aboutsummaryrefslogtreecommitdiffstats

Found bugs

Most latest bugs are reported by syzbot and are listed here and on the dashboard. Additional USB bugs are here.

newer first * KASAN: use-after-free Read in screen_glyph_unicode * KASAN: use-after-free Read in vc_do_resize * KASAN: use-after-free in usb_hcd_unlink_urb * KASAN: slab-out-of-bounds Read in gadget_dev_desc_UDC_store * KASAN: use-after-free Write in snd_rawmidi_kernel_write1 * KASAN: use-after-free Write in config_item_get * KASAN: use-after-free Read in f_hidg_poll * KASAN: use-after-free Read in printer_ioctl * KASAN: null-ptr-deref Read in tty_wakeup * KASAN: use-after-free in afs_wake_up_async_call * KASAN: use-after-free Read in gs_flush_chars * kernel BUG at net/core/skbuff.c * io_uring: avoid page allocation warnings * io_uring: free allocated io_memory once * io_uring: fix SQPOLL cpu validation * locks: use-after-free in perf_trace_lock_acquire CVE-2019-19769 * cirrusfb: divide errors in cirrusfb_check_var/cirrusfb_check_pixclock/cirrusfb_set_par_foo * floppy: fix out-of-bounds read in copy_buffer * floppy: fix invalid pointer dereference in drive_name * floppy: fix out-of-bounds read in next_valid_format * floppy: fix div-by-zero in setup_format_params * bpf: BPF_PROG_TEST_RUN leads to unkillable process * timer_settime leads to unkillable process * UBSAN: Undefined behaviour in drivers/scsi/sr_ioctl.c * KASAN: use-after-free Read in ata_scsi_mode_select_xlat * UBSAN: Undefined behaviour in fs/f2fs/extent_cache.c * UBSAN: Undefined behaviour in drivers/input/misc/uinput.c * general protection fault in spk_ttyio_ldisc_close * rtnetlink: give a user socket to get_target_net() CVE-2018-14646 * tipc: NULL deref in tipc_net_finalize * Kernel crash at i2cdev_ioctl_rdwr in drivers/i2c/i2c-dev.c * UBSAN: Undefined behaviour in drivers/input/mousedev.c * UBSAN: Undefined behaviour in mm/page_alloc.c * WARNING in pkt setup dev * UBSAN: Undefined behaviour in drivers/net/ppp/ppp_generic.c * KASAN: use-after-free Read in raw_cmd_done * KMSAN: uninit-value in selinux_socket_bind, selinux_socket_connect_helper * UBSAN: Undefined behaviour in drivers/block/floppy.c * net: BUG still has locks held in unix_stream_splice_read * general protection fault in sockfs_setattr CVE-2018-12232 * KASAN: slab out of bounds Write in __jfs_setxattr CVE-2018-12233 * RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPslogin * KASAN: use-after-free Read in set_page_dirty_lock * System freeze and NULL pointer dereference * RDS: WARNING in rds_recv_hs_exthdrs * RDS: slab-out-of-bounds Read in rds_rdma_extra_size * netfilter: fix out-of-bounds accesses in clusterip_tg_check() * net: hang in unregister_netdevice: waiting for lo to become free * scsi: sg: assorted memory corruptions * kcm: memory leak in kcm_sendmsg * AF_KEY: memory leak in key_notify_policy * sctp: memory leak in sctp_endpoint_init * tipc: memory leak in tipc_nl_node_get_link * tun: memory leak in tun_set_iff * net/8021q: memory leak in register_vlan_dev * net: memory leak in socket * scsi: memory leak in sg_start_req * sunrpc: infinite unkillable console spam in xs_tcp_setup_socket * fs: possible deadlock in do_iter_write/do_splice * net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl * net/ipv6: GPF in rt6_ifdown * net/ipv4: trying to register non-static key in ip_mc_clear_src * net/can: trying to register non-static key in can_rx_register * net: general protection fault in deactivate_slab * net/ipv4: use-after-free in add_grec * net/ipv6: use-after-free in ip6_dst_ifdown * tty: possible deadlock in tty_buffer_flush * net/ipv6: general protection fault in skb_release_data CVE-2017-9242 * drivers/net/hamradio: divide error in hdlcdrv_ioctl * tty: fix port buffer locking * kvm: warning in kvm_load_guest_fpu * drivers/scsi: GPF in sg_read * net/ipv4: use-after-free in ip_mc_drop_socket CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 * net/ipv6: