Found bugs
newer first
fs: possible deadlock in do_iter_write/do_splice
net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl
net/ipv6: GPF in rt6_ifdown
net/ipv4: trying to register non-static key in ip_mc_clear_src
net/can: trying to register non-static key in can_rx_register
net: general protection fault in deactivate_slab
net/ipv4: use-after-free in add_grec
net/ipv6: use-after-free in ip6_dst_ifdown
tty: possible deadlock in tty_buffer_flush
net/ipv6: general protection fault in skb_release_data
CVE-2017-9242
drivers/net/hamradio: divide error in hdlcdrv_ioctl
tty: fix port buffer locking
kvm: warning in kvm_load_guest_fpu
drivers/scsi: GPF in sg_read
net/ipv4: use-after-free in ip_mc_drop_socket
CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077
net/ipv6: GPF in rt6_device_match
x86: warning: kernel stack regs has bad ‘bp’ value
net/key: slab-out-of-bounds in pfkey_compile_policy
net/ipv6: warning in inet6_ifa_finish_destroy
net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu
net/ipv6: slab-out-of-bounds in ip6_tnl_xmit
net/rose: null-ptr-deref in rose_route_frame
time: hang due to timer_create/timer_settime
net/core: BUG in unregister_netdevice_many
net/xfrm: stack-out-of-bounds in xfrm_state_find
net/bonding: stack-out-of-bounds in bond_enslave
net: ipv6: RTF_PCPU should not be settable from userspace
fs/notify/inotify: slab-out-of-bounds write in strcpy
net/ipv6: slab-out-of-bounds read in seg6_validate_srh
kernel BUG at mm/hugetlb.c:742!
net/key: slab-out-of-bounds in parse_ipsecrequests
net/ipv4: use-after-free in ipv4_datagram_support_cmsg
net/ipv4: use-after-free in ip_queue_xmit
net: use-after-free in __ns_get_path
net/ipv4: use-after-free in ip_check_mc_rcu
net/ipv6: use-after-free in ipv6_sock_ac_close
net/ipv4: use-after-free in ipv4_mtu
net/dccp: BUG in tfrc_rx_hist_sample_rtt
net/sctp: list double add warning in sctp_endpoint_add_asoc
kvm: use-after-free in srcu_reschedule
ata: WARNING in ata_bmdma_qc_issue
net/sched: GPF in qdisc_hash_add
sg: random memory corruptions
fs: GPF in deactivate_locked_super
loop: WARNING in sysfs_remove_group
lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm
ata: WARNING in ata_qc_issue
security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode
netlink: NULL timer crash
kvm: use-after-free function call in kvm_io_bus_destroy
sound: use-after-free in snd_seq_cell_alloc
usb: use-after-free write in usb_hcd_link_urb_to_ep
net/kcm: double free of kcm inode
crypto: out-of-bounds write in pre_crypt
security: double-free in superblock_doinit
kvm: WARNING in kvm_apic_accept_events
tcp: fix potential double free issue for fastopen_req
net/udp: slab-out-of-bounds Read in udp_recvmsg
net: deadlock between ip_expire/sch_direct_xmit
srcu: BUG in __synchronize_srcu
net/sctp: recursive locking in sctp_do_peeloff
kvm: WARNING in vmx_handle_exit
futex: use-after-free in futex_wait_requeue_pi
kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update
kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds
local privilege escalation flaw in n_hdlc
CVE-2017-2636
netlink: GPF in netlink_unicast
perf: use-after-free in perf_release
net/ipv6: null-ptr-deref in ip6mr_sk_done
bpf: kernel NULL pointer dereference in map_get_next_key
crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0
sound: another deadlock in snd_seq_pool_done
rcu: WARNING in rcu_seq_end
fs: use-after-free in path_lookupat
ucount: use-after-free read in inc_ucount & dec_ucount
net/ipv4: division by 0 in tcp_select_window
net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone
mm: use-after-free in zap_page_range
net/kcm: use-after-free in kcm_wq
idr: use-after-free write in ida_get_new_above
sg: stack out-of-bounds write in sg_write
CVE-2017-7187
cgroup: WARNING in cgroup_kill_sb
net/rds: use-after-free in rds_find_bound/memcmp
net: sleeping function called from invalid context in net_enable_timestamp
