CVE-2022-50146

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

CVE-2022-50043

In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndiscrouterdiscovery The issue happens on specific paths in the function. After both the object rt and neigh are grabbed successfully, when lifetime is nonzero but the metric needs change, the...

CVE-2022-49981

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidrawrelease Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 size 32: comm "softirq", pid 0, jiffies 4294945143 age 16.080s hex du...

UBUNTU-CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

UBUNTU-CVE-2022-50211

In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-50159 of: check previous kernel's ima-kexec-buffer against memory bounds

In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently imagetkexecbuffer doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic i...

CVE-2022-50147

CVE-2022-50147 refers to a Linux kernel memory policy bug: mm/mempolicy get_nodes can access the nmask array out of bounds when a user specifies more nodes than supported. The issue is resolved in the Linux kernel (patches referenced), with CVSSv3.1 base score 7.1 (HIGH), local access, low privil...

CVE-2022-50134 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

CVE-2022-50107

CVE-2022-50107 concerns a Linux kernel vulnerability in the CIFS/fscache path where, if the index == next_cached case is hit, a refcount on the struct page could leak. The fix implemented is to switch to readahead_folio(), which manages the refcount automatically. Affected component: Linux kernel...

CVE-2022-50088

CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...

CVE-2022-50087 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

CVE-2022-50065 virtio_net: fix memory leak inside XPD_TX with mergeable

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix memory leak inside XPDTX with mergeable When we call xdpconvertbufftoframe to get xdpf, if it returns NULL, we should check if xdppage was allocated by xdplinearizepage. If it is newly allocated, it should be freed...

CVE-2022-50043 net: fix potential refcount leak in ndisc_router_discovery()

In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndiscrouterdiscovery The issue happens on specific paths in the function. After both the object rt and neigh are grabbed successfully, when lifetime is nonzero but the metric needs change, the...

CVE-2022-49996 btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfsgetdevargsfrompath In btrfsgetdevargsfrompath, btrfsgetbdevandsb can fail if the path is invalid. In this case, btrfsgetdevargsfrompath returns directly without freeing args-uuid and...

CVE-2022-49994

The CVE-2022-49994 issue affects the Linux kernel memory management path involving bootmem and kmemleak. Specifically, vmemmap pages allocated from memblock were not removed from kmemleak when the page was freed, allowing kmemleak to report an error or stop working when the page is reused. The co...

CVE-2022-49949

The CVE-2022-49949 issue affects the Linux kernel’s firmware_loader path and is resolved by fixing a memory leak during firmware upload. Specifically, an instance of struct fw_upload is allocated in firmware_upload_register() and must be freed in fw_dev_release(). The remedy introduces a dedicate...

CVE-2025-38022

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...

CVE-2025-38024 RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x7d/0xa0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 inline printreport+0xcf/0x610...

CVE-2025-38015 dmaengine: idxd: fix memory leak in error handling path of idxd_alloc

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxdalloc Memory allocated for idxd is not freed if an error occurs during idxdalloc. To fix it, free the allocated memory in the reverse order of allocation before exiti...