4596 matches found
CVE-2022-50050 ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...
CVE-2022-50038 drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...
CVE-2022-50035 drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpubolist mutex If amdgpucsvmhandling returns r != 0, then it will unlock the bolistmutex inside the function amdgpucsvmhandling and again on amdgpucsparserfini. This problem results in the...
CVE-2022-50033 usb: host: ohci-ppc-of: Fix refcount leak bug
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...
CVE-2022-49998
The CVE-2022-49998 entry is supported by multiple connected advisories confirming concrete fixes in the Linux kernel’s rxrpc sendmsg implementation. The issues addressed are three locking bugs in rxrpc_sendmsg: (1) rxrpc_new_client_call() should release the socket lock when returning from rxrpc_g...
CVE-2022-49997 net: lantiq_xrx200: restore buffer if memory allocation failed
In the Linux kernel, the following vulnerability has been resolved: net: lantiqxrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer address is stored. When this descriptor is used again, the system panics in the buildskb function when...
CVE-2022-49995 writeback: avoid use-after-free after removing device
In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdiunregister gets called to stop further writeback and wait for associated delayed work to complete. However, wbinodewritebackend may schedule bandwid...
CVE-2022-49985 bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
CVE-2022-49983 udmabuf: Set the DMA mask for the udmabuf device (v2)
In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device v2 If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID:...
CVE-2022-49966 drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing -finimicrocode interface for Sienna Cichlid To avoid any potential memory leak...
CVE-2022-49934
The CVE-2022-49934 vulnerability affects the Linux kernel’s wifi stack (mac80211) where UAF can occur in ieee80211_scan_rx() after the null check due to race with __ieee80211_scan_completed() and cfg80211_scan_done() freeing scan_req. The issue is mitigated by a fix in the kernel that prevents ac...
CVE-2025-38070
In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: Add NULL check in sma1307settingloaded All varibale allocated by kzalloc and devmkzalloc could be NULL. Multiple pointer checks and their cleanup are added. This issue is found by our static analysis tool...
CVE-2025-38055
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix segfault with PEBS-via-PT with samplefreq Currently, using PEBS-via-PT with a sample frequency instead of a sample period, causes a segfault. For example: BUG: kernel NULL pointer dereference, address:...
CVE-2025-38023
In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfsgetlockcontext in unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure whose lctx...
CVE-2025-38012
In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize iterator BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g. bpfforeach macro ignores error returns from new. bpfiterscxdsqnew cou...
CVE-2025-38068
CVE-2025-38068: In the Linux kernel, the crypto/lzo path fixed a compression buffer overrun by adding a safe compression interface that checks the end of the output buffer before each write and using it in crypto/lzo. This corrects a prior assumption that the caller always provided sufficient buf...
CVE-2025-38050
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios A kernel crash was observed when replacing free hugetlb folios: BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops:...
CVE-2025-38044 media: cx231xx: set device_caps for 417
In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417 The videodevice for the MPEG encoder did not set devicecaps. Add this, otherwise the video device can't be registered you get a WARNON instead. Not seen before since currently 417 support is...
CVE-2025-38033 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
CVE-2025-38033
CVE-2025-38033 affects the Linux kernel (x86) where FineIBT and Rust integration triggers a kernel panic when core::fmt::write() is invoked from Rust with FineIBT enabled. Root cause is that core::fmt::rt::Argument::fmt() has CFI-disabled code (no_sanitize(cfi, kcfi)), causing a Control Protectio...