CVE-2022-50200 selinux: Add boundary check in put_entry()

In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in putentry Just like nextentry, boundary check is necessary to prevent memory out-of-bound access...

CVE-2022-50198 ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omap3xxxprmlateinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50191 regulator: of: Fix refcount leak bug in of_get_regulation_constraints()

In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in ofgetregulationconstraints We should call the ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

CVE-2022-50185 drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in nisetmcspecialregisters The last case label can write two buffers 'mcregaddressj' and 'mcdataj' with 'j' offset equal to SMCNISLANDSMCREGISTERARRAYSIZE since there are no checks for th...

CVE-2022-50184 drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init

In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoderhdmi: Fix refcount leak in mesonencoderhdmiinit ofgraphgetremotenode returns remote device nodepointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount...

CVE-2022-50177 rcutorture: Fix ksoftirqd boosting timing and iteration

In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: 1 If nrcpus= maxcpus=, which means if the total number of CPUs is higher than those brought online at boot, then...

CVE-2022-50148 kernfs: fix potential NULL dereference in __kernfs_remove

In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in kernfsremove When lockdep is enabled, lockdepassertheldwrite would cause potential NULL pointer dereference. Fix the following smatch warnings: fs/kernfs/dir.c:1353 kernfsremove warn:...

CVE-2022-50136 RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IWCMEVENTCONNECTREPLY event If siwrecvmparr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IWCMEVENTCONNECTREPLY in this case. This may trigge...

CVE-2022-50123 ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173rt5650rt5676devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Fix missing ofnodeput in error paths...

CVE-2022-50105 powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader

In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufsinitisolatedloader offindnodebypath returns remote device nodepointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50102

CVE-2022-50102 affects the Linux kernel’s fbdev arkfb driver. A user-controlled ioctl can cause a divide-by-zero in ark_set_pixclock, e.g. with hdiv=1, pixclock=1, hmul=2, producing (1*1)/2 = 0 and leading to division by zero later in arkfb.c when computing 1000000000 / pixclock. The vulnerabilit...

CVE-2022-50103

CVE-2022-50103: In the Linux kernel, sched/cpuset handling with cgroup v2 can lead to a panic when cpus_allowed is empty, causing dl_cpu_busy() to crash due to an out-of-bounds percpu access. The fix uses the effective_cpus mask instead of cpus_allowed, for both v1 (where they’re the same) and v2...

CVE-2022-50094 spmi: trace: fix stack-out-of-bound access in SPMI tracing functions

In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions tracespmiwritebegin and tracespmireadend both call memcpy with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified...

CVE-2022-50081

...

CVE-2022-50051 ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-50050 ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-50038 drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()

In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...

CVE-2022-50035 drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpubolist mutex If amdgpucsvmhandling returns r != 0, then it will unlock the bolistmutex inside the function amdgpucsvmhandling and again on amdgpucsparserfini. This problem results in the...

CVE-2022-50033 usb: host: ohci-ppc-of: Fix refcount leak bug

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

CVE-2022-49997 net: lantiq_xrx200: restore buffer if memory allocation failed

In the Linux kernel, the following vulnerability has been resolved: net: lantiqxrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer address is stored. When this descriptor is used again, the system panics in the buildskb function when...