133 matches found
UBUNTU-CVE-2022-50242
In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnicsriovinit If vp alloc failed in qlcnicsriovinit, all previously allocated vp needs to be freed...
UBUNTU-CVE-2025-39680
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: Fix out-of-bounds bug in rtl9300i2csmbusxfer The data-block0 variable comes from user. Without proper check, the variable may be very large to cause an out-of-bounds bug. Fix this bug by checking the value of...
UBUNTU-CVE-2025-38654
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devmpinctrlregister to prevent using uninitialized pin resource...
UBUNTU-CVE-2025-38353
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...
UBUNTU-CVE-2025-38383
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in shownumainfo The following data-race was found in shownumainfo: ================================================================== BUG: KCSAN: data-race in vmallocinfoshow / vmallocinfoshow read to...
UBUNTU-CVE-2025-38348
In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54rxeepromreadback Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eepromreadback message with a large |eeprom-v1.len,...
UBUNTU-CVE-2025-38260
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly BUG There is syzbot based reproducer that can crash the kernel, with the following call trace: With some debug output added DEBUG: rescue=ibadroots parsed BTRFS: devic...
UBUNTU-CVE-2025-38237
In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...
UBUNTU-CVE-2025-38203
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfsioctrim Syzkaller Report Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 1 KASAN: null-ptr-deref in range 0x0000000000000438-0x000000000000043f CPU: 2 UID:...
UBUNTU-CVE-2022-50044
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1 Such event may be dropped by qcommhiqrtrdlcallback at check: if !qdev...
UBUNTU-CVE-2023-53048
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discoveridentity message Since both source and sink device can send discoveridentity message in PD3, kernel may dump below warning: ------------ cut here ------------ WARNING: CPU: 0 PID:...
UBUNTU-CVE-2022-49822
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it...
UBUNTU-CVE-2022-49811
In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the "connection" so use the safe iterator to prevent a use after free...
UBUNTU-CVE-2022-49804
In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for currentstackpointer Commit 30de14b1884b "s390: currentstackpointer shouldn't be a function" made currentstackpointer a global register variable like on many other architectures. Unfortunately...
UBUNTU-CVE-2025-37776
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smbbreakalllevIIoplock There is a room in smbbreakalllevIIoplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop...
UBUNTU-CVE-2025-22099
In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmpdpsub: Add NULL check in zynqmpaudioinit devmkasprintf calls can return null pointers on failure. But some return values were not checked in zynqmpaudioinit. Add NULL check in zynqmpaudioinit, avoid referencing...
UBUNTU-CVE-2025-21897
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix picktaskscx picking non-queued tasks when it's called without balance a6250aa251ea "schedext: Handle cases where picktaskscx is called without preceding balancescx" added a workaround to handle the cases where...
UBUNTU-CVE-2025-21963
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
UBUNTU-CVE-2023-52997
In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ipmetricsconvert if !type continue; if type RTAXMAX return -EINVAL; ... metricstype - 1 = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking...
UBUNTU-CVE-2025-21817
In the Linux kernel, the following vulnerability has been resolved: block: mark GFPNOIO around sysfs -store sysfs -store is called with queue freezed, meantime we have several -store callbacksupdatenrrequests, wbt, scheduler to allocate memory with GFPKERNEL which may run into direct reclaim code...