|
KMSAN: kernel-infoleak in move_addr_to_user (7)
prio:high
hams
wpan
|
9 |
C |
|
|
46 |
54d |
641d
|
3/29 |
never |
ieee802154: fix kernel-infoleak in dgram_recvmsg()
|
|
KMSAN: uninit-value in sixpack_receive_buf (4)
hams
|
7 |
|
|
|
8 |
163d |
212d
|
29/29 |
35d |
bf9a38803b26
net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
|
|
general protection fault in rose_transmit_link (4)
hams
|
21 |
C |
error |
|
2058 |
90d |
160d
|
29/29 |
35d |
e1f0a18c9564
net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
|
|
BUG: unable to handle kernel paging request in sk_skb_reason_drop
hams
|
22 |
C |
|
|
39 |
71d |
160d
|
29/29 |
50d |
ba1096c31528
netrom: fix double-free in nr_route_frame()
|
|
memory leak in nr_sendmsg
hams
|
3 |
C |
|
|
1 |
212d |
208d
|
29/29 |
155d |
613d12dd794e
netrom: Fix memory leak in nr_sendmsg()
|
|
possible deadlock in serial8250_handle_irq
hams
|
4 |
C |
|
|
180 |
268d |
1069d
|
29/29 |
238d |
38b04ed7072e
6pack: drop redundant locking and refcounting
|
|
general protection fault in rose_rt_ioctl
hams
|
2 |
C |
|
|
64 |
301d |
302d
|
29/29 |
259d |
1cc8a5b534e5
net: rose: fix a typo in rose_clear_routes()
|
|
KASAN: slab-use-after-free Read in rose_timer_expiry (3)
hams
|
19 |
|
|
|
6059 |
295d |
402d
|
29/29 |
259d |
da9c9c877597
net: rose: include node references in rose_neigh refcount
|
|
KASAN: slab-use-after-free Read in rose_get_neigh
hams
|
19 |
C |
error |
|
1449 |
352d |
744d
|
29/29 |
294d |
34a500caf48c
rose: fix dangling neighbour pointers in rose_rt_device_down()
|
|
WARNING: refcount bug in ax25_release (3)
hams
|
13 |
C |
done |
|
5256 |
455d |
759d
|
28/29 |
380d |
bca0902e6173
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
2f6efbabceb6
ax25: Remove broken autobind
|
|
BUG: soft lockup in rose_loopback_timer
hams
|
1 |
C |
|
|
1 |
511d |
507d
|
28/29 |
380d |
a1300691aed9
net: rose: lock the socket in rose_bind()
|
|
KASAN: slab-use-after-free Read in rose_timer_expiry (2)
hams
|
19 |
|
|
|
158 |
407d |
531d
|
28/29 |
406d |
5de7665e0a07
net: rose: fix timer races against user threads
|
|
possible deadlock in ax25_setsockopt
hams
|
4 |
|
|
|
2 |
533d |
541d
|
28/29 |
412d |
95fc45d1dea8
ax25: rcu protect dev->ax25_ptr
|
|
kernel BUG in nr_header
hams
|
-1 |
|
|
|
2 |
581d |
568d
|
28/29 |
415d |
a6d75ecee2bf
net: lapb: increase LAPB_HEADER_LEN
|
|
memory leak in nr_create (3)
hams
|
3 |
C |
|
|
9 |
918d |
1108d
|
26/29 |
716d |
0b9130247f3b
netrom: Fix a memory leak in nr_heartbeat_expiry()
|
|
possible deadlock in nr_rt_ioctl
hams
|
4 |
C |
inconclusive |
|
8 |
754d |
781d
|
25/29 |
748d |
e03e7f20ebf7
netrom: fix possible dead-lock in nr_rt_ioctl()
|
|
WARNING: refcount bug in ax25_release (2)
hams
|
13 |
C |
|
|
240 |
763d |
829d
|
25/29 |
763d |
467324bcfe1a
ax25: Fix netdev refcount issue
|
|
WARNING in rose_device_event
hams
|
-1 |
|
|
|
1 |
925d |
925d
|
25/29 |
885d |
64b8bc7d5f14
net/rose: fix races in rose_kill_by_device()
|
|
general protection fault in prepare_to_wait (2)
hams
|
8 |
syz |
inconclusive |
|
4 |
1004d |
1042d
|
23/29 |
987d |
c2f8fd794960
netrom: Deny concurrent connect().
