In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Clean up integer overflow checking in map_user_pages()
The encode_dma() function has some validation on in_trans->size
In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
Currently, if find_and_map_user_pages() takes a DMA xfer re
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
In zynqmp_dma_alloc/free_chan_resources functions there i
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()
The unpublished smatch static checker reported a warning.
In the Linux kernel, the following vulnerability has been resolved:
tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
The dma_map_sg tracepoint can trigger a perf buffer overf
In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: tighten bounds checking in decode_message()
Copy the bounds checking from encode_message() to decode_message().
This
In the Linux kernel, the following vulnerability has been resolved:
mmc: jz4740: Apply DMA engine limits to maximum segment size
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Prevent overflow in size calculation for memdup_user()
Number of apqn target list entries contained in 'nr_apqns' varia
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
In case the non-paged data of a SKB carries protocol header
In the Linux kernel, the following vulnerability has been resolved:
dm: fix a buffer overflow in ioctl processing
Tony Asleson (using Claude) found a buffer overflow in dm-ioctl in the
function retr
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:
Do
In the Linux kernel, the following vulnerability has been resolved:
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
In case a IRQ based transfer times out the bc
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix ib block iterator counter overflow
When registering a new DMA MR after selecting the best aligned page size
for it,
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix adminq error handling
iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent
memory for VF mailbox.
F
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix page_size variable overflow
Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to
unsigned long to
In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Fix integer overflow in qaic_validate_req()
These are u64 variables that come from the user via
qaic_attach_slice_bo_i
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
An integer overflow occurs in the iwl_write_to_user_buf() funct
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
The current implementation incorrectly handles memory regions (
In the Linux kernel, the following vulnerability has been resolved:
rdma/cxgb4: Prevent potential integer overflow on 32bit
The "gl->tot_len" variable is controlled by the user. It comes from
proce
Page 1+ Next →