Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-26945

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: iaa - Fix nr_cpus
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2024-26946

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address<br /> <br /> Read from an unsafe address with copy_from_kernel_nofault() in<br /> arch_adjust_kprobe_addr() because this function is used before checking<br /> the address is in text or not. Syzcaller bot found a bug and reported<br /> the case if user specifies inaccessible data area,<br /> arch_adjust_kprobe_addr() will cause a kernel panic.<br /> <br /> [ mingo: Clarified the comment. ]
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-26947

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses<br /> <br /> Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account<br /> freed memory map alignment") changes the semantics of pfn_valid() to check<br /> presence of the memory map for a PFN. A valid page for an address which<br /> is reserved but not mapped by the kernel[1], the system crashed during<br /> some uio test with the following memory layout:<br /> <br /> node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]<br /> node 0: [mem 0x00000000d0000000-0x00000000da1fffff]<br /> the uio layout is:0xc0900000, 0x100000<br /> <br /> the crash backtrace like:<br /> <br /> Unable to handle kernel paging request at virtual address bff00000<br /> [...]<br /> CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1<br /> Hardware name: Generic DT based system<br /> PC is at b15_flush_kern_dcache_area+0x24/0x3c<br /> LR is at __sync_icache_dcache+0x6c/0x98<br /> [...]<br /> (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)<br /> (__sync_icache_dcache) from (set_pte_at+0x28/0x54)<br /> (set_pte_at) from (remap_pfn_range+0x1a0/0x274)<br /> (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])<br /> (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)<br /> (__mmap_region) from (__do_mmap_mm+0x3ec/0x440)<br /> (__do_mmap_mm) from (do_mmap+0x50/0x58)<br /> (do_mmap) from (vm_mmap_pgoff+0xfc/0x188)<br /> (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)<br /> (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)<br /> Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)<br /> ---[ end trace 09cf0734c3805d52 ]---<br /> Kernel panic - not syncing: Fatal exception<br /> <br /> So check if PG_reserved was set to solve this issue.<br /> <br /> [1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-26948

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add a dc_state NULL check in dc_state_release<br /> <br /> [How]<br /> Check wheather state is NULL before releasing it.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-26949

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit<br /> <br /> Because powerplay_table initialization is skipped under<br /> sriov case, We check and set default lower and upper OD<br /> value if powerplay_table is NULL.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2024

CVE-2024-26944

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: zoned: fix use-after-free in do_zone_finish()<br /> <br /> Shinichiro reported the following use-after-free triggered by the device<br /> replace operation in fstests btrfs/070.<br /> <br /> BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0<br /> ==================================================================<br /> BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs]<br /> Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007<br /> <br /> CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1<br /> Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x5b/0x90<br /> print_report+0xcf/0x670<br /> ? __virt_addr_valid+0x200/0x3e0<br /> kasan_report+0xd8/0x110<br /> ? do_zone_finish+0x91a/0xb90 [btrfs]<br /> ? do_zone_finish+0x91a/0xb90 [btrfs]<br /> do_zone_finish+0x91a/0xb90 [btrfs]<br /> btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs]<br /> ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs]<br /> ? btrfs_put_root+0x2d/0x220 [btrfs]<br /> ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs]<br /> cleaner_kthread+0x21e/0x380 [btrfs]<br /> ? __pfx_cleaner_kthread+0x10/0x10 [btrfs]<br /> kthread+0x2e3/0x3c0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x31/0x70<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1b/0x30<br /> <br /> <br /> Allocated by task 3493983:<br /> kasan_save_stack+0x33/0x60<br /> kasan_save_track+0x14/0x30<br /> __kasan_kmalloc+0xaa/0xb0<br /> btrfs_alloc_device+0xb3/0x4e0 [btrfs]<br /> device_list_add.constprop.0+0x993/0x1630 [btrfs]<br /> btrfs_scan_one_device+0x219/0x3d0 [btrfs]<br /> btrfs_control_ioctl+0x26e/0x310 [btrfs]<br /> __x64_sys_ioctl+0x134/0x1b0<br /> do_syscall_64+0x99/0x190<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> <br /> Freed by task 3494056:<br /> kasan_save_stack+0x33/0x60<br /> kasan_save_track+0x14/0x30<br /> kasan_save_free_info+0x3f/0x60<br /> poison_slab_object+0x102/0x170<br /> __kasan_slab_free+0x32/0x70<br /> kfree+0x11b/0x320<br /> btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs]<br /> btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs]<br /> btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs]<br /> btrfs_ioctl+0xb27/0x57d0 [btrfs]<br /> __x64_sys_ioctl+0x134/0x1b0<br /> do_syscall_64+0x99/0x190<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> <br /> The buggy address belongs to the object at ffff8881543c8000<br /> which belongs to the cache kmalloc-1k of size 1024<br /> The buggy address is located 96 bytes inside of<br /> freed 1024-byte region [ffff8881543c8000, ffff8881543c8400)<br /> <br /> The buggy address belongs to the physical page:<br /> page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8<br /> head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0<br /> flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)<br /> page_type: 0xffffffff()<br /> raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002<br /> raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000<br /> page dumped because: kasan: bad access detected<br /> <br /> Memory state around the buggy address:<br /> ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> &gt;ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ^<br /> ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> <br /> This UAF happens because we&amp;#39;re accessing stale zone information of a<br /> already removed btrfs_device in do_zone_finish().<br /> <br /> The sequence of events is as follows:<br /> <br /> btrfs_dev_replace_start<br /> btrfs_scrub_dev<br /> btrfs_dev_replace_finishing<br /> btrfs_dev_replace_update_device_in_mapping_tree
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2024-26939

