CVE-2022-50012

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

UBUNTU-CVE-2022-50227

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvmxeninittimer is called on every KVMXENVCPUATTRTYPETIMER, which is causing the following ODEBUG crash whe...

UBUNTU-CVE-2022-50134

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

UBUNTU-CVE-2022-50127

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

UBUNTU-CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

UBUNTU-CVE-2022-50135

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxeqpdocleanup The function rxecreateqp calls rxeqpfrominit. If some error occurs, the error handler of function rxeqpfrominit will set both scq and rcq to NULL. Then rxecreateqp calls...

UBUNTU-CVE-2022-50179

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9khifusbrxcb Syzbot reported use-after-free Read in ath9khifusbrxcb 0. The problem was in incorrect htchandle-drvpriv initialization. Probable call trace which can trigger use-after-free:...

CVE-2022-50227 KVM: x86/xen: Initialize Xen timer only once

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvmxeninittimer is called on every KVMXENVCPUATTRTYPETIMER, which is causing the following ODEBUG crash whe...

CVE-2022-50227

CVE-2022-50227 affects the Linux kernel (KVM Xen timer) and is resolved by only initializing the Xen timer once. The root cause is that kvm_xen_init_timer() was invoked for every KVM_XEN_VCPU_ATTR_TYPE_TIMER, risking an ODEBUG crash when vcpu->arch.xen.timer is already set. The fix adds a chec...

CVE-2022-50222 tty: vt: initialize unicode screen buffer

In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffer can be read immediately after resize operation. Initialize buffer using kzalloc. ---------- include include include include int...

CVE-2022-50222

CVE-2022-50222 affects the Linux kernel in the VT/TTY subsystem, specifically the Unicode screen buffer initialization. According to the provided description, a kernel infoleak could occur in vcs_read() when the screen buffer is read immediately after a resize. The remediation implemented is to i...

CVE-2022-50209

The CVE-2022-50209 issue in the Linux kernel concerns a refcount leak in meson_mx_socinfo_init. The root cause is that of_find_matching_node() can return a node pointer with an incremented refcount, requiring an of_node_put() when the reference is no longer needed. The fix adds the missing of_nod...

CVE-2022-50184

The CVE-2022-50184 issue in the Linux kernel concerns a refcount leak in the Meson HDMI encoder path. Specifically, in drm/meson: encoder_hdmi_init, of_graph_get_remote_node() returns a remote device node pointer with an incremented refcount, and a missing of_node_put() could lead to a leak. The ...

CVE-2022-50179

CVE-2022-50179 concerns a use-after-free in the Linux kernel’s ath9k driver, specifically in ath9k_hif_usb_rx_cb. The issue stems from incorrect initialization of htc_handle->drv_priv, which can be freed and leaked during a probable call trace that starts at ath9k_htc_probe_device and leads to...

CVE-2022-50179 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9khifusbrxcb Syzbot reported use-after-free Read in ath9khifusbrxcb 0. The problem was in incorrect htchandle-drvpriv initialization. Probable call trace which can trigger use-after-free:...

CVE-2022-50175 media: tw686x: Fix memory leak in tw686x_video_init

In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686xvideoinit videodevicealloc allocates memory for vdev, when videoregisterdevice fails, it doesn't release the memory and leads to memory leak, call videodevicerelease to fix this...

CVE-2022-50154

CVE-2022-50154 (Linux kernel limit): The issue is a refcount leak in the Mediatek Gen3 PCI IRQ domain initialization. Specifically, of_get_child_by_name() returns a node pointer with a bumped refcount; the fix is to call of_node_put() when the node is no longer needed. Affected area: PCI subsyste...

CVE-2022-50130 staging: fbtft: core: set smem_len before fb_deferred_io_init call

In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smemlen before fbdeferredioinit call The fbtftframebufferalloc calls fbdeferredioinit before initializing info-fix.smemlen. It is set to zero by the framebufferalloc function. It will trigger a WARNON at...

CVE-2022-50127

CVE-2022-50127 affects the Linux kernel RDMA/rxe path. The vulnerability occurs in rxe_create_qp() where rxe_qp_from_init() initializes qp before spinlocks are set up (before rxe_qp_init_req()). If an error happens prior to the proper initialization, an unwind path calls rxe_cleanup()/rxe_qp_do_c...

CVE-2022-50127 RDMA/rxe: Fix error unwind in rxe_create_qp()

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...