cve/review/done/v6.14.3-lee - pub/scm/linux/security/vulns - Git at Google

 6ee6bd5d4fce ublk: fix handling recovery & reissue in ublk_abort_queue() [auto: cve already created]
 ad320e408a8c ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() [auto: cve already created]
 69ae94725f4f tipc: fix memory leak in tipc_link_xmit [auto: cve already created]
 342debc12183 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() [auto: cve already created]
 5071a1e606b3 net: tls: explicitly disallow disconnect [auto: cve already created]
 7f1ff1b38a7c net: libwx: handle page_pool_dev_alloc_pages error [auto: cve already created]
 e3ea2eae7069 drm/i915/huc: Fix fence not released on early probe errors [auto: cve already created]
 aa1ac98268cd s390/cpumf: Fix double free on error in cpumf_pmu_event_init() [auto: cve already created]
 b3bf8f63e617 net_sched: sch_sfq: move the limit validation [auto: cve already created]
 f0df00ebc57f x86/cpu: Avoid running off the end of an AMD erratum table [auto: cve already created]
 9502dd5c7029 smb: client: fix UAF in decryption with multichannel [auto: cve already created]
 aabc6596ffb3 net: ppp: Add bound checking for skb data on ppp_sync_txmung [auto: cve already created]
 38e8844005e6 iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group [auto: cve already created]
 c70ca298036c perf/core: Simplify the perf_event_alloc() error path [auto: cve already created]
 56799bc03565 perf: Fix hang while freeing sigtrap event [auto: cve already created]
 208baa3ec904 pm: cpupower: bench: Prevent NULL dereference on malloc failure
 ad546940b599 x86/ia32: Leave NULL selector values 0~3 unchanged
 7f35b429802a perf/dwc_pcie: fix duplicate pci_dev devices [auto: cve already created]
 52323ed1444e PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() [auto: cve already created]
 22a05462c3d0 HID: pidff: Fix null pointer dereference in pidff_find_fields
 1b24394ed5c8 wifi: ath12k: fix memory leak in ath12k_pci_remove() [auto: cve already created]
 ecfc13138992 wifi: ath12k: Avoid memory leak while enabling statistics [auto: cve already created]
 f195fc060c73 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
 43130d02baa1 page_pool: avoid infinite loop to schedule delayed worker
 9629d7d66c62 jfs: Fix uninit-value access of imap allocated in the diMount() function [auto: cve already created]
 b61e69bb1c04 jfs: Prevent copying of nlink with value 0 from disk inode [auto: cve already created]
 ddf2846f22e8 jfs: add sanity check for agwidth in dbMount [auto: cve already created]
 ec34cdf4f917 fs/jfs: Prevent integer overflow in AG size calculation
 e6494977bd4a f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() [auto: cve already created]
 c8e008b60492 ext4: ignore xattrs past end [auto: cve already created]
 a018d1cf990d scsi: st: Fix array overflow in st_setup()
 7511e29cf135 btrfs: harden block_group::bg_list against list_del() races
 27b918007d96 net: vlan: don't propagate flags on open [auto: cve already created]
 459777724d30 drm/xe/vf: Don't try to trigger a full GT reset if VF [auto: cve already created]
 c87d202692de drm/amd/display: Guard Possible Null Pointer Dereference
 f0b4440cdc18 drm/amdkfd: Fix mode1 reset crash issue
 fe9d0061c413 drm/amdkfd: debugfs hang_hws skip GPU with MES
 1435e895d4fc drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
 18056a48669a PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type [auto: cve already created]
 4efd8ef5e40f fbdev: omapfb: Add 'plane' value check
 7ca59947b5fc pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
 4936cd5817af media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization [auto: cve already created]
 f4b211714bcc media: venus: hfi: add a check to handle OOB in sfr region [auto: cve already created]
 69baf245b23e media: venus: hfi: add check to handle incorrect queue size [auto: cve already created]
 250f25367b58 KVM: arm64: Tear down vGIC on failed vCPU creation
 ddc210cf8b8a mtd: rawnand: brcmnand: fix PM resume warning
 d893da85e06e accel/ivpu: Fix PM related deadlocks in MS IOCTLs
 172bf5a9ef70 media: venus: hfi_parser: add check to avoid out of bound access [auto: cve already created]
 9edaaa8e3e15 media: venus: hfi_parser: refactor hfi packet parsing logic [auto: cve already created]
 c60d101a226f net: stmmac: Fix accessing freed irq affinity_hint [auto: cve already created]
 6889ae1b4df1 io_uring/net: fix io_req_post_cqe abuse by send bundle [auto: cve already created]
