Linux 7.0.9 released 🔥 TL;DR • AMD: major VCN/VCE/GFX11/SMU fixes • Intel: Xe IPU6 AtomISP fixes • Qualcomm: better Adreno GPU recovery • DRM PRIME UAF race fixed • sched_ext cgroup deadlock fixes • virtio-vsock / SCTP / batman-adv stability & security fixes 🖥️ Graphics / Display • AMD: VCN3 / VCN4 video decode fixes → avoids overflow / out-of-bounds parsing issues in AMDGPU video engines • AMD: VCE / IB parsing hardening → prevents bad address patches and adds bounds checks in command parsing • AMD: GFX11 APU fix → avoids reset-related failures when unloading/reloading AMDGPU on newer APUs • AMD: SMU v14.0.x power-management fix → corrects FeatureCtrlMask handling on newer AMD GPUs • AMD: Hawaii / Radeon legacy fixes → improves memory-clock workaround & revision handling on older GCN cards • AMD: display pipeline precision fix → restores better dithering / >10bpc output precision • Intel: Xe driver fixes → rejects invalid PAT index usage & fixes GGTT BO leak • All vendors: DRM PRIME handle race fix → prevents potential use-after-free • Broadcom / Raspberry Pi V3D: prevents malicious userspace extension chain from pegging CPU core forever • Qualcomm / Adreno: GPU recovery fix → hung GPUs now recover properly instead of staying stuck • Apple/x86 Macs: Apple Touch Bar DRM vmalloc fix • TI AM69: DisplayPort regulator GPIO fix → improves DP / DP-to-HDMI adapter stability ⚙️ CPU / Scheduler / Power • All vendors: sched_ext fix → avoids stale runqueue state during bypass load balancing • All vendors: cgroup deadlock fix → prevents systemd/container teardown hangs • All vendors: mmap/VMA cleanup fix → avoids invalid unmap attempts • AMD/Xilinx Versal NET: EDAC memory-controller leak fix • Qualcomm ARM64: PCIe reference-clock suspend fix 🌐 Networking / Virtualization • Virtio-vsock: fixes accept-queue leak → avoids listeners eventually rejecting all connections • Virtio-vsock: fixes monitor/tap payload handling for non-linear packets • Vsock: fixes socket-buffer clamp ordering • SCTP: fixes dangerous type-confusion path • batman-adv mesh: fixes teardown races & integer overflow issues 💾 Storage / Filesystems • SPI/controller cleanup fixes → safer driver unbind/rebind handling • Embedded/ARM regulator & resource cleanup fixes → fewer leaks and invalid cleanup paths 📷 Media / Cameras / Video • Intel IPU6: fixes ERR_PTR dereference in probe path • Intel AtomISP: disables unsafe private IOCTLs • Qualcomm Iris video: fixes use-after-free in buffer release • Raspberry Pi / Sony IMX283: fixes long hangs when restarting camera streams • Rockchip camera interface: fixes NULL-deref risk on stream start 🔐 Security / Hardening • AMDGPU parser hardening → additional bounds checks in video/command parsers • DRM PRIME race fix → prevents potential UAF • V3D validation fix → blocks infinite-loop CPU DoS • SCTP type-confusion fix → blocks dangerous indirect-call path • AtomISP unsafe IOCTLs disabled → smaller attack surface cdn.kernel.org/pub/linux/ker…