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/vma: Fix UAF on destroy against retire race<br /> <br /> Object debugging tools were sporadically reporting illegal attempts to<br /> free a still active i915 VMA object when parking a GT believed to be idle.<br /> <br /> [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915]<br /> [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0<br /> ...<br /> [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1<br /> [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022<br /> [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915]<br /> [161.360592] RIP: 0010:debug_print_object+0x80/0xb0<br /> ...<br /> [161.361347] debug_object_free+0xeb/0x110<br /> [161.361362] i915_active_fini+0x14/0x130 [i915]<br /> [161.361866] release_references+0xfe/0x1f0 [i915]<br /> [161.362543] i915_vma_parked+0x1db/0x380 [i915]<br /> [161.363129] __gt_park+0x121/0x230 [i915]<br /> [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915]<br /> <br /> That has been tracked down to be happening when another thread is<br /> deactivating the VMA inside __active_retire() helper, after the VMA&amp;#39;s<br /> active counter has been already decremented to 0, but before deactivation<br /> of the VMA&amp;#39;s object is reported to the object debugging tool.<br /> <br /> We could prevent from that race by serializing i915_active_fini() with<br /> __active_retire() via ref-&gt;tree_lock, but that wouldn&amp;#39;t stop the VMA from<br /> being used, e.g. from __i915_vma_retire() called at the end of<br /> __active_retire(), after that VMA has been already freed by a concurrent<br /> i915_vma_destroy() on return from the i915_active_fini(). Then, we should<br /> rather fix the issue at the VMA level, not in i915_active.<br /> <br /> Since __i915_vma_parked() is called from __gt_park() on last put of the<br /> GT&amp;#39;s wakeref, the issue could be addressed by holding the GT wakeref long<br /> enough for __active_retire() to complete before that wakeref is released<br /> and the GT parked.<br /> <br /> I believe the issue was introduced by commit d93939730347 ("drm/i915:<br /> Remove the vma refcount") which moved a call to i915_active_fini() from<br /> a dropped i915_vma_release(), called on last put of the removed VMA kref,<br /> to i915_vma_parked() processing path called on last put of a GT wakeref.<br /> However, its visibility to the object debugging tool was suppressed by a<br /> bug in i915_active that was fixed two weeks later with commit e92eb246feb9<br /> ("drm/i915/active: Fix missing debug object activation").<br /> <br /> A VMA associated with a request doesn&amp;#39;t acquire a GT wakeref by itself.<br /> Instead, it depends on a wakeref held directly by the request&amp;#39;s active<br /> intel_context for a GT associated with its VM, and indirectly on that<br /> intel_context&amp;#39;s engine wakeref if the engine belongs to the same GT as the<br /> VMA&amp;#39;s VM. Those wakerefs are released asynchronously to VMA deactivation.<br /> <br /> Fix the issue by getting a wakeref for the VMA&amp;#39;s GT when activating it,<br /> and putting that wakeref only after the VMA is deactivated. However,<br /> exclude global GTT from that processing path, otherwise the GPU never goes<br /> idle. Since __i915_vma_retire() may be called from atomic contexts, use<br /> async variant of wakeref put. Also, to avoid circular locking dependency,<br /> take care of acquiring the wakeref before VM mutex when both are needed.<br /> <br /> v7: Add inline comments with justifications for:<br /> - using untracked variants of intel_gt_pm_get/put() (Nirmoy),<br /> - using async variant of _put(),<br /> - not getting the wakeref in case of a global GTT,<br /> - always getting the first wakeref outside vm-&gt;mutex.<br /> v6: Since __i915_vma_active/retire() callbacks are not serialized, storing<br /> a wakeref tracking handle inside struct i915_vma is not safe, and<br /> there is no other good place for that. Use untracked variants of<br /> intel_gt_pm_get/put_async().<br /> v5: Replace "tile" with "GT" across commit description (Rodrigo),<br /> - <br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2024-26940