 9a6f56762d23 accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
 3371f569223c arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() [auto: cve already created]
 d48b663f410f arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() [auto: cve already created]
 0686a818d77a bus: mhi: host: Fix race between unprepare and queue_buf [auto: cve already created]
 94824ac9a8aa ext4: fix off-by-one error in do_split [auto: cve already created]
 17d253af4c2c tpm: do not start chip while suspended [auto: cve already created]
 c8222ef6cf29 soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() [auto: cve already created]
 bd496a44f041 i3c: Add NULL pointer check in i3c_master_queue_ibi() [auto: cve already created]
 e6eff39dd0fe jbd2: remove wrong sb->s_sequence check
 4cdf1d2a816a mfd: ene-kb3930: Fix a potential NULL pointer dereference [auto: cve already created]
 443041deb5ef mptcp: fix NULL pointer in can_accept_new_subflow [auto: cve already created]
 a13bfa4fe0d6 arm64: mops: Do not dereference src reg for a set operation
 276822a00db3 backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() [auto: cve already created]
 767e22001dfc iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()
 0bb2f7a1ad1f net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. [auto: cve already created]
 f1a69a940de5 sctp: detect and prevent references to a freed transport in sendmsg [auto: cve already created]
 dd941507a948 tracing: fprobe events: Fix possible UAF on modules
 b4885bd5935b cifs: avoid NULL pointer dereference in dbg call
 ef01cac401f1 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses [auto: cve already created]
 f6cb7828c8e1 misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error [auto: cve already created]
 e3260237aaad PCI: pciehp: Avoid unnecessary device replacement check
 f9208aec8622 PCI: Fix reference leak in pci_register_host_bridge()
 40369bfe717e spi: fsl-qspi: use devm function instead of driver remove
 5df5dafc171b Bluetooth: hci_uart: Fix another race during initialization
 e3f88665a780 HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition [auto: cve already created]
 8be6cb7f77c1 UPSTREAM: usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries [auto: cve already created]
	6ee6bd5d4fce ublk: fix handling recovery & reissue in ublk_abort_queue() [auto: cve already created]
	ad320e408a8c ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() [auto: cve already created]
	69ae94725f4f tipc: fix memory leak in tipc_link_xmit [auto: cve already created]
	342debc12183 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() [auto: cve already created]
	5071a1e606b3 net: tls: explicitly disallow disconnect [auto: cve already created]
	7f1ff1b38a7c net: libwx: handle page_pool_dev_alloc_pages error [auto: cve already created]
	e3ea2eae7069 drm/i915/huc: Fix fence not released on early probe errors [auto: cve already created]
	aa1ac98268cd s390/cpumf: Fix double free on error in cpumf_pmu_event_init() [auto: cve already created]
	b3bf8f63e617 net_sched: sch_sfq: move the limit validation [auto: cve already created]
	f0df00ebc57f x86/cpu: Avoid running off the end of an AMD erratum table [auto: cve already created]
	9502dd5c7029 smb: client: fix UAF in decryption with multichannel [auto: cve already created]
	aabc6596ffb3 net: ppp: Add bound checking for skb data on ppp_sync_txmung [auto: cve already created]
	38e8844005e6 iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group [auto: cve already created]
	c70ca298036c perf/core: Simplify the perf_event_alloc() error path [auto: cve already created]
	56799bc03565 perf: Fix hang while freeing sigtrap event [auto: cve already created]
	208baa3ec904 pm: cpupower: bench: Prevent NULL dereference on malloc failure
	ad546940b599 x86/ia32: Leave NULL selector values 0~3 unchanged
	7f35b429802a perf/dwc_pcie: fix duplicate pci_dev devices [auto: cve already created]
	52323ed1444e PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() [auto: cve already created]
	22a05462c3d0 HID: pidff: Fix null pointer dereference in pidff_find_fields
	1b24394ed5c8 wifi: ath12k: fix memory leak in ath12k_pci_remove() [auto: cve already created]
	ecfc13138992 wifi: ath12k: Avoid memory leak while enabling statistics [auto: cve already created]
	f195fc060c73 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
	43130d02baa1 page_pool: avoid infinite loop to schedule delayed worker