Last week in Linux: CVE-2026-43485: nouveau/gsp: drop WARN_ON in ACPI probes 2026-05-13 15:08 UTC CVE-2026-43484: mmc: core: Avoid bitfield RMW for claim/retune flags 2026-05-13 15:08 UTC CVE-2026-43483: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated 2026-05-13 15:08 UTC CVE-2026-43482: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work 2026-05-13 15:08 UTC CVE-2026-43481: net-shapers: don't free reply skb after genlmsg_reply() 2026-05-13 15:08 UTC CVE-2026-43480: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition 2026-05-13 15:08 UTC CVE-2026-43479: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect 2026-05-13 15:08 UTC CVE-2026-43478: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put 2026-05-13 15:08 UTC CVE-2026-43489: liveupdate: luo_file: remember retrieve() status 2026-05-13 15:08 UTC CVE-2026-43488: usb: xhci: Prevent interrupt storm on host controller error (HCE) 2026-05-13 15:08 UTC CVE-2026-43487: ata: libata-core: Disable LPM on ST1000DM010-2EP102 2026-05-13 15:08 UTC CVE-2026-43486: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults 2026-05-13 15:08 UTC CVE-2026-43476: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() 2026-05-13 15:08 UTC CVE-2026-43477: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL 2026-05-13 15:08 UTC CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present 2026-05-11 6:26 UTC CVE-2026-43452: netfilter: x_tables: guard option walkers against 1-byte tail reads 2026-05-08 14:23 UTC CVE-2026-43461: spi: amlogic: spifc-a4: Fix DMA mapping error handling 2026-05-08 14:23 UTC CVE-2026-43460: spi: rockchip-sfc: Fix double-free in remove() callback 2026-05-08 14:23 UTC CVE-2026-43459: ASoC: soc-core: flush delayed work before removing DAIs and widgets 2026-05-08 14:23 UTC CVE-2026-43458: serial: caif: hold tty->link reference in ldisc_open and ser_release 2026-05-08 14:23 UTC CVE-2026-43457: mctp: i2c: fix skb memory leak in receive path 2026-05-08 14:23 UTC CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() 2026-05-08 14:23 UTC CVE-2026-43455: mctp: route: hold key->lock in mctp_flow_prepare_output() 2026-05-08 14:23 UTC CVE-2026-43475: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT 2026-05-08 14:23 UTC CVE-2026-43474: fs: init flags_valid before calling vfs_fileattr_get 2026-05-08 14:23 UTC CVE-2026-43473: scsi: mpi3mr: Add NULL checks when resetting request and reply queues 2026-05-08 14:23 UTC CVE-2026-43472: unshare: fix unshare_fs() handling 2026-05-08 14:23 UTC CVE-2026-43454: netfilter: nf_tables: Fix for duplicate device in netdev hooks 2026-05-08 14:23 UTC CVE-2026-43471: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() 2026-05-08 14:23 UTC CVE-2026-43470: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir 2026-05-08 14:23 UTC CVE-2026-43469: xprtrdma: Decrement re_receiving on the early exit paths 2026-05-08 14:23 UTC CVE-2026-43468: net/mlx5: Fix deadlock between devlink lock and esw->wq 2026-05-08 14:23 UTC CVE-2026-43467: net/mlx5: Fix crash when moving to switchdev mode 2026-05-08 14:23 UTC CVE-2026-43466: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery 2026-05-08 14:23 UTC CVE-2026-43465: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ 2026-05-08 14:23 UTC CVE-2026-43464: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ 2026-05-08 14:23 UTC CVE-2026-43463: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() 2026-05-08 14:23 UTC CVE-2026-43462: net: spacemit: Fix error handling in emac_tx_mem_map() 2026-05-08 14:23 UTC CVE-2026-43453: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() 2026-05-08 14:23 UTC CVE-2026-43417: sched/mmcid: Handle vfork()/CLONE_VM correctly 2026-05-08 14:22 UTC CVE-2026-43426: usb: renesas_usbhs: fix use-after-free in ISR during device removal 2026-05-08 14:22 UTC CVE-2026-43425: usb: image: mdc800: kill download URB on timeout 2026-05-08 14:22 UTC CVE-2026-43424: usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling 2026-05-08 14:22 UTC CVE-2026-43423: usb: gadget: f_ncm: Fix atomic context locking issue 2026-05-08 14:22 UTC CVE-2026-43422: usb: legacy: ncm: Fix NPE in gncm_bind 2026-05-08 14:22 UTC CVE-2026-43421: usb: gadget: f_ncm: Fix net_device lifecycle with device_move 2026-05-08 14:22 UTC CVE-2026-43451: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path 2026-05-08 14:23 UTC CVE-2026-43450: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() 2026-05-08 14:22 UTC CVE-2026-43449: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set 2026-05-08 14:22 UTC CVE-2026-43448: nvme-pci: Fix race bug in nvme_poll_irqdisable() 2026-05-08 14:22 UTC CVE-2026-43447: iavf: fix PTP use-after-free during reset 2026-05-08 14:22 UTC CVE-2026-43420: ceph: fix i_nlink underrun during async unlink 2026-05-08 14:22 UTC CVE-2026-43446: accel/amdxdna: Fix runtime suspend deadlock when there is pending job 2026-05-08 14:22 UTC CVE-2026-43445: e1000/e1000e: Fix leak in DMA error cleanup 2026-05-08 14:22 UTC CVE-2026-43444: drm/amdkfd: Unreserve bo if queue update failed 2026-05-08 14:22 UTC CVE-2026-43443: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition 2026-05-08 14:22 UTC CVE-2026-43442: io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops 2026-05-08 14:22 UTC CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled 2026-05-08 14:22 UTC CVE-2026-43440: net/mana: Null service_wq on setup error to prevent double destroy 2026-05-08 14:22 UTC CVE-2026-43439: cgroup: fix race between task migration and iteration 2026-05-08 14:22 UTC CVE-2026-43438: sched_ext: Remove redundant css_put() in scx_cgroup_init() 2026-05-08 14:22 UTC CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() 2026-05-08 14:22 UTC CVE-2026-43419: ceph: fix memory leaks in ceph_mdsc_build_path() 2026-05-08 14:22 UTC CVE-2026-43436: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces 2026-05-08 14:22 UTC CVE-2026-43435: rust_binder: fix oneway spam detection 2026-05-08 14:22 UTC CVE-2026-43434: rust_binder: check ownership before using vma 2026-05-08 14:22 UTC CVE-2026-43433: rust_binder: avoid reading the written value in offsets array 2026-05-08 14:22 UTC CVE-2026-43432: usb: xhci: Fix memory leak in xhci_disable_slot() 2026-05-08 14:22 UTC CVE-2026-43431: xhci: Fix NULL pointer dereference when reading portli debugfs files 2026-05-08 14:22 UTC CVE-2026-43430: usb: yurex: fix race in probe 2026-05-08 14:22 UTC CVE-2026-43429: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts 2026-05-08 14:22 UTC CVE-2026-43428: USB: core: Limit the length of unkillable synchronous timeouts 2026-05-08 14:22 UTC CVE-2026-43427: usb: class: cdc-wdm: fix reordering issue in read code path 2026-05-08 14:22 UTC CVE-2026-43418: sched/mmcid: Prevent CID stalls due to concurrent forks 2026-05-08 14:22 UTC CVE-2026-43383: net/tcp-md5: Fix MAC comparison to be constant-time 2026-05-08 14:21 UTC CVE-2026-43392: sched_ext: Fix starvation of scx_enable() under fair-class saturation 2026-05-08 14:22 UTC CVE-2026-43391: nsfs: tighten permission checks for handle opening 2026-05-08 14:22 UTC CVE-2026-43390: nstree: tighten permission checks for listing 2026-05-08 14:21 UTC CVE-2026-43389: mm: memfd_luo: always dirty all folios 2026-05-08 14:21 UTC CVE-2026-43388: mm/damon/core: clear walk_control on inactive context in damos_walk() 2026-05-08 14:21 UTC CVE-2026-43387: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() 2026-05-08 14:21 UTC CVE-2026-43416: powerpc, perf: Check that current->mm is alive before getting user callchain 2026-05-08 14:22 UTC CVE-2026-43415: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend 2026-05-08 14:22 UTC CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free 2026-05-08 14:22 UTC CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() 2026-05-08 14:22 UTC CVE-2026-43386: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie 2026-05-08 14:21 UTC CVE-2026-43412: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start 2026-05-08 14:22 UTC CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() 2026-05-08 14:22 UTC CVE-2026-43410: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled 2026-05-08 14:22 UTC CVE-2026-43409: kprobes: avoid crash when rmmod/insmod after ftrace killed 2026-05-08 14:22 UTC CVE-2026-43408: ceph: add a bunch of missing ceph_path_info initializers 2026-05-08 14:22 UTC CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() 2026-05-08 14:22 UTC CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header() 2026-05-08 14:22 UTC CVE-2026-43405: libceph: Use u32 for non-negative values in ceph_monmap_decode() 2026-05-08 14:22 UTC CVE-2026-43404: mm: Fix a hmm_range_fault() livelock / starvation problem 2026-05-08 14:22 UTC CVE-2026-43403: nsfs: tighten permission checks for ns iteration ioctls 2026-05-08 14:22 UTC CVE-2026-43385: net: Fix rcu_tasks stall in threaded busypoll 2026-05-08 14:21 UTC CVE-2026-43402: kthread: consolidate kthread exit paths to prevent use-after-free 2026-05-08 14:22 UTC CVE-2026-43401: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() 2026-05-08 14:22 UTC CVE-2026-43400: drm/amdgpu: add upper bound check on user inputs in signal