CVE-2022-49838

In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: listdel corruption, ffffa035ddf01c18-next is NULL WARNING: CPU: 1 PID: 250682 at lib/listdebug.c:49 listdelentryvalid+0x59/0xe0...

CVE-2022-49834

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nswriter on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a l...

CVE-2022-49821

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, use putdevice to give up the reference...

CVE-2022-49782

In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in perfeventoverflow, which fires if pendingsigtrap was already set: returning to user space without consuming pendingsigtrap, and then having the...

CVE-2022-49773

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2configure warning on dcn314 Why dcn314 uses optc2configurecrc that wraps optc1configurecrc + set additional registers not applicable to dcn314. It's not critical but when used leads to warning like:...

CVE-2022-49762

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in ntfsattrfind. Because the ATTRRECORDs are next to each other, kernel can get the next ATTRRECORD from end address of current...

CVE-2025-23155

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once stmmacrequestirqmultim...

CVE-2025-37756

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago...

CVE-2025-23157

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: add check to avoid out of bound access There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to...

CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU: 0 PID: 74 ...

CVE-2025-23150

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

CVE-2025-37746

In the Linux kernel, the following vulnerability has been resolved: perf/dwcpcie: fix duplicate pcidev devices During platformdeviceregister, wrongly using struct device pcidev as platformdata caused a kmemdup copy of pcidev. Worse still, accessing the duplicated device leads to list corruption a...

CVE-2025-37776

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smbbreakalllevIIoplock There is a room in smbbreakalllevIIoplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop...

CVE-2025-37770

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

CVE-2025-37752

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the check at the end of the...

CVE-2025-37747

In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perfeventoverflow taskworkaddperfpendingtask fput...

CVE-2025-37742

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount function syzbot reports that hexdumptobuffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in...

CVE-2025-23153

In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: fix use of out-of-scope array in crct10difarch Fix a silly bug where an array was used outside of its scope...

CVE-2025-23154

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix ioreqpostcqe abuse by send bundle 114.987980 T5313 WARNING: CPU: 6 PID: 5313 at iouring/iouring.c:872 ioreqpostcqe+0x12e/0x4f0 114.991597 T5313 RIP: 0010:ioreqpostcqe+0x12e/0x4f0 115.001880 T5313 Call Trace:...

CVE-2025-23152

In the Linux kernel, the following vulnerability has been resolved: arm64/crc-t10dif: fix use of out-of-scope array in crct10difarch Fix a silly bug where an array was used outside of its scope...