CVE-2022-50077 apparmor: fix reference count leak in aa_pivotroot()

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aapivotroot The aapivotroot function has a reference counting bug in a specific path. When aareplacecurrentlabel returns on success, the function forgets to decrement the reference count of...

CVE-2022-50074

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aasimplewritetobuffer When copyfromuser failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfreedata cause a memleak issue here. Use...

CVE-2022-49996

CVE-2022-49996 is a Linux kernel issue affecting the btrfs subsystem. The vulnerability arises when btrfs_get_dev_args_from_path() calls btrfs_get_bdev_and_sb() with an invalid path, causing the function to return without freeing previously allocated memory for args->uuid and args->fsid, wh...

CVE-2025-38061

In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgenthreadwrite Honour the user given buffer size for the strnlen calls otherwise strnlen will access memory outside of the user given buffer...

PT-2025-26135 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak issue has been identified in the Linux kernel, specifically in the meson mx socinfo init function. The of find matching node function returns a node pointer with an...

CVE-2020-22882

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61...

CVE-2025-37961 ipvs: fix uninit-value for saddr in do_output_route4

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in dooutputroute4 syzbot reports for uninit-value for the saddr argument 1. commit 4754957f04f5 "ipvs: do not use random local source address for tunnels" already implies that the input value of...

CVE-2025-37918 Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skbdequeue A NULL pointer dereference can occur in skbdequeue when processing a QCA firmware crash dump on WCN7851 0489:e0f3. 93.672166 Bluetooth: hci0: ACL memdump size589824...

CVE-2025-37862

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidfffindfields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required...

CVE-2023-53116

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmetreqcomplete An nvme target -queueresponse operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointe...

CVE-2023-53089 ext4: fix task hung in ext4_xattr_delete_inode

In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4xattrdeleteinode Syzbot reported a hung task problem: ================================================================== INFO: task syz-executor232:5073 blocked for more than 143 seconds. Not tainted...

CVE-2022-49922

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cncisend nfcmrvli2cncisend will be called by nfcmrvlncisend, and skb should be freed in nfcmrvli2cncisend. However, nfcmrvlncisend will only free skb when i2cmastersend return =...

CVE-2022-49806

In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start sparxstatsinit calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:...

CVE-2022-49923

In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxpncisend nxpncisend will call nxpncii2cwrite, and only free skb when nxpncii2cwrite failed. However, even if the nxpncii2cwrite run succeeds, the skb will not be freed in nxpncii2cwrit...

CVE-2022-49881 wifi: cfg80211: fix memory leak in query_regdb_file()

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in queryregdbfile In the function queryregdbfile the alpha2 parameter is duplicated using kmemdup and subsequently freed in regdbfwcb. However, requestfirmwarenowait can fail without calling...

CVE-2022-49873

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in releasereference Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper...

CVE-2022-49839

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fix error handling in sasphyadd If transportadddevice fails in sasphyadd, the kernel will crash trying to delete the device in transportremovedevice called from sasremovehost. Unable to handle kernel NULL...

CVE-2022-49821

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, use putdevice to give up the reference...

CVE-2022-49805

CVE-2022-49805 – Linux kernel (lan966x): The issue occurs in lan966x_stats_init(), which calls create_singlethread_workqueue() without validating the return value. If it returns NULL, a later queue_delayed_work path dereferences a null workqueue pointer, causing a null-pointer dereference. The re...

CVE-2025-37742

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount function syzbot reports that hexdumptobuffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in...