ioctl 2026-05-08 14:22 UTC CVE-2026-43399: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl 2026-05-08 14:22 UTC CVE-2026-43398: drm/amdgpu: add upper bound check on user inputs in wait ioctl 2026-05-08 14:22 UTC CVE-2026-43397: drm/bridge: samsung-dsim: Fix memory leak in error path 2026-05-08 14:22 UTC CVE-2026-43396: drm/xe/sync: Fix user fence leak on alloc failure 2026-05-08 14:22 UTC CVE-2026-43395: drm/xe/sync: Cleanup partially initialized sync on parse failure 2026-05-08 14:22 UTC CVE-2026-43394: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit() 2026-05-08 14:22 UTC CVE-2026-43393: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() 2026-05-08 14:22 UTC CVE-2026-43384: net/tcp-ao: Fix MAC comparison to be constant-time 2026-05-08 14:21 UTC CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision 2026-05-08 14:21 UTC CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow 2026-05-08 14:21 UTC CVE-2026-43358: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() 2026-05-08 14:21 UTC CVE-2026-43357: iio: gyro: mpu3050-core: fix pm_runtime error handling 2026-05-08 14:21 UTC CVE-2026-43356: iio: imu: adis: Fix NULL pointer dereference in adis_init 2026-05-08 14:21 UTC CVE-2026-43355: iio: light: bh1780: fix PM runtime leak on error path 2026-05-08 14:21 UTC CVE-2026-43382: batman-adv: Avoid double-rtnl_lock ELP metric worker 2026-05-08 14:21 UTC CVE-2026-43381: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep 2026-05-08 14:21 UTC CVE-2026-43354: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq 2026-05-08 14:21 UTC CVE-2026-43380: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read 2026-05-08 14:21 UTC CVE-2026-43379: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() 2026-05-08 14:21 UTC CVE-2026-43378: smb: server: fix use-after-free in smb2_open() 2026-05-08 14:21 UTC CVE-2026-43377: ksmbd: Don't log keys in SMB3 signing and encryption key generation 2026-05-08 14:21 UTC CVE-2026-43376: ksmbd: fix use-after-free by using call_rcu() for oplock_info 2026-05-08 14:21 UTC CVE-2026-43375: net: mctp: fix device leak on probe failure 2026-05-08 14:21 UTC CVE-2026-43374: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry 2026-05-08 14:21 UTC CVE-2026-43373: net: ncsi: fix skb leak in error paths 2026-05-08 14:21 UTC CVE-2026-43372: net: dsa: microchip: Fix error path in PTP IRQ setup 2026-05-08 14:21 UTC CVE-2026-43371: net: macb: Shuffle the tx ring before enabling tx 2026-05-08 14:21 UTC CVE-2026-43353: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue 2026-05-08 14:21 UTC CVE-2026-43370: drm/amdgpu: Fix use-after-free race in VM acquire 2026-05-08 14:21 UTC CVE-2026-43369: drm/amd: Fix NULL pointer dereference in device cleanup 2026-05-08 14:21 UTC CVE-2026-43368: drm/i915: Fix potential overflow of shmem scatterlist length 2026-05-08 14:21 UTC CVE-2026-43367: drm/amd: Fix a few more NULL pointer dereference in device cleanup 2026-05-08 14:21 UTC CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle 2026-05-08 14:21 UTC CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values 2026-05-08 14:21 UTC CVE-2026-43364: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() 2026-05-08 14:21 UTC CVE-2026-43363: x86/apic: Disable x2apic on resume if the kernel expects so 2026-05-08 14:21 UTC CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() 2026-05-08 14:21 UTC CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes 2026-05-08 14:21 UTC CVE-2026-43351: KVM: arm64: Eagerly init vgic dist/redist on vgic creation 2026-05-08 14:21 UTC CVE-2026-43352: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue 2026-05-08 14:21 UTC CVE-2026-43350: smb: client: require a full NFS mode SID before reading mode bits 2026-05-08 13:41 UTC CVE-2026-43348: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER 2026-05-08 13:41 UTC CVE-2026-43349: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer 2026-05-08 13:41 UTC CVE-2026-43347: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region 2026-05-08 13:39 UTC CVE-2026-43346: ice: ptp: don't WARN when controlling PF is unavailable 2026-05-08 13:39 UTC CVE-2026-43344: perf/x86/intel/uncore: Fix die ID init and look up bugs 2026-05-08 13:39 UTC CVE-2026-43345: net: ipa: fix event ring index not programmed for IPA v5.0 2026-05-08 13:39 UTC CVE-2026-43343: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free 2026-05-08 13:37 UTC CVE-2026-43342: usb: gadget: f_rndis: Protect RNDIS options with mutex 2026-05-08 13:37 UTC CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers 2026-05-08 13:37 UTC CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill 2026-05-08 13:37 UTC CVE-2026-43321: bpf: Properly mark live registers for indirect jumps 2026-05-08 13:26 UTC CVE-2026-43320: drm/amd/display: Fix dsc eDP issue 2026-05-08 13:26 UTC CVE-2026-43319: spi: spidev: fix lock inversion between spi_lock and buf_lock 2026-05-08 13:26 UTC CVE-2026-43318: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify 2026-05-08 13:26 UTC CVE-2026-43317: most: core: fix leak on early registration failure 2026-05-08 13:26 UTC CVE-2025-71302: drm/panthor: fix for dma-fence safe access rules 2026-05-08 13:26 UTC CVE-2026-43316: media: solo6x10: Check for out of bounds chip_id 2026-05-08 13:26 UTC CVE-2025-71300: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" 2026-05-08 13:15 UTC CVE-2025-71301: drm/tests: shmem: Hold reservation lock around vmap/vunmap 2026-05-08 13:15 UTC CVE-2026-43314: dm: remove fake timeout to avoid leak request 2026-05-08 13:12 UTC CVE-2026-43315: KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding 2026-05-08 13:12 UTC CVE-2026-43290: media: uvcvideo: Return queued buffers on start_streaming() failure 2026-05-08 13:11 UTC CVE-2026-43289: kexec: derive purgatory entry from symbol 2026-05-08 13:11 UTC CVE-2026-43288: ext4: move ext4_percpu_param_init() before ext4_mb_init() 2026-05-08 13:11 UTC CVE-2026-43287: drm: Account property blob allocations to memcg 2026-05-08 13:11 UTC CVE-2026-43286: mm/hugetlb: restore failed global reservations to subpool 2026-05-08 13:11 UTC CVE-2026-43285: mm/slab: do not access current->mems_allowed_seq if !allow_spin 2026-05-08 13:11 UTC CVE-2026-43313: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() 2026-05-08 13:12 UTC CVE-2026-43312: media: i2c: ov5647: Initialize subdev before controls 2026-05-08 13:12 UTC CVE-2026-43311: soc/tegra: pmc: Fix unsafe generic_handle_irq() call 2026-05-08 13:12 UTC CVE-2025-71299: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing 2026-05-08 13:11 UTC CVE-2026-43310: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC 2026-05-08 13:12 UTC CVE-2026-43309: md raid: fix hang when stopping arrays with metadata through dm-raid 2026-05-08 13:12 UTC CVE-2026-43308: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() 2026-05-08 13:12 UTC CVE-2026-43307: iio: accel: adxl380: Avoid reading more entries than present in FIFO 2026-05-08 13:12 UTC CVE-2026-43306: bpf: crypto: Use the correct destructor kfunc type 2026-05-08 13:12 UTC CVE-2026-43305: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path 2026-05-08 13:12 UTC CVE-2026-43304: libceph: define and enforce CEPH_MAX_KEY_LEN 2026-05-08 13:12 UTC CVE-2026-43303: mm/page_alloc: clear page->private in free_pages_prepare() 2026-05-08 13:12 UTC CVE-2026-43302: drm/v3d: Set DMA segment size to avoid debug warnings 2026-05-08 13:12 UTC CVE-2026-43301: media: chips-media: wave5: Fix PM runtime usage count underflow 2026-05-08 13:12 UTC CVE-2025-71298: drm/tests: shmem: Hold reservation lock around madvise 2026-05-08 13:11 UTC CVE-2026-43300: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() 2026-05-08 13:12 UTC CVE-2026-43299: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() 2026-05-08 13:12 UTC CVE-2026-43298: drm/amdgpu: Skip vcn poison irq release on VF 2026-05-08 13:12 UTC CVE-2026-43297: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() 2026-05-08 13:12 UTC CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky 2026-05-08 13:12 UTC CVE-2026-43295: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() 2026-05-08 13:12 UTC CVE-2026-43294: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels 2026-05-08 13:11 UTC CVE-2026-43293: media: chips-media: wave5: Fix kthread worker destruction in polling mode 2026-05-08 13:11 UTC CVE-2026-43292: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node 2026-05-08 13:11 UTC CVE-2026-43291: net: nfc: nci: Fix parameter validation for packet data 2026-05-08 13:11 UTC CVE-2025-71296: drm/tests: shmem: Hold reservation lock around purge 2026-05-08 13:11 UTC CVE-2025-71297: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() 2026-05-08 13:11 UTC CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags 2026-05-08 7:21 UTC CVE-2025-71285: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels 2026-05-06 11:32 UTC CVE-2025-71294: drm/amdgpu: fix NULL pointer issue buffer funcs 2026-05-06 11:32 UTC CVE-2025-71293: drm/amdgpu/ras: Move ras data alloc before bad page check 2026-05-06 11:32 UTC CVE-2025-71292: jfs: nlink overflow in jfs_rename 2026-05-06 11:32 UTC