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed<br /> <br /> The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the<br /> corresponding ttm_resource_manager is not allocated.<br /> This leads to a crash when trying to read from this file.<br /> <br /> Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file<br /> only when the corresponding ttm_resource_manager is allocated.<br /> <br /> crash&gt; bt<br /> PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep"<br /> #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3<br /> #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a<br /> #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1<br /> #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1<br /> #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913<br /> #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c<br /> #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887<br /> #7 [ffffb954506b3d40] page_fault at ffffffffb360116e<br /> [exception RIP: ttm_resource_manager_debug+0x11]<br /> RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246<br /> RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940<br /> RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000<br /> RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000<br /> R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff<br /> R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200<br /> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018<br /> #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]<br /> #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3<br /> RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246<br /> RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985<br /> RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003<br /> RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000<br /> R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003<br /> ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2024-26941

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau<br /> <br /> Fix a regression when using nouveau and unplugging a StarTech MSTDP122DP<br /> DisplayPort 1.2 MST hub (the same regression does not appear when using<br /> a Cable Matters DisplayPort 1.4 MST hub). Trace:<br /> <br /> divide error: 0000 [#1] PREEMPT SMP PTI<br /> CPU: 7 PID: 2962 Comm: Xorg Not tainted 6.8.0-rc3+ #744<br /> Hardware name: Razer Blade/DANA_MB, BIOS 01.01 08/31/2018<br /> RIP: 0010:drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> Code: c6 b8 01 00 00 00 75 61 01 c6 41 0f af f3 41 0f af f1 c1 e1 04 48 63 c7 31 d2 89 ff 48 8b 5d f8 c9 48 0f af f1 48 8d 44 06 ff f7 f7 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 45 31<br /> RSP: 0018:ffffb2c5c211fa30 EFLAGS: 00010206<br /> RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 0000000000f59b00<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> RBP: ffffb2c5c211fa48 R08: 0000000000000001 R09: 0000000000000020<br /> R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000023b4a<br /> R13: ffff91d37d165800 R14: ffff91d36fac6d80 R15: ffff91d34a764010<br /> FS: 00007f4a1ca3fa80(0000) GS:ffff91d6edbc0000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000559491d49000 CR3: 000000011d180002 CR4: 00000000003706f0<br /> Call Trace:<br /> <br /> ? show_regs+0x6d/0x80<br /> ? die+0x37/0xa0<br /> ? do_trap+0xd4/0xf0<br /> ? do_error_trap+0x71/0xb0<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? exc_divide_error+0x3a/0x70<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? asm_exc_divide_error+0x1b/0x20<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? drm_dp_calc_pbn_mode+0x2e/0x70 [drm_display_helper]<br /> nv50_msto_atomic_check+0xda/0x120 [nouveau]<br /> drm_atomic_helper_check_modeset+0xa87/0xdf0 [drm_kms_helper]<br /> drm_atomic_helper_check+0x19/0xa0 [drm_kms_helper]<br /> nv50_disp_atomic_check+0x13f/0x2f0 [nouveau]<br /> drm_atomic_check_only+0x668/0xb20 [drm]<br /> ? drm_connector_list_iter_next+0x86/0xc0 [drm]<br /> drm_atomic_commit+0x58/0xd0 [drm]<br /> ? __pfx___drm_printfn_info+0x10/0x10 [drm]<br /> drm_atomic_connector_commit_dpms+0xd7/0x100 [drm]<br /> drm_mode_obj_set_property_ioctl+0x1c5/0x450 [drm]<br /> ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]<br /> drm_connector_property_set_ioctl+0x3b/0x60 [drm]<br /> drm_ioctl_kernel+0xb9/0x120 [drm]<br /> drm_ioctl+0x2d0/0x550 [drm]<br /> ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]<br /> nouveau_drm_ioctl+0x61/0xc0 [nouveau]<br /> __x64_sys_ioctl+0xa0/0xf0<br /> do_syscall_64+0x76/0x140<br /> ? do_syscall_64+0x85/0x140<br /> ? do_syscall_64+0x85/0x140<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> RIP: 0033:0x7f4a1cd1a94f<br /> Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00<br /> RSP: 002b:00007ffd2f1df520 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> RAX: ffffffffffffffda RBX: 00007ffd2f1df5b0 RCX: 00007f4a1cd1a94f<br /> RDX: 00007ffd2f1df5b0 RSI: 00000000c01064ab RDI: 000000000000000f<br /> RBP: 00000000c01064ab R08: 000056347932deb8 R09: 000056347a7d99c0<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 000056347938a220<br /> R13: 000000000000000f R14: 0000563479d9f3f0 R15: 0000000000000000<br /> <br /> Modules linked in: rfcomm xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc ccm cmac algif_hash overlay algif_skcipher af_alg bnep binfmt_misc snd_sof_pci_intel_cnl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress snd_sof_intel_hda_mlink snd_hda_ext_core iwlmvm intel_rapl_msr intel_rapl_common intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp mac80211 coretemp kvm_intel snd_hda_codec_hdmi kvm snd_hda_<br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2025

CVE-2024-26942

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: qcom: at803x: fix kernel panic with at8031_probe<br /> <br /> On reworking and splitting the at803x driver, in splitting function of<br /> at803x PHYs it was added a NULL dereference bug where priv is referenced<br /> before it&amp;#39;s actually allocated and then is tried to write to for the<br /> is_1000basex and is_fiber variables in the case of at8031, writing on<br /> the wrong address.<br /> <br /> Fix this by correctly setting priv local variable only after<br /> at803x_probe is called and actually allocates priv in the phydev struct.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-26943

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nouveau/dmem: handle kcalloc() allocation failure<br /> <br /> The kcalloc() in nouveau_dmem_evict_chunk() will return null if<br /> the physical memory has run out. As a result, if we dereference<br /> src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs<br /> will happen.<br /> <br /> Moreover, the GPU is going away. If the kcalloc() fails, we could not<br /> evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL<br /> flag in kcalloc().<br /> <br /> Finally, as there is no need to have physically contiguous memory,<br /> this patch switches kcalloc() to kvcalloc() in order to avoid<br /> failing allocations.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2025

CVE-2024-26938

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()<br /> <br /> If we have no VBT, or the VBT didn&amp;#39;t declare the encoder<br /> in question, we won&amp;#39;t have the &amp;#39;devdata&amp;#39; for the encoder.<br /> Instead of oopsing just bail early.<br /> <br /> We won&amp;#39;t be able to tell whether the port is DP++ or not,<br /> but so be it.<br /> <br /> (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2026