net: use-after-free in neigh_timer_handler/sock_wfree
net/sctp: use-after-free in sctp_association_put
fs: use-after-free in userfaultfd_exit
net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert
net/ipv4: suspicious RCU usage in ip_ra_control
net/ipv4: deadlock in ip_ra_control
net/dccp: dccp_create_openreq_child freed held lock
nested_vmx_merge_msr_bitmap
ipc: use-after-free in shm_get_unmapped_area
sounds: deadlocked processed in snd_seq_pool_done
net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context
ata: WARNING in ata_sff_qc_issue
net/rds: use-after-free in inet_create
mm: fault in __do_fault
kvm: WARNING in nested_vmx_vmexit
net: GPF in rt6_nexthop_info
sound: spinlock lockup in snd_timer_user_tinterrupt
mm: GPF in bdi_put
net/sctp: use-after-free in sctp_hash_transport
net/bridge: warning in br_fdb_find
net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire
net: possible deadlock in skb_queue_tail
DCCP double-free vulnerability (local root)
CVE-2017-6074
net: warning in inet_sock_destruct
net/pptp: use-after-free in dst_release
net/udp: slab-out-of-bounds in udp_recvmsg/do_csum
CVE-2017-6347
WARNING in skb_warn_bad_offload
tty: panic in tty_ldisc_restore
net: BUG in __skb_gso_segment
net/dccp: use-after-free in dccp_feat_activate_values
net/kcm: GPF in kcm_sendmsg
net/xfrm: stack out-of-bounds in xfrm_flowi_sport
net/llc: BUG in llc_sap_state_process/skb_set_owner_r
CVE-2017-6345
net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic
net/packet: use-after-free in packet_rcv_fanout
net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce
net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub
net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy
net/ipv4: warning in nf_nat_ipv4_fn
net/ipv6: double free in ipip6_dev_free
sound: use-after-free in snd_seq_queue_alloc
loop: divide error in transfer_xor
net/xfrm: use of uninit spinlock in xfrm_policy_flush
mm: double-free in cgwb_bdi_init
packet: round up linear to header len
net/icmp: null-ptr-deref in ping_v4_push_pending_frames
net/kcm: WARNING in kcm_write_msgs
tcp: avoid infinite loop in tcp_splice_read()
CVE-2017-6214
tun: read vnet_hdr_sz once
macvtap: read vnet_hdr_size once
udp: properly cope with csum errors
ipv6: tcp: add a missing tcp_v6_restore_cb()
ip6_gre: fix ip6gre_err() invalid reads
CVE-2017-5897
ipv4: keep skb->dst around in presence of IP options
CVE-2017-5970
net: use a work queue to defer net_disable_timestamp() work
netlabel: out of bound access in cipso_v4_validate()
ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
net: heap out-of-bounds in ip6_fragment
CVE-2017-9074
tcp: fix 0 divide in __tcp_select_window()
keys: GPF in request_key
net/tcp: warning in tcp_try_coalesce/skb_try_coalesce
crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2
sound: unable to handle kernel paging request snd_seq_prioq_cell_out
scsi: BUG in scsi_init_io
mm: sleeping function called from invalid context shmem_undo_range
timerfd: use-after-free in timerfd_remove_cancel
scsi: use-after-free in sg_start_req
mm: deadlock between get_online_cpus/pcpu_alloc
BUG at net/sctp/socket.c:7425
kvm: use-after-free in irq_bypass_register_consumer
net: suspicious RCU usage in nf_hook
kvm: fix page struct leak in handle_vmon
CVE-2017-2596
ipv6: fix ip6_tnl_parse_tlv_enc_lim()
kvm: WARNING in mmu_spte_clear_track_bits
perf: use-after-free in perf_event_for_each
net: use-after-free in tw_timer_handler
namespace: deadlock in dec_pid_namespaces
sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats
kvm: deadlock in kvm_vgic_map_resources
net/atm: warning in alloc_tx/__might_sleep
net/ipv6: use-after-free in sock_wfree
kvm: kvm: BUG in loaded_vmcs_init
kvm: NULL deref in vcpu_enter_guest
kvm: use-after-free in complete_emulated_mmio
CVE-2017-2584
kvm: BUG in kvm_unload_vcpu_mmu
x86: warning in unwind_get_return_address
