CVE-2025-38085

CVE-2025-38085 affects the Linux kernel mm/hugetlb logic, specifically the race between huge_pmd_unshare() and GUP-fast. The vulnerability arises when huge_pmd_unshare() drops a reference on a page table that may have been shared across processes, creating a page table that can be used by another...

The vulnerability of the retract_page_tables() function in the mm/khugepaged.c module of the Linux kernel’s memory management subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the retractpagetables function in the mm/khugepaged.c module of the Linux kernel’s memory management subsystem is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Out-of-Bounds Write Vulnerability in BACnet MS/TP Kernel Module

A critical buffer overflow vulnerability in the mstp.ko kernel module, used in ABB’s Cylon ASPECT/FLXeon BACnet MS/TP controllers for building management systems BMS, allows out-of-bounds writes in the SendFrame function due to inadequate bounds checking of BACnet MS/TP frames. This flaw,...

CVE-2025-38008

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using staticbranchenc/dec and uses that static branch in hot paths to determine if it needs ...

SUSE CVE-2022-50138

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in qedrallocmr qedrallocmr allocates a memory chunk for "mr-info.pbltable" with initmrinfo. When rdmaalloctid and rdmaregistertid fail, "mr" is released while "mr-info.pbltable" is not release...

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

DEBIAN-CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-50146

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

CVE-2022-50043

In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndiscrouterdiscovery The issue happens on specific paths in the function. After both the object rt and neigh are grabbed successfully, when lifetime is nonzero but the metric needs change, the...

CVE-2022-49981

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidrawrelease Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 size 32: comm "softirq", pid 0, jiffies 4294945143 age 16.080s hex du...

UBUNTU-CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

UBUNTU-CVE-2022-50211

In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-50159 of: check previous kernel's ima-kexec-buffer against memory bounds

In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently imagetkexecbuffer doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic i...

CVE-2022-50147

CVE-2022-50147 refers to a Linux kernel memory policy bug: mm/mempolicy get_nodes can access the nmask array out of bounds when a user specifies more nodes than supported. The issue is resolved in the Linux kernel (patches referenced), with CVSSv3.1 base score 7.1 (HIGH), local access, low privil...

CVE-2022-50134 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...

CVE-2022-50107

CVE-2022-50107 concerns a Linux kernel vulnerability in the CIFS/fscache path where, if the index == next_cached case is hit, a refcount on the struct page could leak. The fix implemented is to switch to readahead_folio(), which manages the refcount automatically. Affected component: Linux kernel...

CVE-2022-50088

CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...

CVE-2022-50065 virtio_net: fix memory leak inside XPD_TX with mergeable

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix memory leak inside XPDTX with mergeable When we call xdpconvertbufftoframe to get xdpf, if it returns NULL, we should check if xdppage was allocated by xdplinearizepage. If it is newly allocated, it should be freed...

CVE-2022-50043 net: fix potential refcount leak in ndisc_router_discovery()

In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndiscrouterdiscovery The issue happens on specific paths in the function. After both the object rt and neigh are grabbed successfully, when lifetime is nonzero but the metric needs change, the...