The article shows an interesting scenario of how a NULL-pointer-dereference can lead to a more severe memory corruption. It also demonstrates a few techniques of shaping vmalloc memory for exploitation.

From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise. Full technical breakdown inside, #vmalloc exploitation technique included! blog.quarkslab.com/nvidia_gp…

Authors demonstrate how to leak the addresses of the physmap, vmemmap, and vmalloc memory regions, addresses of page tables of all levels, addresses of kernel stacks, and addresses of various kernel objects including msg_msg, pipe_buffer, cred, file, and seq_file.

忘備録) arm(32bit)の Kernel Parameter の vmalloc= は arch/arm/mm/mmu.c のここで定義されている。 elixir.bootlin.com/linux/v6.…

ちなみに、Linux Kernel v6.1.108 のソースコードを調べてみたところ、Kernel Parameter で vmalloc= が指定できるのは、arm(32bit) と x86 だけで、あとは、別の方法が必要っぽい。まあ、64bit CPU の場合はもともと仮想アドレス空間自体が広いから問題ないのかもしれない。

Our most recent release enabled the upstream kernel hardware memory tagging implementation covering the kernel slab, page_alloc and non-executable vmalloc allocators: grapheneos.org/releases#2025… It's not as good as our hardened_malloc implementation of MTE and needs to be improved.

Would a PR to the Linux kernel uncapping shebang lengths be accepted? Like currently it's 257 chars 1 null, for the average case that buffer could be reused but if it's longer just vmalloc()? Yes, I desperately need few thousand character long shebang lines. Don't ask why

Pumpkin shaped vmalloc memory to make the stack out-of-bounds access land in an eBPF bytecode allocation and used the write primitive to overwrite the eBPF bytecode as it was being JITed.

Process Address Space Layout for a 32-Bit System (x86) 1. The address space is divided into user space (0 to 3G) and kernel space (3G to 4G), with various segments including code, data, bss, heap, mmap, stack, command line parameters, and environment variables. 2. Kernel address space starts at 0xc0000000 and includes linear and high-end memory areas for mechanisms like vmalloc and fixmap. 3. The minimum 16MB of physical memory in x86 systems is reserved for DMA operations. High memory allows access to physical memory beyond low memory limits, essential for 32-bit systems. 4. In 64-bit systems, high memory is less critical due to the ability to directly address larger memory sizes My Book On Operating System [In-Progress]: github.com/mohitmishra786/my…

credit: @vmalloc

The kernel thread stacks also do not need to be next to each other. The kernel allocates virtual memory pages for the thread's stack using vmalloc, or reuses a previously cached stack. If you use the pthread interface, you can even set the stack address of a thread using pthread_attr_setstack.