	9629d7d66c62 jfs: Fix uninit-value access of imap allocated in the diMount() function [auto: cve already created]
	b61e69bb1c04 jfs: Prevent copying of nlink with value 0 from disk inode [auto: cve already created]
	ddf2846f22e8 jfs: add sanity check for agwidth in dbMount [auto: cve already created]
	ec34cdf4f917 fs/jfs: Prevent integer overflow in AG size calculation
	e6494977bd4a f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() [auto: cve already created]
	c8e008b60492 ext4: ignore xattrs past end [auto: cve already created]
	a018d1cf990d scsi: st: Fix array overflow in st_setup()
	7511e29cf135 btrfs: harden block_group::bg_list against list_del() races
	27b918007d96 net: vlan: don't propagate flags on open [auto: cve already created]
	459777724d30 drm/xe/vf: Don't try to trigger a full GT reset if VF [auto: cve already created]
	c87d202692de drm/amd/display: Guard Possible Null Pointer Dereference
	f0b4440cdc18 drm/amdkfd: Fix mode1 reset crash issue
	fe9d0061c413 drm/amdkfd: debugfs hang_hws skip GPU with MES
	1435e895d4fc drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
	18056a48669a PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type [auto: cve already created]
	4efd8ef5e40f fbdev: omapfb: Add 'plane' value check
	7ca59947b5fc pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
	4936cd5817af media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization [auto: cve already created]
	f4b211714bcc media: venus: hfi: add a check to handle OOB in sfr region [auto: cve already created]
	69baf245b23e media: venus: hfi: add check to handle incorrect queue size [auto: cve already created]
	250f25367b58 KVM: arm64: Tear down vGIC on failed vCPU creation
	ddc210cf8b8a mtd: rawnand: brcmnand: fix PM resume warning
	d893da85e06e accel/ivpu: Fix PM related deadlocks in MS IOCTLs
	172bf5a9ef70 media: venus: hfi_parser: add check to avoid out of bound access [auto: cve already created]
	9edaaa8e3e15 media: venus: hfi_parser: refactor hfi packet parsing logic [auto: cve already created]
	c60d101a226f net: stmmac: Fix accessing freed irq affinity_hint [auto: cve already created]
	6889ae1b4df1 io_uring/net: fix io_req_post_cqe abuse by send bundle [auto: cve already created]
	9a6f56762d23 accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
	3371f569223c arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() [auto: cve already created]
	d48b663f410f arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() [auto: cve already created]
	0686a818d77a bus: mhi: host: Fix race between unprepare and queue_buf [auto: cve already created]
	94824ac9a8aa ext4: fix off-by-one error in do_split [auto: cve already created]
	17d253af4c2c tpm: do not start chip while suspended [auto: cve already created]
	c8222ef6cf29 soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() [auto: cve already created]
	bd496a44f041 i3c: Add NULL pointer check in i3c_master_queue_ibi() [auto: cve already created]
	e6eff39dd0fe jbd2: remove wrong sb->s_sequence check
	4cdf1d2a816a mfd: ene-kb3930: Fix a potential NULL pointer dereference [auto: cve already created]
	443041deb5ef mptcp: fix NULL pointer in can_accept_new_subflow [auto: cve already created]
	a13bfa4fe0d6 arm64: mops: Do not dereference src reg for a set operation
	276822a00db3 backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() [auto: cve already created]
	767e22001dfc iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()
	0bb2f7a1ad1f net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. [auto: cve already created]
	f1a69a940de5 sctp: detect and prevent references to a freed transport in sendmsg [auto: cve already created]
	dd941507a948 tracing: fprobe events: Fix possible UAF on modules
	b4885bd5935b cifs: avoid NULL pointer dereference in dbg call
	ef01cac401f1 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses [auto: cve already created]
	f6cb7828c8e1 misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error [auto: cve already created]
	e3260237aaad PCI: pciehp: Avoid unnecessary device replacement check
	f9208aec8622 PCI: Fix reference leak in pci_register_host_bridge()
	40369bfe717e spi: fsl-qspi: use devm function instead of driver remove
	5df5dafc171b Bluetooth: hci_uart: Fix another race during initialization
	e3f88665a780 HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition [auto: cve already created]
	8be6cb7f77c1 UPSTREAM: usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries [auto: cve already created]