SUSE CVE-2022-50123

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173rt5650rt5676devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Fix missing ofnodeput in error paths...

CVE-2022-50087

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

UBUNTU-CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2022-50213 netfilter: nf_tables: do not allow SET_ID to refer to another table

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not allow SETID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set ma...

CVE-2022-50194 soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: aoss: Fix refcount leak in qmpcoolingdevicesregister Every iteration of foreachavailablechildofnode decrements the reference count of the previous node. When breaking early from a foreachavailablechildofnode loop, we...

CVE-2022-50167 bpf: fix potential 32-bit overflow when accessing ARRAY map element

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...

CVE-2022-50009 f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fsgetdnodeofdata There is issue as follows when test f2fs atomic write: F2FS-fs loop0: Can't find valid F2FS filesystem in 2th superblock F2FS-fs loop0: invalid crcoffset: 0 F2FS-fs loop0:...

CVE-2022-50006 NFSv4.2 fix problems with __nfs42_ssc_open

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with nfs42sscopen A destination server while doing a COPY shouldn't accept using the passed in filehandle if its not a regular filehandle. If allocfilepseudo has failed, we need to decrement a reference on th...

CVE-2022-49978 fbdev: fb_pm2fb: Avoid potential divide by zero error

In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero error In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from user, then go through fbsetvar and info-fbops-fbcheckvar which could may be pm2fbcheckvar. Along...

CVE-2025-38057 espintcp: fix skb leaks

In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfreeskb...

CVE-2025-38034 btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelimref arguments in btrfsprelimref btrfsprelimref calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to...

CVE-2025-38028 NFS/localio: Fix a race in nfs_local_open_fh()

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfslocalopenfh Once the clp-cluuid.lock has been dropped, another CPU could come in and free the struct nfsdfile that was just added. To prevent that from happening, take the RCU read lock before droppi...

CVE-2025-38006

CVE-2025-38006 affects the Linux kernel MCTP path: in net/mctp, mctp_dump_addrinfo may read uninitialized memory from ifaddrmsg when filtering by ifa_index if the struct isaddrmsg is not provided. This can occur during certain netlink dumps (e.g., from syzkaller/busybox ip addr show). The issue i...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Do not issue a warning if iocg was already offline. In iocgpaydebt, a warning is triggered if ‘activelist’ is empty. This is intended to confirm that iocg is active when it has debts. However, a warning can still be...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: lan743x: Fixed the memory leak issue when GSO is enabled. The skb has always been mapped to the LS descriptor. Previously, the skb was mapped to the EXT descriptor when the number of fragments was zero and GSO was enabled...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A validation check for zero numsubauth is added before accessing subauth. Accessing psid-subauthpsid-numsubauth - 1 without checking whether numsubauth is non-zero can lead to an out-of-bounds read. This patch adds a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Protection of access to buffers is implemented, ensuring that buffers with no active references are not accessed directly. The function nilfslookupdirtydatabuffers iterates through buffers attached to dirty data...

CVE-2025-37996

The CVE-2025-37996 entry concerns the Linux kernel KVM/arm64 path where an uninitialized local memcache pointer in user_mem_abort() could be used via kvm_pgtable_stage2_map(). The underlying cause was partial initialization introduced by a prior commit, leaving a codepath that could fail on stage...

CVE-2025-37994 usb: typec: ucsi: displayport: Fix NULL pointer access

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsidisplayportwork workqueue to finish executing before proceeding with the partner removal...

CVE-2025-37975 riscv: module: Fix out-of-bounds relocation access

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows relj to access one element past the end of the relocation section. Simplify to numrelocations which is equivalent to the existing size expression...