CVE-2022-50108

In the Linux kernel, the following vulnerability has been resolved: mfd: max77620: Fix refcount leak in max77620initialisefps ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50091

In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: Change csdlockdebug from earlyparam to setup The csdlockdebug kernel-boot parameter is parsed by the earlyparam function csdlockdebug. If set, csdlockdebug invokes staticbranchenable to enable csdlockwait feature...

CVE-2022-50058

CVE-2022-50058 affects the Linux kernel's vdpa_sim_blk: a missing initialization of nas and ngroups can cause a kernel NULL pointer dereference when creating a new vdpa_sim_blk device, leading to a panic in vhost_iotlb_add_range_ctx. The issue arises from commit changes adding nas/ngroups to vdpa...

CVE-2022-50056 fs/ntfs3: Fix missing i_op in ntfs_read_mft

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...

CVE-2022-50056 fs/ntfs3: Fix missing i_op in ntfs_read_mft

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...

CVE-2022-50056

CVE-2022-50056 concerns the Linux kernel’s ntfs3 code: ntfs_read_mft can dereference a NULL i_op for records in $Extend, caused by i_op not being initialized. The vulnerability affects the Linux kernel (fs/ntfs3) and has been resolved by patches referenced in the connected documents (e.g., kernel...

CVE-2022-50018

Linux kernel ALSA HDAudio issue: when early probe fails (e.g., missing firmware), snd_hda_codec_shutdown() can page fault due to uninitialized codec->pcm list head. Root cause: split initialization of HDAudio codec into two steps; if firmware load defers and only enumeration proceeds, platform...

CVE-2022-50012 powerpc/64: Init jump labels before parse_early_param()

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

CVE-2022-50012

CVE-2022-50012 affects the Linux kernel on 64-bit PowerPC (powerpc/64). The root cause is that jump_label_init() is invoked in setup_feature_keys() too late, since static keys may be used by subroutines of parse_early_param(), which itself is a subroutine of early_init_devtree(). The result is th...

CVE-2022-50012

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

CVE-2025-38069

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32pcie Endpoint driver with handling of PERST deassertion: During EP initialization, pciepftestallocspace...

CVE-2025-38046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

DEBIAN-CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-38012

In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize iterator BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g. bpfforeach macro ignores error returns from new. bpfiterscxdsqnew cou...

DEBIAN-CVE-2025-38012

In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize iterator BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g. bpfforeach macro ignores error returns from new. bpfiterscxdsqnew cou...

UBUNTU-CVE-2025-38072

In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in ndlabeldatainit If a faulty CXL memory device returns a broken zero LSA size in its memory device information Identify Memory Device Opcode 4000h, CXL spec. 3.1, 8.2.9.9.1.1, a divide error...

CVE-2025-38046

...

CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-38036

The CVE-2025-38036 entry describes a Linux kernel issue in drm/xe/vf where GuC communication required GT MMIO to be initialized. Root cause: gt->mmio was initialized late due to recent refactoring, causing GuC calls to xe_mmio_read|write() to crash with an NPD when attempting to access MMIO ad...

CVE-2025-38036 drm/xe/vf: Perform early GT MMIO initialization to read GMDID

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...