Important: kernel

Issue Overview: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. CVE-2023-31085 A flaw in the kernel Xen event handler can cause a deadlock with Xen conso...

DEBIAN-CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

CVE-2022-50568 usb: gadget: f_hid: fix f_hidg lifetime vs cdev

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch between the fhidg lifecycle and cdev, which could lead to reuse after release...

Linux Distros Unpatched Vulnerability : CVE-2022-50453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling...

EUVD-2023-59850

Malicious code in bioql PyPI...

EUVD-2022-55507

Malicious code in bioql PyPI...

EUVD-2022-55573

Malicious code in bioql PyPI...

EUVD-2025-31986

Malicious code in bioql PyPI...

CVE-2022-50453

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's...

CVE-2022-50453 gpiolib: cdev: fix NULL-pointer dereferences

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's...

CVE-2022-50453

CVE-2022-50453 affects the Linux kernel (gpiolib: cdev). The vulnerability arises from NULL-pointer dereferences when userspace can trigger GPIO syscalls on a hot-unplugged GPIO device, allowing races where a device is removed after a NULL check. The fix partially mitigates by verifying gdev->...

CVE-2022-50453 gpiolib: cdev: fix NULL-pointer dereferences

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's...

gpiolib: cdev: fix uninitialised kfifo

...

SUSE CVE-2022-50282

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdevdeviceadd While doing fault injection test, I got the following report: ------------ cut here ------------ kobject: 'null' 0000000039956980: is not initialized, yet kobjectput is being called...

Linux Distros Unpatched Vulnerability : CVE-2022-50282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - chardev: fix error handling in cdevdeviceadd While doing fault injection test, I got the following report: ------------ cut here ------------ kobject: 'null'...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly checking the pf-cdevinfo pointer, which could result in a null pointer dereference...

CVE-2023-53234

The CVE-2023-53234 entry relates to the Linux kernel watchdog subsystem. The attached description and connected Nessus advisories confirm a root-cause: put_device is not called in all code paths when cdev_device_add fails and wdd->id != 0, leading to leaks in watchdog_dev_register paths. The f...

CVE-2022-50282 chardev: fix error handling in cdev_device_add()

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdevdeviceadd While doing fault injection test, I got the following report: ------------ cut here ------------ kobject: 'null' 0000000039956980: is not initialized, yet kobjectput is being called...

CVE-2022-50245

In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible UAF when kfifoalloc fails If kfifoalloc fails in mportcdevopen, goto errfifo and just free priv. But priv is still in the chdev-filelist, then list traversal may cause UAF. This fixes the following smatch...