |
C |
done |
|
1 |
2548d |
2545d
|
12/29 |
2495d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in release_sock
hams
|
19 |
C |
done |
|
10 |
2518d |
2527d
|
12/29 |
2495d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_release
hams
|
19 |
C |
done |
|
25 |
2496d |
2575d
|
12/29 |
2495d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_insert_socket
hams
|
19 |
C |
done |
|
22 |
2519d |
2535d
|
12/29 |
2495d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_rx_frame (2)
hams
|
19 |
C |
done |
|
3 |
2522d |
2530d
|
12/29 |
2495d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
memory leak in nr_rx_frame
hams
|
3 |
C |
|
|
5 |
2523d |
2586d
|
12/29 |
2517d |
c8c8218ec5af
netrom: fix a memory leak in nr_rx_frame()
|
|
inconsistent lock state in ax25_destroy_timer
hams
|
4 |
|
|
|
2 |
2566d |
2568d
|
12/29 |
2542d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
|
inconsistent lock state in ax25_rt_autobind
hams
|
4 |
|
|
|
2 |
2566d |
2567d
|
12/29 |
2542d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
|
INFO: rcu detected stall in rose_loopback_timer
hams
|
1 |
|
|
|
5 |
2602d |
2621d
|
12/29 |
2587d |
0453c6824595
net/rose: fix unbound loop in rose_loopback_timer()
|
|
KASAN: stack-out-of-bounds Write in rose_write_internal
hams
|
21 |
|
|
|
1 |
2661d |
2661d
|
12/29 |
2634d |
e5dcc0c3223c
net: rose: fix a possible stack overflow
|
|
general protection fault in ax25cmp
hams
|
2 |
C |
|
|
2294 |
2704d |
2737d
|
11/29 |
2669d |
b0cf029234f9
net/rose: fix NULL ax25_cb kernel panic
|
|
KASAN: use-after-free Read in refcount_inc_not_zero_checked
hams
|
19 |
syz |
|
|
24 |
2672d |
2732d
|
11/29 |
2669d |
63346650c1a9
netrom: switch to sock timer API
|
|
KASAN: use-after-free Read in kmemdup
hams
|
19 |
|
|
|
1 |
2715d |
2715d
|
11/29 |
2669d |
63530aba7826
ax25: fix possible use-after-free
|
|
WARNING: refcount bug in nr_release
hams
|
13 |
|
|
|
1 |
2728d |
2727d
|
11/29 |
2669d |
63346650c1a9
netrom: switch to sock timer API
|
|
inconsistent lock state in nr_find_socket
hams
|
4 |
C |
|
|
19 |
2720d |
2736d
|
11/29 |
2719d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
kernel BUG at kernel/time/timer.c:LINE! (2)
hams
|
-1 |
C |
|
|
5 |
2731d |
2733d
|
11/29 |
2719d |
202700e30740
net/hamradio/6pack: use mod_timer() to rearm timers
|
|
KASAN: use-after-free Read in nr_rx_frame
hams
|
19 |
syz |
|
|
2 |
2725d |
2732d
|
11/29 |
2719d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
possible deadlock in nr_destroy_socket
hams
|
4 |
syz |
|
|
20 |
2722d |
2732d
|
11/29 |
2719d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
KASAN: use-after-free Read in ax25_fillin_cb
hams
|
19 |
syz |
|
|
4 |
2739d |
2736d
|
11/29 |
2719d |
c433570458e4
ax25: fix a use-after-free in ax25_fillin_cb()
|