CVE-2022-50166

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...

CVE-2022-50127

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

CVE-2022-50116

The CVE refers to a Linux kernel flaw in tty n_gsm where deadlocks and link starvation could occur in the outgoing data path under ldisc congestion. The fix adds an additional control-channel data queue and processes it before the user-channel queue in gsm_data_kick(), moving this work to a dedic...

CVE-2022-50116 tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

CVE-2022-50062

The CVE-2022-50062 issue concerns the Linux kernel net: bgmac path. A bug triggered by wrong bytes_compl can cause a kernel BUG_ON inside bgmac_dma_tx_free() when called from bgmac_poll(), due to a race between setting ring->end and netdev_sent_queue() and an RX interrupt. Reported on an ARM 4...

CVE-2022-50055

The CVE-2022-50055 entry pertains to the Linux kernel vulnerability in the iavf driver: Fix adminq error handling. The issue arises in iavf_alloc_asq_bufs/iavf_alloc_arq_bufs where DMA-coherent memory is allocated for the VF mailbox, and DMA regions for ASQ/ARQ were not freed if configuration err...

CVE-2022-50055

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...

CVE-2022-50028 gadgetfs: ep_io - wait until IRQ finishes

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio - wait until IRQ finishes after usbepqueue if waitforcompletioninterruptible is interrupted we need to wait until IRQ gets finished. Otherwise complete from epiocomplete can corrupt stack...

CVE-2022-50026

CVE-2022-50026 concerns a Linux kernel vulnerability where the NIC queue offset calculation could shift out of bounds during NIC queue validation. The root cause is related to how habanalabs/gaudi handling interacts with NIC queues, leading to potential out-of-bounds access. The CVSS metrics indi...

CVE-2022-50003 ice: xsk: prohibit usage of non-balanced queue id

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...

CVE-2022-50003

CVE-2022-50003 describes a Linux kernel issue in the ice driver where XSK (AF_XDP) pool assignment can occur for a non-balanced queue id, enabling an out-of-bounds access to the Rx ring when attaching an XSK socket in tx-only mode to a queue id without a corresponding Rx queue. The fix rewrites t...

CVE-2022-50003

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...

CVE-2022-50003 ice: xsk: prohibit usage of non-balanced queue id

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...

DEBIAN-CVE-2025-38039

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARNON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns -EINVAL and triggers a WARNON, leading to an...

DEBIAN-CVE-2025-38042

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skipfdq argument from k3udmaglueresetrxchn The user of k3udmaglueresetrxchn e.g. tiam65cpswnuss can run on multiple platforms having different DMA architectures. On some platforms there can be on...

DEBIAN-CVE-2025-38031

In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorderwork A recent patch that addressed a UAF introduced a reference count leak: the paralleldata refcount is incremented unconditionally, regardless of the return value of queuework. If the work...

DEBIAN-CVE-2025-38024

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x7d/0xa0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 inline printreport+0xcf/0x610...

UBUNTU-CVE-2025-38042

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skipfdq argument from k3udmaglueresetrxchn The user of k3udmaglueresetrxchn e.g. tiam65cpswnuss can run on multiple platforms having different DMA architectures. On some platforms there can be on...

UBUNTU-CVE-2025-38031

In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorderwork A recent patch that addressed a UAF introduced a reference count leak: the paralleldata refcount is incremented unconditionally, regardless of the return value of queuework. If the work...

UBUNTU-CVE-2025-38035

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null skstatechange queue-statechange is set as part of nvmettcpsetqueuesock, but if the TCP connection isn't established when nvmettcpsetqueuesock is called then queue-statechange isn't set and...