|
|
KASAN: use-after-free Write in nr_release
hams
|
22 |
C |
done |
error |
1784 |
1127d |
2400d
|
22/29 |
1113d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
|
WARNING: refcount bug in nr_release (4)
hams
|
13 |
C |
|
|
24 |
1227d |
1532d
|
22/29 |
1113d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
|
KASAN: use-after-free Read in do_accept
hams
|
19 |
|
|
|
1 |
1259d |
1254d
|
22/29 |
1113d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
|
memory leak in nr_create (2)
hams
|
3 |
C |
|
|
11 |
1183d |
1243d
|
22/29 |
1113d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
|
general protection fault in ax25_send_frame (2)
hams
|
10 |
|
|
|
13 |
1328d |
1315d
|
22/29 |
1217d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
|
general protection fault in rose_send_frame (2)
hams
|
2 |
|
|
|
7 |
1330d |
1355d
|
22/29 |
1217d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
|
KASAN: use-after-free Read in sixpack_close
hams
|
19 |
C |
done |
|
879 |
1679d |
1684d
|
20/29 |
1570d |
81b1d548d00b
hamradio: remove needs_free_netdev to avoid UAF
|
|
memory leak in nr_create
hams
|
3 |
C |
|
|
250 |
1800d |
2585d
|
20/29 |
1688d |
517a16b1a88b
netrom: Decrease sock refcount when sock timers expire
|
|
KASAN: slab-out-of-bounds Write in decode_data
hams
|
21 |
C |
done |
error |
7 |
2239d |
2394d
|
20/29 |
1688d |
19d1532a1876
net: 6pack: fix slab-out-of-bounds in decode_data
|
|
KMSAN: uninit-value in ax25_connect
hams
|
7 |
C |
|
|
15 |
2116d |
2249d
|
15/29 |
2107d |
2f2a7ffad5c6
AX.25: Fix out-of-bounds read in ax25_connect()
|
|
KMSAN: uninit-value in __dev_get_by_name
hams
|
7 |
C |
|
|
2 |
2231d |
2231d
|
15/29 |
2169d |
687775cec056
ax25: fix setsockopt(SO_BINDTODEVICE)
|
|
WARNING: held lock freed! (2)
hams
|
-1 |
C |
done |
|
1 |
2547d |
2544d
|
12/29 |
2494d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in release_sock
hams
|
19 |
C |
done |
|
10 |
2517d |
2526d
|
12/29 |
2494d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_release
hams
|
19 |
C |
done |
|
25 |
2495d |
2574d
|
12/29 |
2494d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_insert_socket
hams
|
19 |
C |
done |
|
22 |
2518d |
2534d
|
12/29 |
2494d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
KASAN: use-after-free Read in nr_rx_frame (2)
hams
|
19 |
C |
done |
|
3 |
2521d |
2529d
|
12/29 |
2494d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
|
memory leak in nr_rx_frame
hams
|
3 |
C |
|
|
5 |
2522d |
2585d
|
12/29 |
2516d |
c8c8218ec5af
netrom: fix a memory leak in nr_rx_frame()
|
|
inconsistent lock state in ax25_destroy_timer
hams
|
4 |
|
|
|
2 |
2565d |
2567d
|
12/29 |
2541d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
|
inconsistent lock state in ax25_rt_autobind
hams
|
4 |
|
|
|
2 |
2565d |
2566d
|
12/29 |
2541d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
|
INFO: rcu detected stall in rose_loopback_timer
hams
|
1 |
|
|
|
5 |
2601d |
2620d
|
12/29 |
2586d |
0453c6824595
net/rose: fix unbound loop in rose_loopback_timer()
|
|
KASAN: stack-out-of-bounds Write in rose_write_internal
hams
|
21 |
|
|
|
1 |
2660d |
2660d
|
12/29 |
2633d |
e5dcc0c3223c
net: rose: fix a possible stack overflow
|
|
general protection fault in ax25cmp
hams
|
2 |
C |
|
|
2294 |
2703d |
2736d
|
11/29 |
2668d |
b0cf029234f9
net/rose: fix NULL ax25_cb kernel panic
|
|
KASAN: use-after-free Read in refcount_inc_not_zero_checked
hams
|
19 |
syz |
|
|
24 |
2671d |
2731d
|
11/29 |
2668d |
63346650c1a9
netrom: switch to sock timer API
|
|
KASAN: use-after-free Read in kmemdup
hams
|
19 |
|
|
|
1 |
2714d |
2714d
|
11/29 |
2668d |
63530aba7826
ax25: fix possible use-after-free
|
|
WARNING: refcount bug in nr_release
hams
|
13 |
|
|
|
1 |
2727d |
2726d
|
11/29 |
2668d |
63346650c1a9
netrom: switch to sock timer API
|
|
inconsistent lock state in nr_find_socket
hams
|
4 |
C |
|
|
19 |
2719d |
2735d
|
11/29 |
2717d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
kernel BUG at kernel/time/timer.c:LINE! (2)
hams
|
-1 |
C |
|
|
5 |
2730d |
2732d
|
11/29 |
2717d |
202700e30740
net/hamradio/6pack: use mod_timer() to rearm timers
|
|
KASAN: use-after-free Read in nr_rx_frame
hams
|
19 |
syz |
|
|
2 |
2724d |
2731d
|
11/29 |
2717d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
possible deadlock in nr_destroy_socket
hams
|
4 |
syz |
|
|
20 |
2721d |
2731d
|
11/29 |
2717d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
|
KASAN: use-after-free Read in ax25_fillin_cb
hams
|
19 |
syz |
|
|
4 |
2738d |
2735d
|
11/29 |
2717d |
c433570458e4
ax25: fix a use-after-free in ax25_fillin_cb()
|