10770 matches found
UBUNTU-CVE-2022-49291
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...
UBUNTU-CVE-2022-49455
In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible double free in ocxlfileregisterafu inforelease will be called in deviceunregister when info-dev's reference count is 0. So there is no need to call ocxlafuput and kfree again. Fix this by adding freeminor...
UBUNTU-CVE-2022-49406
In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blkiarangesysfsshow, there is no need to...
UBUNTU-CVE-2022-49251
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...
UBUNTU-CVE-2022-49499
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereferences without iommu Check if 'aspace' is set before using it as it will stay null without IOMMU, such as on msm8974...
UBUNTU-CVE-2022-49249
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 bytes...
UBUNTU-CVE-2022-49521
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfcsli4sendseqtoulp If no handler is found in lpfccompleteunsoliocb to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by returning resources when discardin...
DEBIAN-CVE-2022-49147
In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blkallocextminor idaallocrange..., min, max, ... returns values from min to max, inclusive. So, NREXTDEVT is a valid idx returned by blkallocextminor. This is an issue because in deviceadddis...
DEBIAN-CVE-2022-49082
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in scsihexpandernoderemove The function mpt3sastransportportremove called in scsihexpandernoderemove frees the port field of the sasexpander structure, leading to the following use-after-free spl...
CVE-2022-49065
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svcdeferredevent trace class Fix a NULL deref crash that occurs when an svcrqst is deferred while the sunrpc tracing subsystem is enabled. svcrevisit sets dr-xprt to NULL, so it can't be relied upon in the...
UBUNTU-CVE-2022-49095
In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap must be undone. Add the missing iounmap call in...
UBUNTU-CVE-2022-49179
In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq Our test report a UAF: 2073.019181 ================================================================== 2073.019188 BUG: KASAN: use-after-free in bfqputasyncbfqq+0xa0/0x168 2073.019191 Write of size 8...
UBUNTU-CVE-2022-49118
In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq, and this will cause a kernel BUG like...
CVE-2021-47656
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2clearxattrsubsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result...
CVE-2021-47655
In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: fixed possible memory leak issue The venushelperallocdpbbufs implementation allows an early return on an error path when checking the id from idaallocmin which would not release the earlier buffer allocation...
DEBIAN-CVE-2021-47656
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2clearxattrsubsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result...
DEBIAN-CVE-2021-47650
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that sndsocregistercard -sndsocbindcard-socinitpcmruntime -sndsocdaicompressnew-sndsocnewcompress. In the trace the 'codecdai' transfers from...
UBUNTU-CVE-2021-47656
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2clearxattrsubsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result...
CVE-2022-49508 HID: elan: Fix potential double free in elan_input_configured
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elaninputconfigured 'input' is a managed resource allocated with devminputallocatedevice, so there is no need to call inputfreedevice explicitly or there will be a double free. According to...
CVE-2022-49508
CVE-2022-49508 affects the Linux kernel HID elan driver. The issue was a potential double free in elan_input_configured because input may be freed explicitly via input_free_device() even though the device is managed by devm_input_allocate_device(). The devm framework guarantees automatic cleanup ...