ipc: BUG: sem_unlock unlocks non-locked lock
kvm: WARNING in mmu_spte_clear_track_bits
sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport
kvm: use-after-free in process_srcu
kvm: assorted bugs after OOMs
kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common
netlink: GPF in netlink_dump
fs, net: deadlock between bind/splice on af_unix
net: use-after-free in worker_thread
net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts
CVE-2016-9793 CVE-2012-6704
net/can: warning in raw_setsockopt/__alloc_pages_slowpath
net/ipv6: null-ptr-deref in ip6_rt_cache_alloc
net/dccp: use-after-free in dccp_invalid_packet
net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info
net: BUG in unix_notinflight
net: GPF in eth_header
CVE-2016-9755
net: deadlock on genl_mutex
net: GPF in rt6_get_cookie
netlink: GPF in sock_sndtimeo
scsi: use-after-free in bio_copy_from_iter
CVE-2016-9576
net/udp: bug in skb_pull_rcsum
net/icmp: null-ptr-deref in icmp6_send
CVE-2016-9919
net/can: use-after-free in bcm_rx_thr_flush
kvm: slab-out-of-bounds write in __apic_accept_irq
CVE-2016-9777
mm: BUG in pgtable_pmd_page_dtor
logfs: GPF in logfs_alloc_inode
mm, floppy: unkillable task faulting on fd0
kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit
kvm: WARNING in em_jmp_far
CVE-2016-9756
kvm: WARNING in rtc_status_pending_eoi_check_valid
kvm: GPF in kvm_ioapic_set_irq
mm: BUG in munlock_vma_pages_range
kvm: WARNING in kvm_arch_vcpu_ioctl_run
kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast
kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one
kvm: BUG in pte_list_remove
kvm: recursive lock in kvm_clear_async_pf_completion_queue
kvm: WARNING in em_ret_far
kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue
kvm: GPF in gfn_to_rmap
kvm: paging fault in kvm_gfn_to_hva_cache_init
kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr
kvm: use-after-free in irq_bypass_register_consumer
kvm: WARNING in kvm_load_guest_fpu
kvm: GPF in kvm_pic_set_irq
kvm: GPF in irq_bypass_unregister_consumer
kvm: GPF in __get_kvmclock_ns
kvm: WARNING In kvm_apic_accept_events
kvm: WARNING in __x86_set_memory_region
tcp: take care of truncations done by sk_filter()
net/l2tp: use-after-free write in l2tp_ip6_close
net/sctp: null-ptr-deref in sctp_inet_listen
net/tcp: warning in tcp_recvmsg
net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla
bpf: kernel BUG in htab_elem_free
net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla
net/ipv6: null-ptr-deref in inet6_bind
net/dccp: null-ptr-deref in dccp_parse_options
net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb
net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match
net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep
net/can: warning in bcm_connect/proc_register
net/ipv4: warning in inet_sock_destruct
net/sctp: slab-out-of-bounds in sctp_sf_ootb
CVE-2016-9555
net/dccp: warning in dccp_set_state
net/netlink: bad unlock balance in netlink_diag_dump
net/netlink: null-ptr-deref in netlink_dump/lock_acquire
net/ipx: null-ptr-deref in ipxrtr_route_packet
net/sctp: use-after-free in __sctp_connect
fs: WARNING in locks_unlink_lock_ctx (not holding proper lock)
kernel BUG in dio_get_page
bpf related use-after-free
CVE-2016-4794
drm: GPF in drm_getcap
fs: GPF in bd_mount
tty, fbcon: use-after-free in fbcon_invert_region
drm: NULL pointer dereference in drm_mode_object_find()
6pack: stack-out-of-bounds in sixpack_receive_buf
logfs: GPF in logfs_init_inode
tty: use-after-free in n_tty_receive_buf_fast
sound: divide by 0 in snd_hrtimer_callback (or hang)
mm: GPF in __insert_vmap_area
fs, tty: WARNING in devpts_get_priv
fanotify: unkillable hanged processes
drm: GPF in drm_context_switch_complete
drm: GPF in drm_legacy_lock_free
sound: division by 0 in snd_hrtimer_callback
perf: WARNING in perf_event_read
drm: WARNING in drm_irq_by_busid
dri: WARNING in idr_remove
