UBUNTU-CVE-2022-50473

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

UBUNTU-CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to initialise areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will...

CVE-2023-53611 ipmi_si: fix a memleak in try_smi_init()

In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit: unreferenced object 0xffff00018ecf9400 size 1024: comm "modprobe", pid 2707763, jiffies 4300851415 age 773.308s backtrace:...

CVE-2023-53561 net: wwan: iosm: fix NULL pointer dereference when removing device

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipcimemwwanchannelinit fai...

CVE-2023-53558

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid prinfo with spin lock in cblistinitgeneric prinfo is called with rtp-cbsgbllock spin lock locked. Because prinfo calls printk that might sleep, this will result in BUG like below: 0.206455 cblistinitgeneric:...

CVE-2023-53555 mm/damon/core: initialize damo_filter->list from damos_new_filter()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damofilter-list from damosnewfilter damosnewfilter is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calli...

CVE-2022-50482

CVE-2022-50482 is a Linux kernel vulnerability in the iommu/vt-d path. The issue is a memory leak of si_domain that occurs when init_dmars() fails, due to domain objects still lingering in the iommu_domain cache. The description states that this memory leak could occur in kernel builds prior to a...

CVE-2022-50482 iommu/vt-d: Clean up si_domain in the init_dmars() error path

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was seen with a kernel prior to commit ee2653bbe89d "iommu/vt-d: Remove domain and devinfo mempool" when there was a failure in initdmars,...

CVE-2022-50473 cpufreq: Init completion before kobject_init_and_add()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473

CVE-2022-50473 affects the Linux kernel cpufreq subsystem. The root cause is calling an uninitialized completion in cpufreq_sysfs_release() when kobject_init_and_add() fails, occurring in cpufreq_policy_alloc(). This can lead to a crash (page fault) on a local system via complete+0x98, with Call ...

EUVD-2025-32386

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39937

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...

CVE-2025-39934

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934

CVE-2025-39934: Linux kernel drm: bridge: anx7625 fixes a NULL pointer dereference when an IRQ fires before resource initialization, potentially accessing uninitialized I2C tcpc_client data. The NVD entry notes a MEDIUM base score (5.5) with LOCAL attack vector and LOW PR, HIGH impact on availabi...

CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39931 crypto: af_alg - Set merge to zero early in af_alg_sendmsg

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

EUVD-2025-32421

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

CVE-2025-10746

CVE-2025-10746 – Integrate Dynamics 365 CRM plugin (WordPress) affects all versions up to 1.0.9. Root cause: missing capability checks and nonce verification on functions hooked to init, enabling unauthenticated access. Impact (per sources): unauthenticated attackers can deactivate the plugin, ta...

RLSA-2025:7043 Moderate: microcode_ctl security update

The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: microcodectl: Improper input validation in UEFI firmware CVE-2024-28047 microcodectl: Insufficient granularity of access control in UEFI firmware CVE-2024-39279 microcodectl: mproper initialization i...