고양이와 함께 kmalloc, vmalloc 의 차이점에 대해 알아보아요

これを見て理解できる人向け　 U-Boot 2013.01-g61bc23a (Oct 30 2014 - 09:56:41) - 1.4.0.11 CPU0: P2041, Version: 2.0, (0x82100120) Core: E500MC, Version: 3.2, (0x80230032) Clock Configuration: CPU0:1500 MHz, CPU1:1500 MHz, CPU2:1500 MHz, CPU3:1500 MHz, CCB:750 MHz, DDR:666.667 MHz (1333.333 MT/s data rate) (Asynchronous), LBC:23.437 MHz FMAN1: 375 MHz QMAN: 375 MHz PME: 375 MHz L1: D-cache 32 kB enabled I-cache 32 kB enabled Reset Configuration Word (RCW): 00000000: 12600000 00000000 24240000 00000000 00000010: 5860a0c0 f3c02000 58000000 01000000 00000020: 00000000 00000000 00000000 d05b0302 00000030: 00000000 00000000 00000000 00000000 Board: Accton AS6700_32X I2C: ready SPI: ready DRAM: Initializing....using SPD Detected UDIMM XW1618E2GM-K-AO 2 GiB (DDR3, 64-bit, CL=9, ECC on) Testing 0x00000000 - 0x7fffffff Remap DDR POST memory PASSED L2: 128 KB enabled Corenet Platform Cache: 1024 KB enabled Using SERDES configuration 0x16, lane settings: SERDES: bank 3 disabled MMC: FSL_SDHC: 0 SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB EEPROM: Invalid ID (92 11 0b 08) EEPROM: SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB TlvInfo v1 len=163 PCIe1: Root Complex of Slot 1, no link, regs @ 0xfe200000 PCIe1: Bus 00 - 00 PCIe2: Root Complex of Slot 2, x2, regs @ 0xfe201000 02:00.0 - 14e4:b850 - Network controller PCIe2: Bus 01 - 02 PCIe3: Root Complex of Slot 3, no link, regs @ 0xfe202000 PCIe3: Bus 03 - 03 In: serial Out: serial Err: serial Net: Initializing Fman Fman1: DTSEC1 set to unknown interface 12 Fman1: DTSEC2 set to unknown interface 12 Fman1: DTSEC5 set to unknown interface 12 SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB Fman1: Uploading microcode version 106.1.9 FM1@DTSEC3, FM1@DTSEC4 QSFP module 1 is present. QSFP module 2 is present. SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB SF: Detected S25FL512S_256K with page size 512 Bytes, erase size 256 KiB, total 64 MiB Hit any key to stop autoboot: 0 (Re)start USB... USB0: USB EHCI 1.00 scanning bus 0 for devices... 2 USB Device(s) found USB1: USB EHCI 1.00 scanning bus 1 for devices... 2 USB Device(s) found scanning usb for storage devices... 1 Storage Device(s) found reading switchlight-loader 7658625 bytes read in 2313 ms (3.2 MiB/s) WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 10000000 ... Image Name: Image Type: PowerPC Linux Multi-File Image (gzip compressed) Data Size: 7658561 Bytes = 7.3 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 4236343 Bytes = 4 MiB Image 1: 3391597 Bytes = 3.2 MiB Image 2: 30601 Bytes = 29.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 10000000 ... ## Flattened Device Tree from multi component Image at 10000000 Booting using the fdt at 0x107464f8 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2fcc3000, end 2ffff06d ... OK Loading Device Tree to 03fe5000, end 03fff788 ... OK WARNING: could not find compatible node fsl-usb2-mph or fsl-usb2-dr: FDT_ERR_NOTFOUND. Using Accton AS6700_32X machine description Memory CAM mapping: 256/256/256 Mb, residual: 1280Mb Linux version 3.8.13-OpenNetworkLinux-e500mc-1.5 (bsn@sbs2) (gcc version 4.7.2 (Debian 4.7.2-4) ) #1 SMP Tue May 5 18:45:07 PDT 2015 Found initrd at 0xefcc3000:0xeffff06d No /soc@ffe000000/qman@318000 property 'fsl,qman-fqd', using memblock_alloc(0000000000400000) No /soc@ffe000000/qman@318000 property 'fsl,qman-pfdr', using memblock_alloc(0000000002000000) Qman ver:0a01,01,02 No /soc@ffe000000/bman@31a000 property 'fsl,bman-fbpr', using memblock_alloc(0000000001000000) Bman ver:0a02,01,00 pme: No /soc@ffe000000/pme@316000 property 'fsl,pme-pdsr', using memblock_alloc(0x0000000001000000) pme: No /soc@ffe000000/pme@316000 property 'fsl,pme-sre', using memblock_alloc(0x0000000000a00000) No USDPAA memory, no 'usdpaa_mem' bootarg CPU maps initialized for 1 thread per core bootconsole [udbg0] enabled setup_arch: bootmem Accton AS6700_32X board from Freescale Semiconductor arch: exit Zone ranges: DMA [mem 0x00000000-0x2fffffff] Normal empty HighMem [mem 0x30000000-0x7fffffff] Movable zone start for each node Early memory node ranges node 0: [mem 0x00000000-0x7fffffff] MMU: Allocated 1088 bytes of context maps for 255 contexts PERCPU: Embedded 8 pages/cpu @c1969000 s8960 r8192 d15616 u32768 Built 1 zonelists in Zone order, mobility grouping on. Total pages: 520192 Kernel command line: console=ttyS0,115200 sl_platform=powerpc-accton-as6700-32x-r1 PID hash table entries: 4096 (order: 2, 16384 bytes) Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) Memory: 1920776k/2097152k available (8692k kernel code, 176376k reserved, 324k data, 560k bss, 272k init) Kernel virtual memory layout: * 0xfff5f000..0xfffff000 : fixmap * 0xffc00000..0xffe00000 : highmem PTEs * 0xffbfa000..0xffc00000 : early ioremap * 0xf1000000..0xffbfa000 : vmalloc & ioremap Hierarchical RCU implementation. RCU debugfs-based tracing is enabled. RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=4. NR_IRQS:512 nr_irqs:512 16 mpic: Setting up MPIC " OpenPIC " version 1.2 at ffe040000, max 4 CPUs mpic: ISU size: 512, shift: 9, mask: 1ff mpic: Initializing for 512 sources clocksource: timebase mult[2aaaaaab] shift[24] registered Console: colour dummy device 80x25 pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 512 mpic: requesting IPIs... e500 family performance monitor hardware support registered Brought up 4 CPUs devtmpfs: initialized NET: Registered protocol family 16 Found FSL PCI host bridge at 0x0000000ffe200000. Firmware bus number: 0->0 PCI host bridge /pcie@ffe200000 (primary) ranges: MEM 0x00000000d0000000..0x00000000d7ffffff -> 0x00000000d0000000 IO 0x00000000f8000000..0x00000000f800ffff -> 0x0000000000000000 /pcie@ffe200000: PCICSRBAR @ 0xff000000 EDAC PCI0: Giving out device to module 'MPC85xx_edac' controller 'mpc85xx_pci_err': DEV 'ffe200000.pcie' (INTERRUPT) MPC85xx_edac acquired irq 482 for PCI Err MPC85xx_edac PCI err registered Found FSL PCI host bridge at 0x0000000ffe201000. Firmware bus number: 0->1 PCI host bridge /pcie@ffe201000 ranges: MEM 0x00000000d8000000..0x00000000dfffffff -> 0x00000000d8000000 IO 0x00000000f8010000..0x00000000f801ffff -> 0x0000000000000000 /pcie@ffe201000: PCICSRBAR @ 0xff000000 EDAC PCI1: Giving out device to module 'MPC85xx_edac' controller 'mpc85xx_pci_err': DEV 'ffe201000.pcie' (INTERRUPT) MPC85xx_edac acquired irq 481 for PCI Err MPC85xx_edac PCI err registered Found FSL PCI host bridge at 0x0000000ffe202000. Firmware bus number: 0->0 PCI host bridge /pcie@ffe202000 ranges: MEM 0x00000000e0000000..0x00000000e7ffffff -> 0x00000000e0000000 IO 0x00000000f8020000..0x00000000f802ffff -> 0x0000000000000000 /pcie@ffe202000: PCICSRBAR @ 0xff000000 EDAC PCI2: Giving out device to module 'MPC85xx_edac' controller 'mpc85xx_pci_err': DEV 'ffe202000.pcie' (INTERRUPT) MPC85xx_edac acquired irq 480 for PCI Err MPC85xx_edac PCI err registered PCI: Probing PCI hardware fsl-pci ffe200000.pcie: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x0000-0xffff] pci_bus 