GPF in rt6_device_match * x86: warning: kernel stack regs has bad 'bp' value * net/key: slab-out-of-bounds in pfkey_compile_policy * net/ipv6: warning in inet6_ifa_finish_destroy * net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu * net/ipv6: slab-out-of-bounds in ip6_tnl_xmit * net/rose: null-ptr-deref in rose_route_frame * time: hang due to timer_create/timer_settime * net/core: BUG in unregister_netdevice_many * net/xfrm: stack-out-of-bounds in xfrm_state_find * net/bonding: stack-out-of-bounds in bond_enslave * net: ipv6: RTF_PCPU should not be settable from userspace * fs/notify/inotify: slab-out-of-bounds write in strcpy CVE-2017-7533 * net/ipv6: slab-out-of-bounds read in seg6_validate_srh * kernel BUG at mm/hugetlb.c:742! * net/key: slab-out-of-bounds in parse_ipsecrequests * net/ipv4: use-after-free in ipv4_datagram_support_cmsg * net/ipv4: use-after-free in ip_queue_xmit * net: use-after-free in __ns_get_path * net/ipv4: use-after-free in ip_check_mc_rcu * net/ipv6: use-after-free in ipv6_sock_ac_close * net/ipv4: use-after-free in ipv4_mtu * net/dccp: BUG in tfrc_rx_hist_sample_rtt * net/sctp: list double add warning in sctp_endpoint_add_asoc * kvm: use-after-free in srcu_reschedule * ata: WARNING in ata_bmdma_qc_issue * net/sched: GPF in qdisc_hash_add * sg: random memory corruptions * fs: GPF in deactivate_locked_super * loop: WARNING in sysfs_remove_group * lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm * ata: WARNING in ata_qc_issue * security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode * netlink: NULL timer crash * kvm: use-after-free function call in kvm_io_bus_destroy * sound: use-after-free in snd_seq_cell_alloc * usb: use-after-free write in usb_hcd_link_urb_to_ep * net/kcm: double free of kcm inode * crypto: out-of-bounds write in pre_crypt * security: double-free in superblock_doinit * kvm: WARNING in kvm_apic_accept_events * tcp: fix potential double free issue for fastopen_req * net/udp: slab-out-of-bounds Read in udp_recvmsg * net: deadlock between ip_expire/sch_direct_xmit * srcu: BUG in __synchronize_srcu * net/sctp: recursive locking in sctp_do_peeloff * kvm: WARNING in vmx_handle_exit * futex: use-after-free in futex_wait_requeue_pi * kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update * kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds * local privilege escalation flaw in n_hdlc CVE-2017-2636 * netlink: GPF in netlink_unicast * perf: use-after-free in perf_release * net/ipv6: null-ptr-deref in ip6mr_sk_done * bpf: kernel NULL pointer dereference in map_get_next_key * crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex * kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0 * sound: another deadlock in snd_seq_pool_done * rcu: WARNING in rcu_seq_end * fs: use-after-free in path_lookupat * ucount: use-after-free read in inc_ucount & dec_ucount * net/ipv4: division by 0 in tcp_select_window * net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone * mm: use-after-free in zap_page_range * net/kcm: use-after-free in kcm_wq * idr: use-after-free write in ida_get_new_above * sg: stack out-of-bounds write in sg_write CVE-2017-7187 * cgroup: WARNING in cgroup_kill_sb * net/rds: use-after-free in rds_find_bound/memcmp * net: sleeping function called from invalid context in net_enable_timestamp * net: use-after-free in neigh_timer_handler/sock_wfree * net/sctp: use-after-free in sctp_association_put * fs: use-after-free in userfaultfd_exit * net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert * net/ipv4: suspicious RCU usage in ip_ra_control * net/ipv4: deadlock in ip_ra_control * net/dccp: dccp_create_openreq_child freed held lock * nested_vmx_merge_msr_bitmap * ipc: use-after-free in shm_get_unmapped_area * sounds: deadlocked processed in snd_seq_pool_done * net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context * ata: WARNING in ata_sff_qc_issue * net/rds: use-after-free in inet_create * mm: fault in __do_fault * kvm: WARNING in nested_vmx_vmexit * net: GPF in rt6_nexthop_info * sound: spinlock lockup in snd_timer_user_tinterrupt * mm: GPF in bdi_put * net/sctp: use-after-free in sctp_hash_transport * net/bridge: warning in br_fdb_find * net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire * net: possible deadlock in skb_queue_tail * DCCP double-free vulnerability (local root) CVE-2017-6074 * net: warning in inet_sock_destruct * net/pptp: use-after-free in dst_release * net/udp: slab-out-of-bounds in udp_recvmsg/do_csum CVE-2017-6347 * WARNING in skb_warn_bad_offload * tty: panic in tty_ldisc_restore * net: BUG in __skb_gso_segment * net/dccp: use-after-free in dccp_feat_activate_values * net/kcm: GPF in kcm_sendmsg * net/xfrm: stack out-of-bounds in xfrm_flowi_sport * net/llc: BUG in llc_sap_state_process/skb_set_owner_r CVE-2017-6345 * net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic * net/packet: use-after-free in packet_rcv_fanout * net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce * net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub * net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy * net/ipv4: warning in nf_nat_ipv4_fn * net/ipv6: double free in ipip6_dev_free * sound: use-after-free in snd_seq_queue_alloc * loop: divide error in transfer_xor * net/xfrm: use of uninit spinlock in xfrm_policy_flush * mm: double-free in cgwb_bdi_init * packet: round up linear to header len * net/icmp: null-ptr-deref in ping_v4_push_pending_frames * net/kcm: WARNING in kcm_write_msgs * tcp: avoid infinite loop in tcp_splice_read() CVE-2017-6214 * tun: read vnet_hdr_sz once * macvtap: read vnet_hdr_size once * udp: properly cope with csum errors * ipv6: tcp: add a missing tcp_v6_restore_cb() * ip6_gre: fix ip6gre_err() invalid reads CVE-2017-5897 * ipv4: keep skb->dst around in presence of IP options CVE-2017-5970 * net: use a work queue to defer net_disable_timestamp() work * netlabel: out of bound access in cipso_v4_validate() * ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() * net: heap out-of-bounds in ip6_fragment CVE-2017-9074 * tcp: fix 0 divide in __tcp_select_window() * keys: GPF in request_key * net/tcp: warning in tcp_try_coalesce/skb_try_coalesce * crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2 * sound: unable to handle kernel paging request snd_seq_prioq_cell_out * scsi: BUG in scsi_init_io * mm: sleeping function called from invalid context shmem_undo_range * timerfd: use-after-free in timerfd_remove_cancel * scsi: use-after-free in sg_start_req * mm: deadlock between get_online_cpus/pcpu_alloc * BUG at net/sctp/socket.c:7425 * kvm: use-after-free in irq_bypass_register_consumer * net: suspicious RCU usage in nf_hook * kvm: fix page struct leak in handle_vmon CVE-2017-2596 * ipv6: fix ip6_tnl_parse_tlv_enc_lim() * kvm: WARNING in mmu_spte_clear_track_bits * perf: use-after-free in perf_event_for_each * net: use-after-free in tw_timer_handler * namespace: deadlock in dec_pid_namespaces * sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats * kvm: deadlock in kvm_vgic_map_resources * net/atm: warning in alloc_tx/__might_sleep * net/ipv6: use-after-free in sock_wfree * kvm: kvm: BUG in loaded_vmcs_init * kvm: NULL deref in vcpu_enter_guest * kvm: use-after-free in complete_emulated_mmio CVE-2017-2584 * kvm: BUG in kvm_unload_vcpu_mmu * x86: warning in unwind_get_return_address * ipc: BUG: sem_unlock unlocks non-locked lock * kvm: WARNING in mmu_spte_clear_track_bits * sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport * kvm: use-after-free in process_srcu * kvm: assorted bugs after OOMs * kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common * netlink: GPF in netlink_dump * fs, net: deadlock between bind/splice on af_unix * net: use-after-free in worker_thread * net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts CVE-2016-9793 