mm: use-after-free in collapse_huge_page
kcm: use-after-free in fput of kcm socket
bdev: fix NULL pointer dereference in sync()/close() race
bdev: fix NULL pointer dereference
BUG: sleeping function called from invalid context at mm/mempolicy.c:553
use-after-free in ppp_unregister_channel
net/tipc: NULL-ptr dereference in tipc_nl_publ_dump
HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
mm: memory corruption on mmput
perf: WARNING in perf_event_read
9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)
mm: page fault in __do_huge_pmd_anonymous_page
usb: memory allocation WARNING in hcd_buffer_alloc
dccp: potential deadlock in dccp_v4_ctl_send_reset
mm: GPF in find_get_pages_tag
mm: BUG in page_move_anon_rmap
block: GPF in get_task_ioprio
tty: stall in n_tty_ioctl/inq_canon
random: negative entropy/overflow: pool input count -40000
bpf: use after free in array_map_alloc
CVE-2016-4794
kvm: use-after-free in kvm_irqfd_release
kvm: GPF in kvm_lapic_set_tpr
sound: use-after-free in hrtimer_cancel
sound: hang in snd_timer_interrupt
sound: deadlock involving snd_hrtimer_callback
fs: GPF in locked_inode_to_wb_and_lock_list
x86: bad pte in pageattr_test
tty: memory leak in tty_open
net: memory leak due to CLONE_NEWNET
lockdep WARNING in get_online_cpus
mm: BUG in khugepaged_scan_mm_slot
sound: use-after-free in snd_timer_interrupt
scsi: machine hang due to write to /dev/sg0
AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way
sound: uninterruptible hang in snd_seq_oss_writeq_sync
fs: uninterruptible hang in handle_userfault
net: memory leak in N_6PACK driver
net: memory leak in lapb_register
net: memory leak in mkiss_open
sound: list corruption in delete_and_unsubscribe_port
kvm: GPF in kvm_pic_clear_all
kvm: GPF in kvm_irq_map_gsi
tty: memory leak in tty_register_driver
sound: memory leak in snd_seq_pool_init
tty: deadlock between tty_buffer_flush/n_tracesink_open
sound: heap out-of-bounds write in dummy_systimer_prepare
fs: NULL deref in atime_needs_update
sound: spinlock lockup in snd_seq_oss_write
net: memory leak in ip_cmsg_send
net/irda: BUG: looking up invalid subclass: 4294967295
CVE-2017-6348
sound: use-after-free in snd_timer_start1
tty: tty_struct memory leak
gigaset: memory leak in gigaset_initcshw
sound: out-of-bounds write in snd_rawmidi_kernel_write1
mm: uninterruptable tasks hanged on mmap_sem
sound: another WARNING in rawmidi_transmit_ack
sound: use-after-free in snd_seq_deliver_single_event
sound: WARNING in snd_rawmidi_kernel_write1
sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap
ata: BUG in ata_sff_hsm_move
WARNING in set_restore_sigmask
BUG: bad unlock balance detected in vma_unlock_anon_vma
bluetooth: use-after-free in vhci_send_frame
mm: another VM_BUG_ON_PAGE(PageTail(page))
scsi: NULL deref in sg_start_req
mm: BUG in expand_downwards
sound: heap out-of-bounds write in dummy_systimer_prepare
WARNING in do_jobctl_trap
mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind
net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
gpu: kmalloc size WARNING in vga_arb_write
net/rfkill: WARNING in rfkill_fop_read
sound: use-after-free in _snd_timer_stop
net/irda: use-after-free in ircomm_param_request
net/sctp: out-of-bounds access in sctp_add_bind_addr
ext4: BUG: scheduling while atomic in ext4_commit_super
sound: WARNING in snd_rawmidi_transmit_ack
floppy: GPF in floppy_rb0_cb
tty: kmalloc size WARNING in vc_do_resize
mm: WARNING in __delete_from_page_cache
sound: WARNING in snd_seq_oss_synth_cleanup
sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect
net: GPF in netlink_getsockbyportid
fs: use-after-free in link_path_walk
fs: sandboxed process brings host down
net: use-after-free in recvmmsg
struct pid memory leak
net: WARNING in dccp_set_state
mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list
sound: BUG in snd_ctl_find_numid
net: GPF in __netlink_ns_capable