0000:00: root bus resource [mem 0xd0000000-0xd7ffffff] pci_bus 0000:00: root bus resource [bus 00-ff] pci 0000:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring pci 0000:00:00.0: PCI bridge to [bus 01-ff] fsl-pci ffe201000.pcie: PCI host bridge to bus 0001:02 pci_bus 0001:02: root bus resource [io 0x20000-0x2ffff] (bus address [0x0000-0xffff]) pci_bus 0001:02: root bus resource [mem 0xd8000000-0xdfffffff] pci_bus 0001:02: root bus resource [bus 02-ff] PCIE error(s) detected pci 0001:02:00.0: Primary bus is hard wired to 0 pci 0001:02:00.0: bridge configuration invalid ([bus 01-01]), reconfiguring pci 0001:02:00.0: PCI bridge to [bus 03-ff] PCIE ERR_DR register: 0x80020000 PCIE ERR_CAP_STAT register: 0x80000001 PCIE ERR_CAP_R0 register: 0x00000800 PCIE ERR_CAP_R1 register: 0x00000000 PCIE ERR_CAP_R2 register: 0x00000000 PCIE ERR_CAP_R3 register: 0x00000000 fsl-pci ffe202000.pcie: PCI host bridge to bus 0002:04 pci_bus 0002:04: root bus resource [io 0x40000-0x4ffff] (bus address [0x0000-0xffff]) pci_bus 0002:04: root bus resource [mem 0xe0000000-0xe7ffffff] pci_bus 0002:04: root bus resource [bus 04-ff] pci 0002:04:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring pci 0002:04:00.0: PCI bridge to [bus 05-ff] PCI: Cannot allocate resource region 0 of device 0000:00:00.0, will remap PCI: Cannot allocate resource region 0 of device 0001:02:00.0, will remap PCI: Cannot allocate resource region 0 of device 0002:04:00.0, will remap pci 0000:00:00.0: BAR 0: can't assign mem (size 0x1000000) pci 0000:00:00.0: BAR 9: can't assign mem pref (size 0x200000) pci 0000:00:00.0: PCI bridge to [bus 01] pci 0000:00:00.0: bridge window [io 0x0000-0xffff] pci 0000:00:00.0: bridge window [mem 0xd0000000-0xd7ffffff] pci 0001:02:00.0: BAR 0: can't assign mem (size 0x1000000) pci 0001:02:00.0: BAR 9: can't assign mem pref (size 0x200000) pci 0001:02:00.0: PCI bridge to [bus 03] pci 0001:02:00.0: bridge window [io 0x20000-0x2ffff] pci 0001:02:00.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0002:04:00.0: BAR 0: can't assign mem (size 0x1000000) pci 0002:04:00.0: BAR 9: can't assign mem pref (size 0x200000) pci 0002:04:00.0: PCI bridge to [bus 05] pci 0002:04:00.0: bridge window [io 0x40000-0x4ffff] pci 0002:04:00.0: bridge window [mem 0xe0000000-0xe7ffffff] Setting up RapidIO peer-to-peer network /rapidio@ffe0c0000 fsl-of-rio ffe0c0000.rapidio: Of-device full name /rapidio@ffe0c0000 fsl-of-rio ffe0c0000.rapidio: Regs: [mem 0xffe0c0000-0xffe0d0fff] bio: create slab <bio-0> at 0 vgaarb: loaded SCSI subsystem initialized usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb Bman err interrupt handler present Bman portal initialised, cpu 0 Bman portal initialised, cpu 1 Bman portal initialised, cpu 2 Bman portal initialised, cpu 3 Bman portals initialised Qman err interrupt handler present Qman portal initialised, cpu 0 Qman portal initialised, cpu 1 Qman portal initialised, cpu 2 Qman portal initialised, cpu 3 Qman portals initialised Bman: BPID allocator includes range 32:32 Qman: FQID allocator includes range 256:256 Qman: FQID allocator includes range 32768:32768 Qman: CGRID allocator includes range 0:256 Qman: pool channel allocator includes range 33:15 Switching to clocksource timebase NET: Registered protocol family 2 TCP established hash table entries: 8192 (order: 4, 65536 bytes) TCP bind hash table entries: 8192 (order: 4, 65536 bytes) TCP: Hash tables configured (established 8192 bind 8192) TCP: reno registered UDP hash table entries: 512 (order: 2, 16384 bytes) UDP-Lite hash table entries: 512 (order: 2, 16384 bytes) NET: Registered protocol family 1 RPC: Registered named UNIX socket transport module. RPC: Registered udp transport module. RPC: Registered tcp transport module. RPC: Registered tcp NFSv4.1 backchannel transport module. Trying to unpack rootfs image as initramfs... Freeing initrd memory: 3316k freed fsl-rcpm ffe0e2000.global-utilities: Freescale RCPM driver audit: initializing netlink socket (disabled) type=2000 audit(0.644:1): initialized bounce pool size: 64 pages HugeTLB registered 1 MB page size, pre-allocated 0 pages HugeTLB registered 4 MB page size, pre-allocated 0 pages HugeTLB registered 16 MB page size, pre-allocated 0 pages HugeTLB registered 64 MB page size, pre-allocated 0 pages HugeTLB registered 256 MB page size, pre-allocated 0 pages HugeTLB registered 1 GB page size, pre-allocated 0 pages squashfs: version 4.0 (2009/01/31) Phillip Lougher NFS: Registering the id_resolver key type Key type id_resolver registered Key type id_legacy registered NTFS driver 2.1.30 [Flags: R/O]. jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. msgmni has been set to 1326 io scheduler noop registered io scheduler deadline registered io scheduler cfq registered (default) Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled serial8250.0: ttyS0 at MMIO 0xffe11c500 (irq = 36) is a 16550A console [ttyS0] enabled, bootconsole disabled console [ttyS0] enabled, bootconsole disabled serial8250.0: ttyS1 at MMIO 0xffe11c600 (irq = 36) is a 16550A serial8250.0: ttyS2 at MMIO 0xffe11d500 (irq = 37) is a 16550A serial8250.0: ttyS3 at MMIO 0xffe11d600 (irq = 37) is a 16550A ePAPR hypervisor byte channel driver Generic non-volatile memory driver v1.1 brd: module loaded loop: module loaded st: Version 20101219, fixed bufsize 32768, s/g segs 256 fsl-sata ffe220000.sata: Sata FSL Platform/CSB Driver init scsi0 : sata_fsl ata1: SATA max UDMA/133 irq 68 fsl-sata ffe221000.sata: Sata FSL Platform/CSB Driver init scsi1 : sata_fsl ata2: SATA max UDMA/133 irq 69 of-flash fec000000.flash: do_map_probe() failed fsl_espi ffe110000.spi: master is unqueued, this is deprecated m25p80 spi32766.0: found s25fl512s, expected n25q512a13 m25p80 spi32766.0: s25fl512s (65536 Kbytes) 7 ofpart partitions found on MTD device spi32766.0 Creating 7 MTD partitions on "spi32766.0": 0x000000000000-0x000000100000 : "uboot" 0x000000100000-0x000000140000 : "uboot-env" 0x000000140000-0x000000180000 : "Fman-FW" 0x000000180000-0x0000001c0000 : "hw-info" 0x0000001c0000-0x0000009c0000 : "onie" 0x0000009c0000-0x0000029c0000 : "diag" 0x0000029c0000-0x000004000000 : "reserved" fsl_espi ffe110000.spi: at 0xf1136000 (irq = 53) libphy: Fixed MDIO Bus: probed libphy: Freescale PowerQUICC MII Bus: probed libphy: Freescale XGMAC MDIO Bus: probed FMAN(0) Fifo size settings: - Total buffers available(512 - 256B/buffer) - Total throughput(2Gbps) - Max frame size(1522B) - 1G ports TX 2(12 bufs set (min: 12)) - 1G ports RX 2(220 bufs set (min: 15)) - OH-HC ports 4(8) - Shared extra buffers(16) FMAN(0) open dma settings: - Total open dma available(32) - 1G ports TX 2(7) - 1G ports RX 2(7) - OH-HC ports 4(1) - Shared extra open dma(0) FMAN(0) Tnums settings: - Total Tnums available(128) - 1G ports TX 2(29) - 1G ports RX 2(30) - OH-HC ports 4(2) - Shared extra tnums(2) Freescale FM module (May 5 2015:18:44:39), FMD API version 21.1.0 Freescale FM Ports module (May 5 2015:18:44:35) dpaa_debugfs: FSL DPAA