CVE-2024-58016

In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handlepolicyupdate, triggering a warning in kmalloc. Check the size specified for write buffers...

CVE-2025-21792

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

CVE-2025-21767

In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in atomic context The following bug report happened with a PREEMPTRT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48...

CVE-2024-54456

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfssysfslinkrpcclient name is char64 where the size of clnt-clprogram-name remains unknown. Invoking strcat directly will also lead to potential buffer overflow. Change them to strscpy and...

CVE-2024-58007

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serialnumb...

CVE-2025-21776

In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...

CVE-2025-21787

In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...

CVE-2025-21724

In the Linux kernel, the following vulnerability has been resolved: iommufd/iovabitmap: Fix shift-out-of-bounds in iovabitmapoffsettoindex Resolve a UBSAN shift-out-of-bounds issue in iovabitmapoffsettoindex where shifting the constant "1" of type int by bitmap-mapped.pgshift an unsigned long val...

CVE-2025-21728

In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpfsendsignal kfunc, it will cause issues because this kfunc can...

CVE-2022-49534

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

CVE-2022-49530

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in siparsepowertable In function siparsepowertable, array adev-pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned with an error code...

CVE-2022-49528

In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: 59.305988 ------------ cut here ------------ 59.306417 WARNING: CPU: 2 PID: 395 at...

CVE-2022-49584

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriovnumvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to handle kernel paging...

CVE-2022-49587

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpnotsentlowat. While reading sysctltcpnotsentlowat, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49328

In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76txqschedule by protecting mtxq-wcid with rculock between mt76txqschedule and stainfoalloc, free. 18853.876689...

CVE-2022-49324

In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mipscpcdefaultphysbase Add the missing ofnodeput to release the refcount incremented by offindcompatiblenode...

CVE-2022-49304

In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios, which is shown below: Thread 1 | Thread 2 | sa1100enablems sa1100settermios | modtimer spinlockirqsave //1 | wait a time ... |...

CVE-2022-49247

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2BUFSTATEQUEUED If the callback 'startstreaming' fails, then all queued buffers in the driver should be returned with state 'VB2BUFSTATEQUEUED'. Currently, they are...

CVE-2022-49484

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix possible NULL pointer dereference in mt7915macfillrxvector Fix possible NULL pointer dereference in mt7915macfillrxvector routine if the chip does not support dbdc and the hw reports bandidx set to 1...

CVE-2022-49425

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it cur-page in this case could load an out-of-bounds/undefined value making it...