Skip to content

Wmingyu/DevGen-results

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

203 Commits
 
 
 
 
 
 

Repository files navigation

🐛 Kernel Bug Tracker

Welcome to my Kernel Bug Tracker repository! This repository serves as an open record of the kernel vulnerabilities discovered, analyzed, and reported to the upstream Linux Kernel community.

📄 Academic Artifact: This repository provides supplementary data, complete timelines, and patch histories for the academic paper: [DevGen].

📊 Status Legend

Symbol Status Description
🆕 Bug Reported Initial bug report sent to the mailing list, awaiting first response.
👀 Bug Confirmed Developers have acknowledged the bug or are actively debugging it.
💬 Needs Reply Ongoing discussion requiring follow-up or maintainers have asked questions.
🛠️ Patch Sent A fix patch has been submitted and is pending review.
Patch Accepted The patch is approved by maintainers (e.g., Reviewed-by) and merged or queued upstream.
WontFix The bug cannot be fixed (e.g., due to design choices or hardware limits).
🔄 Indirectly Fixed Indirectly resolved through upstream codebase refactoring or unrelated patches.

📜 Vulnerability List

Click on any vulnerability title to view the dedicated page with patch history and mailing list threads (lore.kernel.org).

ID Location Vulnerability & Details Status & Notes
#001 net/ethernet/packetengines/hamachi.c net: packetengines: remove obsolete hamachi driver Patch Accepted
#002 net/ethernet/packetengines/yellowfin.c net: packetengines: remove obsolete yellowfin driver Patch Accepted
#003 net/ipv6/udp.c Memory leak in udpv6_sendmsg() 👀Bug Confirmed
🔄 Indirectly Fixed
#004 gpu/drm/drm_gem.c Unvalidated negative handle in drm_gem_change_handle_ioctl 👀Bug Confirmed
#005 fs/hugetlbfs/inode.c
mm/vma.c
resv_map memory leak in __mmap_region() Patch Accepted
CVE-2026-46318
#006 i2c/i2c-dev.c Integer overflow in I2C_TIMEOUT ioctl Patch Accepted
CVE-2026-52948
Applied to all stable trees(v5.15-v7.0)
#007 char/agp/amd64-agp.c NULL ptr deref in amd64_fetch_size() Patch Accepted
CVE-2026-53325
#008 x86/kernel/smpboot.c WARN_ON in set_cpu_sibling_map via numa=fake 👀 Bug Confirmed
#009 net/ethernet/packetengines/hamachi.c Divide by zero in hamachi_init_one 👀 Bug Confirmed
#010 crypto/intel/qat/qat_common/adf_dev_mgr.c Use-After-Free in adf_devmgr_get_dev_by_id() Patch Accepted
#011 crypto/intel/qat/qat_common/adf_ctl_drv.c Local DoS via printk storm in QAT ioctls Patch Accepted
#012 i2c/busses/i2c-i801.c Hardware state machine corruption in i801_access() Patch Accepted
#013 watchdog/wdt_pci.c Shared IRQ storm in wdtpci_interrupt() 👀 Bug Confirmed
WontFix
#014 gpu/drm/ast/ast_2500.c Soft lockup in ast_2500_patch_ahb() 👀 Bug Confirmed
🛠️ Patch Sent
#015 bluetooth/hci_ldisc.c UAFs and race conditions in hci_uart lifecycle Patch Accepted
CVE-2026-46275
Applied to all stable trees(v5.10-v7.0)
#016 gpu/drm/vkms/vkms_crtc.c ABBA deadlock in vkms vblank timer Patch Accepted
CVE-2025-71315
#017 gpu/drm/vmwgfx/vmwgfx_vkms.c Hrtimer interrupt storm in vmw_vkms_enable_vblank() 👀 Bug Confirmed
🛠️ Patch Sent
#018 fs/fcntl.c SOFTIRQ-unsafe lock order deadlock in fasync signaling Patch Accepted
CVE-2026-52946
Applied to all stable trees(v5.10-v7.1)
#019 video/fbdev/core/fbcon.c Memory leak in fbcon_do_set_font() 🆕 Bug Reported
🛠️ Patch Sent
#020 gpu/drm/vkms/vkms_crtc.c Hrtimer livelock via unvalidated display mode 🔄 Indirectly Fixed
#021 gpu/drm/drm_prime.c rb_tree corruption in drm_prime_remove_buf_handle() 👀 Bug Confirmed
WontFix
On Hold
#022 net/qrtr/af_qrtr.c Refcount saturation and UAF in qrtr_port_remove() Patch Accepted
CVE-2026-52947
Applied to all stable trees(v5.10-v7.0)
#023 drivers/gpu/drm/drm_gem.c WARNING in idr_alloc via drm_gem_change_handle_ioctl Patch Accepted
CVE-2026-23149
#024 drivers/crypto/intel/qat/qat_common/adf_init.c Use-After-Free in adf_dev_up() 👀 Bug Confirmed
#025 drivers/net/wireless/mac80211_hwsim.c Context-recursion deadlock in mac80211_hwsim 👀Bug Confirmed
🔄 Indirectly Fixed
#026 drivers/i2c/busses/i2c-i801.c Interrupt storm in i801_isr() via invalid block read size 🆕 Bug Reported
#027 drivers/misc/ibmasm/module.c Page fault via undersized PCI BAR 0 in ibmasm 🆕 Bug Confirmed
#028 drivers/video/fbdev/core/fbcon.c Out-of-bounds read in err_out of fbcon_do_set_font() Patch Accepted
#029 drivers/i2c/busses/i2c-i801.c Stack-out-of-bounds in i801_isr_byte_done() 🆕 Bug Reported
🛠️ Patch Sent

🔗 Upstream Public Records

For transparency and independent verification of our upstream engagements, you can track the complete public mailing list activity of our research team members directly on the Linux Kernel archive (lore.kernel.org):

Note: These searches aggregate our patch submissions, bug reports, and technical discussions with kernel maintainers across various subsystem mailing lists.

About

Record all the bugs discovered by DevGen

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors