AZL-62767 CVE-2024-58006 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pciepcsetbar In commit 4284c88fff0e "PCI: designware-ep: Allow pciepcsetbar update inbound map address" setbar was modified to support dynamically changing the backing physical...

CVE-2025-21770 iommu: Fix potential memory leak in iopf_queue_remove_device()

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopfqueueremovedevice The iopfqueueremovedevice helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an...

CVE-2025-21754

The CVE-2025-21754 affects Linux kernel btrfs behavior. When a direct IO write triggers a transaction abort, ordered extents are marked with BTRFS_ORDERED_IOERR, and if an ordered extent still has bytes remaining, btrfs_split_ordered_extent() asserts on flags. The documented root cause is an asse...

CVE-2025-21746 Input: synaptics - fix crash when enabling pass-through port

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse...

CVE-2024-58013 Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in...

CVE-2025-21727 padata: fix UAF in padata_reorder

In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padatareorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padatafindnext+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm:...

CVE-2024-57987 Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtlsetuprealtek If insert an USB dongle which chip is not maintained in icidtable, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops...

CVE-2024-57984 i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dwi3cmaster driver due to race condition In dwi3ccommonprobe, &master-hjwork is bound with dwi3chjwork. And dwi3cmasterirqhandler can call dwi3cmasterirqhandleibis function to start the work. If we...

CVE-2024-57981 usb: xhci: Fix NULL pointer dereference on certain command aborts

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...

CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2022-49418

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...

UBUNTU-CVE-2022-49678

In the Linux kernel, the following vulnerability has been resolved: soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstbpmprobe offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount...

DEBIAN-CVE-2022-49229

In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual clocks, unregister the virtual clocks with it. This fixes the following oops, which can be triggered by...

CVE-2022-49725

Mode C: The CVE-2022-49725 issue affects the Linux kernel i40e driver (VF/PF path) where a race between PF reset and ethtool -t diag_test could let i40e_vsi_close sequence overlap and crash. The fix adds a guard to diag_test to skip offline tests while PF is resetting and logs a failure path (net...

CVE-2022-49696 tipc: fix use-after-free Read in tipc_named_reinit

In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipcnamedreinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipcnamedreinit+0x94f/0x9b0...

CVE-2022-49697 bpf: Fix request_sock leak in sk lookup helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

CVE-2022-49592 net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

CVE-2022-49592

CVE-2022-49592 affects the Linux kernel driver net/stmmac: a left-shift overflow in MTL_RXQ_DMA_MAP1 occurs when the number of TX/RX queues exceeds four, due to a 32‑bit mask calculation. UBSAN reports show a shift-out-of-bounds during UBSAN checks, leading to a potential warning path in dwmac4_c...

CVE-2022-49583 iavf: Fix handling of dummy receive descriptors

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without this patch, when...

CVE-2022-49554 zsmalloc: fix races between asynchronous zspage free and page migration

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been...