CVE-2012-6704 * net/can: warning in raw_setsockopt/__alloc_pages_slowpath * net/ipv6: null-ptr-deref in ip6_rt_cache_alloc * net/dccp: use-after-free in dccp_invalid_packet * net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info * net: BUG in unix_notinflight * net: GPF in eth_header CVE-2016-9755 * net: deadlock on genl_mutex * net: GPF in rt6_get_cookie * netlink: GPF in sock_sndtimeo * scsi: use-after-free in bio_copy_from_iter CVE-2016-9576 * net/udp: bug in skb_pull_rcsum * net/icmp: null-ptr-deref in icmp6_send CVE-2016-9919 * net/can: use-after-free in bcm_rx_thr_flush * kvm: slab-out-of-bounds write in __apic_accept_irq CVE-2016-9777 * mm: BUG in pgtable_pmd_page_dtor * logfs: GPF in logfs_alloc_inode * mm, floppy: unkillable task faulting on fd0 * kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit * kvm: WARNING in em_jmp_far CVE-2016-9756 * kvm: WARNING in rtc_status_pending_eoi_check_valid * kvm: GPF in kvm_ioapic_set_irq * mm: BUG in munlock_vma_pages_range * kvm: WARNING in kvm_arch_vcpu_ioctl_run * kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast * kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one * kvm: BUG in pte_list_remove * kvm: recursive lock in kvm_clear_async_pf_completion_queue * kvm: WARNING in em_ret_far * kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue * kvm: GPF in gfn_to_rmap * kvm: paging fault in kvm_gfn_to_hva_cache_init * kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr * kvm: use-after-free in irq_bypass_register_consumer * kvm: WARNING in kvm_load_guest_fpu * kvm: GPF in kvm_pic_set_irq * kvm: GPF in irq_bypass_unregister_consumer * kvm: GPF in __get_kvmclock_ns * kvm: WARNING In kvm_apic_accept_events * kvm: WARNING in __x86_set_memory_region * tcp: take care of truncations done by sk_filter() * net/l2tp: use-after-free write in l2tp_ip6_close * net/sctp: null-ptr-deref in sctp_inet_listen * net/tcp: warning in tcp_recvmsg * net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla * bpf: kernel BUG in htab_elem_free * net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla * net/ipv6: null-ptr-deref in inet6_bind * net/dccp: null-ptr-deref in dccp_parse_options * net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb * net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match * net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep * net/can: warning in bcm_connect/proc_register * net/ipv4: warning in inet_sock_destruct * net/sctp: slab-out-of-bounds in sctp_sf_ootb CVE-2016-9555 * net/dccp: warning in dccp_set_state * net/netlink: bad unlock balance in netlink_diag_dump * net/netlink: null-ptr-deref in netlink_dump/lock_acquire * net/ipx: null-ptr-deref in ipxrtr_route_packet * net/sctp: use-after-free in __sctp_connect * fs: WARNING in locks_unlink_lock_ctx (not holding proper lock) * kernel BUG in dio_get_page * drm: GPF in drm_getcap * fs: GPF in bd_mount * tty, fbcon: use-after-free in fbcon_invert_region * drm: NULL pointer dereference in drm_mode_object_find() * 6pack: stack-out-of-bounds in sixpack_receive_buf * logfs: GPF in logfs_init_inode * tty: use-after-free in n_tty_receive_buf_fast * sound: divide by 0 in snd_hrtimer_callback (or hang) * mm: GPF in __insert_vmap_area * fs, tty: WARNING in devpts_get_priv * fanotify: unkillable hanged processes * drm: GPF in drm_context_switch_complete * drm: GPF in drm_legacy_lock_free * sound: division by 0 in snd_hrtimer_callback * perf: WARNING in perf_event_read * drm: WARNING in drm_irq_by_busid * dri: WARNING in idr_remove * mm: use-after-free in collapse_huge_page * kcm: use-after-free in fput of kcm socket * bdev: fix NULL pointer dereference in sync()/close() race * bdev: fix NULL pointer dereference * BUG: sleeping function called from invalid context at mm/mempolicy.c:553 * use-after-free in ppp_unregister_channel * net/tipc: NULL-ptr dereference in tipc_nl_publ_dump * HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report() * mm: memory corruption on mmput * perf: WARNING in perf_event_read * 9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink) * mm: page fault in __do_huge_pmd_anonymous_page * usb: memory allocation WARNING in hcd_buffer_alloc * dccp: potential deadlock in dccp_v4_ctl_send_reset * mm: GPF in find_get_pages_tag * mm: BUG in page_move_anon_rmap * block: GPF in get_task_ioprio * tty: stall in n_tty_ioctl/inq_canon * random: negative entropy/overflow: pool input count -40000 * bpf: use after free in array_map_alloc CVE-2016-4794 * kvm: use-after-free in kvm_irqfd_release * kvm: GPF in kvm_lapic_set_tpr * sound: use-after-free in hrtimer_cancel * sound: hang in snd_timer_interrupt * sound: deadlock involving snd_hrtimer_callback * fs: GPF in locked_inode_to_wb_and_lock_list * x86: bad pte in pageattr_test * tty: memory leak in tty_open * net: memory leak due to CLONE_NEWNET * lockdep WARNING in get_online_cpus * mm: BUG in khugepaged_scan_mm_slot * sound: use-after-free in snd_timer_interrupt * scsi: machine hang due to write to /dev/sg0 * AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way * sound: uninterruptible hang in snd_seq_oss_writeq_sync * fs: uninterruptible hang in handle_userfault * net: memory leak in N_6PACK driver * net: memory leak in lapb_register * net: memory leak in mkiss_open * sound: list corruption in delete_and_unsubscribe_port * kvm: GPF in kvm_pic_clear_all * kvm: GPF in kvm_irq_map_gsi * tty: memory leak in tty_register_driver * sound: memory leak in snd_seq_pool_init * tty: deadlock between tty_buffer_flush/n_tracesink_open * sound: heap out-of-bounds write in dummy_systimer_prepare * fs: NULL deref in atime_needs_update * sound: spinlock lockup in snd_seq_oss_write * net: memory leak in ip_cmsg_send * net/irda: BUG: looking up invalid subclass: 4294967295 CVE-2017-6348 * sound: use-after-free in snd_timer_start1 * tty: tty_struct memory leak * gigaset: memory leak in gigaset_initcshw * sound: out-of-bounds write in snd_rawmidi_kernel_write1 * mm: uninterruptable tasks hanged on mmap_sem * sound: another WARNING in rawmidi_transmit_ack * sound: use-after-free in snd_seq_deliver_single_event * sound: WARNING in snd_rawmidi_kernel_write1 * sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap * ata: BUG in ata_sff_hsm_move * WARNING in set_restore_sigmask * BUG: bad unlock balance detected in vma_unlock_anon_vma * bluetooth: use-after-free in vhci_send_frame * mm: another VM_BUG_ON_PAGE(PageTail(page)) * scsi: NULL deref in sg_start_req * mm: BUG in expand_downwards * sound: heap out-of-bounds write in dummy_systimer_prepare * WARNING in do_jobctl_trap * mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind * net/bluetooth: workqueue destruction WARNING in hci_unregister_dev * gpu: kmalloc size WARNING in vga_arb_write * net/rfkill: WARNING in rfkill_fop_read * sound: use-after-free in _snd_timer_stop * net/irda: use-after-free in ircomm_param_request * net/sctp: out-of-bounds access in sctp_add_bind_addr * ext4: BUG: scheduling while atomic in ext4_commit_super * sound: WARNING in snd_rawmidi_transmit_ack * floppy: GPF in floppy_rb0_cb * tty: kmalloc size WARNING in vc_do_resize * mm: WARNING in __delete_from_page_cache * sound: WARNING in snd_seq_oss_synth_cleanup * sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect * net: GPF in netlink_getsockbyportid * fs: use-after-free in link_path_walk * fs: sandboxed process brings host down * net: use-after-free in recvmmsg * struct pid memory leak * net: WARNING in dccp_set_state * mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list * sound: BUG in snd_ctl_find_numid * net: GPF in __netlink_ns_capable * crypto: slab-out-of-bounds in skcipher_recvmsg * net: hang in ip_finish_output * kvm: access to invalid memory in mmu_zap_unsync_children * kvm: using uninitialized var in tdp_page_fault * sound: spinlock lockup in sound/core/timer.c * sound: GPF in snd_timer_user_params * sound: use-after-free in snd_timer_interrupt * sound: use-after-free in snd_timer_user_ioctl * crypto: use-after-free in skcipher_sock_destruct * net/sctp: use-after-free in __sctp_connect * net: WARNING in tcp_recvmsg * sound: use-after-free in snd_timer_stop * sound: GPF in snd_seq_fifo_clear * crypto: ablk_decrypt causes BUG in scatterwalk * kvm: GPF in native_set_debugreg * kvm: GPF in kvm_lapic_latched_init * kvm: WARNING in kvm_apic_accept_events * kvm: vmalloc allocation failure in kvm_vm_ioctl * kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid * kvm: WARNING in __x86_set_memory_region * kvm: WARNING in exception_type * mm: possible deadlock in mm_take_all_locks * net/nfc: GPF in llcp_sock_getname * net/netlink: memory leak in netlink_sendmsg * net/tipc: memory leak in tipc_release * memory leak in lapb_create_cb * net/sctp: sctp_datamsg memory leak * net/sctp: sock memory leak * net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame * tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc * crypto: use-after-free in alg_bind * crypto: deadlock in alg_setsockopt * crypto: use-after-free in rng_recvmsg * use-after-free in skcipher_bind * 9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl * fs: WARNING in locks_free_lock_context * net: user-controllable kmalloc size in __sctp_setsockopt_connectx * GPF in gf128mul_64k_bbe * use-after-free in hash_sock_destruct * GPF in lrw_crypt * bad page state due to PF_ALG socket * use-after-free in skcipher_sock_destruct * use-after-free in sixpack_close * net: heap-out-of-bounds in sock_setsockopt * BUG_ON(!PageLocked(page)) in munlock_vma_page * perf: stalls in perf_install_in_context/perf_remove_from_context * Information leak in sco_sock_bind CVE-2015-8575 * Information leak in llcp_sock_bind/llcp_raw_sock_bind * Information leak in pptp_bind * use-after-free in pptp_connect * GPF in keyctl CVE-2015-7550 * another use-after-free in sctp_do_sm * use-after-free in inet6_destroy_sock * WARNING in crypto_wait_for_test * int overflow in io_getevents * use-after-free in ip6_xmit * use-after-free in __perf_install_in_context * undefined shift in __bpf_prog_run * signed integer overflow in ktime_add_safe * jump label: negative count! * memory leak in alloc_huge_page * memory leak in do_ipv6_setsockopt * heap out-of-bounds access in array_map_update_elem * deadlock in perf_ioctl * user-controllable kmalloc size in bpf syscall * net: use after free in ip6_make_skb * user-controllable kmalloc size in sctp_getsockopt_local_addrs * use-after-free in ip6_setup_cork * gigaset: freeing an active object * Freeing active kobject in pps_device_destruct * GPF in process_one_work (flush_to_ldisc) * use-after-free in tty_check_change * WARNING in tcp_recvmsg * use-after-free in irtty_open * use-after-free in sock_wake_async * WARNING in handle_mm_fault * WARNING in gsm_cleanup_mux * use-after-free in sctp_do_sm * yet another uninterruptable hang in sendfile * GPF in add_key * another uninterruptable hang in sendfile * deadlock during fuseblk shutdown * tty,net: use-after-free in x25_asy_open_tty * deadlock between tty_write and tty_send_xchar * WARNING in shmem_evict_inode * Deadlock between setsockopt/getsockopt * Deadlock between bind and splice * Use-after-free in ipv4_conntrack_defrag * Use-after-free in selinux_ip_postroute_compat * Use-after-free in unshare * GPF in tcp_sk_init/icmp_sk_init * lockdep warning in ip_mc_msfget * WARNING in task_participate_group_stop * Resource leak in unshare * Paging fault with hard IRQs disabled in getsockopt * Unkillable processes due to PTRACE_TRACEME * Use-after-free in ep_remove_wait_queue CVE-2013-7446 * GPF in shm_lock * GPF in rt6_uncached_list_flush_dev * Infinite loop in ip6_fragment * Uninterruptable hang in sendfile * GPF in keyring_destroy CVE-2015-7872

generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 15:53:29 +0000