59 matches found
CVE-2025-38482 comedi: das6402: Fix bit shift out of bounds
In the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / IRQs 2,3,5,6,7, 10,11,15 are valid for "enhanced" mode / if 1 options1 & 0x8cec However, it-optionsi is an...
CVE-2025-38353
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...
CVE-2025-38290
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath12kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...
CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...
CVE-2022-49949
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...
CVE-2022-50203
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: display: Fix refcount leak bug In omapdssinitfbdev, offindnodebyname will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...
CVE-2022-50191
In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in ofgetregulationconstraints We should call the ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...
CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...
CVE-2022-50120
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxrproc: Fix refcount leak in imxrprocaddrinit ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not needed anymore. This function has two paths missing ofnodeput...
CVE-2022-49982
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvrprobe The error handling code in pvr2hdwcreate forgets to unregister the v4l2 device. When pvr2hdwcreate returns back to pvr2contextcreate, it calls pvr2contextdestroy to destroy context, but...
CVE-2022-50222 tty: vt: initialize unicode screen buffer
In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffer can be read immediately after resize operation. Initialize buffer using kzalloc. ---------- include include include include int...
CVE-2022-50220 usbnet: Fix linkwatch use-after-free on disconnect
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnetdeferredkevent to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in -ndostop. But in 2003, that was moved ...
CVE-2022-50132
CVE-2022-50132 (Linux kernel) affects the usb: cdns3 gadget code. The root cause is an invalid dereference when ep is NULL due to the placement of the priv_ep assignment. The vulnerability is resolved by changing the assignment location in cdns3_gadget_ep_dequeue() and cdns3_gadget_ep_enable(), p...
CVE-2022-50125
CVE-2022-50125 is a Linux kernel issue affecting ASoC: cros_ec_codec through a refcount leak in cros_ec_codec_platform_probe. The root cause is that of_parse_phandle() returns a node pointer with its refcount incremented, and the fix adds of_node_put() when the node is no longer needed to avoid t...
CVE-2022-50088
CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...
CVE-2022-49994
The CVE-2022-49994 issue affects the Linux kernel memory management path involving bootmem and kmemleak. Specifically, vmemmap pages allocated from memblock were not removed from kmemleak when the page was freed, allowing kmemleak to report an error or stop working when the page is reused. The co...
CVE-2022-49980
CVE-2022-49980 affects the Linux kernel USB gadget subsystem (udc). A race between uevent callbacks and gadget driver unregistration can cause a use-after-free in usb_udc_uevent(), when it dereferences udc->driver without holding the udc_lock mutex. If the gadget driver is unbound concurrently...
CVE-2022-49974 HID: nintendo: fix rumble worker null pointer deref
In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendohidremove is called, in which the rumblequeue is destroye...
CVE-2025-38027
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086parseregulatorsdt calls ofregulatormatch using an array of struct ofregulatormatch allocated on the stack for the matches argument. ofregulatormatch calls...
CVE-2025-37932 sch_htb: make htb_qlen_notify() idempotent
In the Linux kernel, the following vulnerability has been resolved: schhtb: make htbqlennotify idempotent htbqlennotify always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like...