crypto: slab-out-of-bounds in skcipher_recvmsg
net: hang in ip_finish_output
kvm: access to invalid memory in mmu_zap_unsync_children
kvm: using uninitialized var in tdp_page_fault
sound: spinlock lockup in sound/core/timer.c
sound: GPF in snd_timer_user_params
sound: use-after-free in snd_timer_interrupt
sound: use-after-free in snd_timer_user_ioctl
crypto: use-after-free in skcipher_sock_destruct
net/sctp: use-after-free in __sctp_connect
net: WARNING in tcp_recvmsg
sound: use-after-free in snd_timer_stop
sound: GPF in snd_seq_fifo_clear
crypto: ablk_decrypt causes BUG in scatterwalk
kvm: GPF in native_set_debugreg
kvm: GPF in kvm_lapic_latched_init
kvm: WARNING in kvm_apic_accept_events
kvm: vmalloc allocation failure in kvm_vm_ioctl
kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid
kvm: WARNING in __x86_set_memory_region
kvm: WARNING in exception_type
mm: possible deadlock in mm_take_all_locks
net/nfc: GPF in llcp_sock_getname
net/netlink: memory leak in netlink_sendmsg
net/tipc: memory leak in tipc_release
memory leak in lapb_create_cb
net/sctp: sctp_datamsg memory leak
net/sctp: sock memory leak
net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame
tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc
crypto: use-after-free in alg_bind
crypto: deadlock in alg_setsockopt
crypto: use-after-free in rng_recvmsg
use-after-free in skcipher_bind
9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl
fs: WARNING in locks_free_lock_context
net: user-controllable kmalloc size in __sctp_setsockopt_connectx
GPF in gf128mul_64k_bbe
use-after-free in hash_sock_destruct
GPF in lrw_crypt
bad page state due to PF_ALG socket
use-after-free in skcipher_sock_destruct
use-after-free in sixpack_close
net: heap-out-of-bounds in sock_setsockopt
BUG_ON(!PageLocked(page)) in munlock_vma_page
perf: stalls in perf_install_in_context/perf_remove_from_context
Information leak in sco_sock_bind
CVE-2015-8575
Information leak in llcp_sock_bind/llcp_raw_sock_bind
Information leak in pptp_bind
use-after-free in pptp_connect
GPF in keyctl
CVE-2015-7550
another use-after-free in sctp_do_sm
use-after-free in inet6_destroy_sock
WARNING in crypto_wait_for_test
int overflow in io_getevents
use-after-free in ip6_xmit
use-after-free in __perf_install_in_context
undefined shift in __bpf_prog_run
signed integer overflow in ktime_add_safe
jump label: negative count!
memory leak in alloc_huge_page
memory leak in do_ipv6_setsockopt
heap out-of-bounds access in array_map_update_elem
deadlock in perf_ioctl
user-controllable kmalloc size in bpf syscall
net: use after free in ip6_make_skb
user-controllable kmalloc size in sctp_getsockopt_local_addrs
use-after-free in ip6_setup_cork
gigaset: freeing an active object
Freeing active kobject in pps_device_destruct
GPF in process_one_work (flush_to_ldisc)
use-after-free in tty_check_change
WARNING in tcp_recvmsg
use-after-free in irtty_open
use-after-free in sock_wake_async
WARNING in handle_mm_fault
WARNING in gsm_cleanup_mux
use-after-free in sctp_do_sm
yet another uninterruptable hang in sendfile
GPF in add_key
another uninterruptable hang in sendfile
deadlock during fuseblk shutdown
tty,net: use-after-free in x25_asy_open_tty
deadlock between tty_write and tty_send_xchar
WARNING in shmem_evict_inode
Deadlock between setsockopt/getsockopt
Deadlock between bind and splice
Use-after-free in ipv4_conntrack_defrag
Use-after-free in selinux_ip_postroute_compat
Use-after-free in unshare
GPF in tcp_sk_init/icmp_sk_init
lockdep warning in ip_mc_msfget
WARNING in task_participate_group_stop
Resource leak in unshare
Paging fault with hard IRQs disabled in getsockopt
Unkillable processes due to PTRACE_TRACEME
Use-after-free in ep_remove_wait_queue
CVE-2013-7446
GPF in shm_lock
GPF in rt6_uncached_list_flush_dev
Infinite loop in ip6_fragment
Uninterruptable hang in sendfile
GPF in keyring_destroy
CVE-2015-7872