CVE-2023-54009 i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...

CVE-2022-50703

CVE-2022-50703 relates to two refcount-leak bugs in the Linux kernel soc: qcom: smsm driver (qcom_smsm_probe). The issues occur when local_node and node are escaped from for_each_child_of_node() / for_each_available_child_of_node() without proper of_node_put() calls. The fix adds of_node_put() in...

CVE-2022-50703 soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcomsmsmprobe There are two refcount leak bugs in qcomsmsmprobe: 1 The 'localnode' is escaped out from foreachchildofnode as the break of iteration, we should call ofnodeput for it in...

CVE-2025-68729

The CVE-2025-68729 entry documents a Linux kernel issue in ath12k where MSDU buffer type packets received on the REO exception ring from unassociated peers were mis-parsed as link descriptor packets. The underlying cause was not freeing the skb, risking kernel crashes and buffer leaks. The provid...

CVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error path

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix MSDU buffer types handling in RX error path Currently, packets received on the REO exception ring from unassociated peers are of MSDU buffer type, while the driver expects link descriptor type packets. These...

CVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error path

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix MSDU buffer types handling in RX error path Currently, packets received on the REO exception ring from unassociated peers are of MSDU buffer type, while the driver expects link descriptor type packets. These...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to clean up in all error paths when enabling SR-IOV, which could lead to a hang or crash on module...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly handled error path that could lead to resource management issues...

PT-2025-53200

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the md/raid10 component of the Linux kernel. Specifically, within the raid10 run function's error handling path, memory allocated for conf-bio split is not freed...

PT-2025-53120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the multi transaction new function within the AppArmor subsystem. Specifically, the variable t is not freed or passed out if copy from user fails, leading to a...

PT-2025-52966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The cdns i2c master xfer function in the Linux kernel has a runtime power management PM leak on an error path. The function acquires a runtime PM reference upon entry and releases it upo...

PT-2025-52922

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel’s WiFi subsystem, specifically within the ath12k driver. The issue involves incorrect handling of MSDU buffer types in the receive RX error path. Packet...

CVE-2025-68339

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200eopen Protect access to fore200e-availablecellrate with ratemtx lock in the error handling path of fore200eopen to prevent a data race. The field fore200e-availablecellrate is a shar...

UBUNTU-CVE-2025-68339

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200eopen Protect access to fore200e-availablecellrate with ratemtx lock in the error handling path of fore200eopen to prevent a data race. The field fore200e-availablecellrate is a shar...

UBUNTU-CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-68339 atm/fore200e: Fix possible data race in fore200e_open()

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200eopen Protect access to fore200e-availablecellrate with ratemtx lock in the error handling path of fore200eopen to prevent a data race. The field fore200e-availablecellrate is a shar...

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-68338

In the Linux kernel, CVE-2025-68338 concerns the dsa: microchip path where, if setup fails, ksz_irq_free() may be called on an uninitialized ksz_irq, risking freeing uninitialized IRQ numbers and/or domains. The fix implemented is to iterate only over fully initialized ports in the error path usi...

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

SUSE CVE-2025-68172

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...