Ethernet debugfs entries () fsl_mac: mac.c:416:mac_load() fsl_mac: FSL FMan MAC API based driver () fsl_mac ffe4e0000.ethernet: of_get_mac_address(/soc@ffe000000/fman@400000/ethernet@e0000) failed fsl_mac: probe of ffe4e0000.ethernet failed with error -22 fsl_mac ffe4e4000.ethernet: of_get_mac_address(/soc@ffe000000/fman@400000/ethernet@e4000) failed fsl_mac: probe of ffe4e4000.ethernet failed with error -22 fsl_mac ffe4e6000.ethernet: FMan dTSEC version: 0x08240101 fsl_mac ffe4e6000.ethernet: FMan MAC address: 70:72:cf:ee:0a:ec fsl_dpa: FSL DPAA Ethernet driver () fsl_dpa ethernet.17: dev_get_drvdata(ffe4e4000.ethernet) failed fsl_dpa: probe of ethernet.17 failed with error -22 fsl_dpa: Probed interface eth0 fsl_dpa_shared: FSL DPAA Shared Ethernet driver () fsl_dpa_proxy: FSL DPAA Proxy initialization driver () fsl_oh: FSL FMan Offline Parsing port driver () e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI e1000: Copyright (c) 1999-2006 Intel Corporation. e1000e: Intel(R) PRO/1000 Network Driver - 2.1.4-k e1000e: Copyright(c) 1999 - 2012 Intel Corporation. ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver ehci-pci: EHCI PCI platform driver ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver fsl-ehci fsl-ehci.0: Freescale On-Chip EHCI Host Controller fsl-ehci fsl-ehci.0: new USB bus registered, assigned bus number 1 fsl-ehci fsl-ehci.0: irq 45, io mem 0xffe211000 fsl-ehci fsl-ehci.0: USB 2.0 started, EHCI 1.00 hub 1-0:1.0: USB hub found hub 1-0:1.0: 1 port detected /soc@ffe000000/usb@210000: Invalid 'dr_mode' property, fallback to host mode fsl-ehci fsl-ehci.1: Freescale On-Chip EHCI Host Controller fsl-ehci fsl-ehci.1: new USB bus registered, assigned bus number 2 fsl-ehci fsl-ehci.1: irq 44, io mem 0xffe210000 fsl-ehci fsl-ehci.1: USB 2.0 started, EHCI 1.00 hub 2-0:1.0: USB hub found hub 2-0:1.0: 1 port detected Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. i2c /dev entries driver mpc-i2c ffe118000.i2c: clock 97656 Hz (dfsrr=1 fdr=19) mpc-i2c ffe118000.i2c: timeout 1000000 us rtc-ds1672 0-0068: chip found, driver version 0.4 rtc-ds1672 0-0068: rtc core: registered rtc-ds1672 as rtc0 mpc-i2c ffe118100.i2c: clock 97656 Hz (dfsrr=1 fdr=19) mpc-i2c ffe118100.i2c: timeout 1000000 us mpc-i2c ffe119000.i2c: clock 97656 Hz (dfsrr=1 fdr=19) mpc-i2c ffe119000.i2c: timeout 1000000 us mpc-i2c ffe119100.i2c: clock 97656 Hz (dfsrr=1 fdr=19) mpc-i2c ffe119100.i2c: timeout 1000000 us i2c i2c-3: Added multiplexed i2c bus 4 i2c i2c-3: Added multiplexed i2c bus 5 i2c i2c-3: Added multiplexed i2c bus 6 i2c i2c-3: Added multiplexed i2c bus 7 pca954x 3-0070: registered 4 multiplexed busses for I2C switch pca9546 cpr_4011_4mxx 6-003e: chip found cpr_4011_4mxx 6-003e: hwmon1: psu 'cpr_4011_4mxx' cpr_4011_4mxx 6-003d: chip found cpr_4011_4mxx 6-003d: hwmon2: psu 'cpr_4011_4mxx' accton_i2c_cpld 1-0018: chip found accton_i2c_cpld 1-0019: chip found accton_i2c_cpld 1-001a: chip found accton_i2c_cpld 1-0020: chip found accton_i2c_cpld 1-0070: chip found accton_i2c_cpld 1-0031: chip found accton_i2c_cpld 1-0035: chip found acc_as6700_32x_psu 6-003a: chip found ata1: No Device OR PHYRDY change,Hstatus = 0xa0000000 ata1: SATA link down (SStatus 0 SControl 300) acc_as6700_32x_psu 6-003a: hwmon3: psu 'acc_as6700_32x_psu' acc_as6700_32x_psu 6-0052: chip found acc_as6700_32x_psu 6-0052: hwmon4: psu 'acc_as6700_32x_psu' acc_as6700_32x_psu 6-0039: chip found acc_as6700_32x_psu 6-0039: hwmon5: psu 'acc_as6700_32x_psu' acc_as6700_32x_psu 6-0051: chip found acc_as6700_32x_psu 6-0051: hwmon6: psu 'acc_as6700_32x_psu' hwmon hwmon7: accton_as5710_54x_fan hwmon hwmon8: accton_as6700_32x_fan ata2: No Device OR PHYRDY change,Hstatus = 0xa0000000 ata2: SATA link down (SStatus 0 SControl 300) booke_wdt: powerpc book-e watchdog driver loaded EDAC MC: Ver: 3.0.0 Freescale(R) MPC85xx EDAC driver, (C) 2006 Montavista Software EDAC MC0: Giving out device to 'MPC85xx_edac' 'mpc85xx_mc_err': DEV mpc85xx_mc_err MPC85xx_edac acquired irq 490 for MC MPC85xx_edac MC err registered sdhci: Secure Digital Host Controller Interface driver sdhci: Copyright(c) Pierre Ossman sdhci-pltfm: SDHCI platform and OF driver helper /soc@ffe000000/sdhc@114000: voltage-ranges unspecified mmc0: SDHCI controller on ffe114000.sdhc [ffe114000.sdhc] using ADMA Freescale USDPAA process driver fsl-usdpaa: no region found Freescale USDPAA process IRQ driver fsl-pme ffe316000.pme: ver: 0x00100201 Freescale pme2 db driver Freescale pme2 scan driver usb 1-1: new high-speed USB device number 2 using fsl-ehci fsl-pme2-scan: device pme_scan registered fsl-of-rman ffe1e0000.rman: Of-device /soc@ffe000000/rman@1e0000 initialized fsl-of-rman ffe1e0000.rman: RMan inbound block0 initialized. fsl-of-rman ffe1e0000.rman: RMan inbound block1 initialized. fsl-of-rman ffe1e0000.rman: RMan inbound block2 initialized. fsl-of-rman ffe1e0000.rman: RMan inbound block3 initialized. Freescale hypervisor management driver fsl-hv: no hypervisor found TCP: cubic registered Initializing XFRM netlink socket NET: Registered protocol family 10 NET: Registered protocol family 17 NET: Registered protocol family 15 Key type dns_resolver registered fsl_dpa_macless: FSL DPAA MACless Ethernet driver () rtc-ds1672 0-0068: setting system clock to 2023-07-03 04:55:56 UTC (1688360156) Freeing unused kernel memory: 272k freed hub 1-1:1.0: USB hub found hub 1-1:1.0: 3 ports detected usb 2-1: new high-speed USB device number 2 using fsl-ehci scsi2 : usb-storage 2-1:1.0 scsi 2:0:0:0: Direct-Access ATP ATP IG eUSB 1100 PQ: 0 ANSI: 4 sd 2:0:0:0: [sda] 3930112 512-byte logical blocks: (2.01 GB/1.87 GiB) sd 2:0:0:0: Attached scsi generic sg0 type 0 sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] No Caching mode page present sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] No Caching mode page present sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sda2 sda3 sd 2:0:0:0: [sda] No Caching mode page present sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] Attached SCSI disk dosfsck 3.0.12, 29 Oct 2011, FAT32, LFN /dev/sda2: 4 files, 9/124764 clusters mounted /dev/sda2 --> /mnt/flash dosfsck 3.0.12, 29 Oct 2011, FAT32, LFN /dev/sda3: 41 files, 63466/470200 clusters mounted /dev/sda3 --> /mnt/flash2 Found all mounts. ************************************************************ * SwitchLight Loader SWL-BCF-2.5.4 * * Platform: powerpc-accton-as6700-32x-r1 * Build: 2015.05.05.18.38 - 242fa9afacb39ef7a6996c1b21c685f167006d39 * Installer: Switch Light OS SWL-BCF-2.5.4 (powerpc.ztn,2015.05.05.18.38,242fa9afacb39ef7a6996c1b21c685f167006d39) * ************************************************************ [ boot-config ] NETDEV=ma1 NETAUTO=dhcp BOOTMODE=ztn RECOVER=mkfs Press Control-C now to enter loader shell [ Starting Autoboot ] [ Configuring Interfaces ] udhcpc (v1.20.2) started Sending discover... Sending discover... Sending discover... Sending discover... Sending discover... Sending discover... Sending discover... Sending discover... Sending discover...

(CVE-2024-25741)[usb/f_printer] WARNING in usb_ep_queue spinics.net/lists/linux-usb/… (CVE-2024-25740)Memory leak in ubi_attach lore.kernel.org/lkml/0171b6c… (CVE-2024-25739)Zero-size vmalloc in ubi_read_volume_table groups.google.com/g/syzkalle… spinics.net/lists/kernel/msg… From Chenyuan Yang

Patches Updated To Tackle vmap/vmalloc Lock Contention That Can Yield ~12x Throughput phoronix.com/news/Vmalloc-vm…

[改定]メモリ確保 (kmalloc, vmalloc) linux.coresv.com/2023/08/24/… 本章のメモリ確保とは、mallocの様な関数を用いて、動的にメモリを確保する処理を示します。Linuxカーネルのメモリ確保関数として、kmallocやvmallocが用意されていますので、それぞれについて説明します。

Android OS上の某アプリで某ファイル形式を読み込むとカーネルパニックが起きて強制再起動されることがある。ダンプを見る限りメモリ不足でvmallocで失敗してるようだがユーザー空間の作業でカーネルパニックが起きるのは結構まずい。このバインダというやつが悪いのかな。

Authored 122 Linux kernel commits in 2022! 🥳 Almost all are KASAN/MTE-related: vmalloc tagging, better stack trace reporting for the tag-based modes, and various improvements for bug reporting and tests. git.kernel.org/pub/scm/linux…