CVE-2024-57988 Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcmgetboardname devmkstrdup can return a NULL pointer on failure,but this returned value in btbcmgetboardname is not checked. Add NULL check in btbcmgetboardname, to handle kernel NULL pointe...

CVE-2024-57985 firmware: qcom: scm: Cleanup global '__scm' on probe failures

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global 'scm' on probe failures If SCM driver fails the probe, it should not leave global 'scm' variable assigned, because external users of this driver will assume the probe finished successfully. For...

CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash

In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connect, there is a period during which a lookup operation might fail to fi...

RLSA-2025:1266 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

CVE-2022-49629

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49625

In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efxef10tryupdatenicstatsvf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has t...

CVE-2022-49498

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the assignment of pointer card before substream is being null checked with the macro PCMRUNTIMECHECK...

CVE-2022-49356

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svcrdmabuildwrites from walking off the end of a Write chunk's segment array. Caught with KASAN. The test that this fix replaces is invalid, and might have been left over from an earlie...

CVE-2022-49343

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

CVE-2022-49291

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...

UBUNTU-CVE-2022-49425

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it cur-page in this case could load an out-of-bounds/undefined value making it...

CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike, we return an error. Provided -shutdown is not called when -activate fails, nothing actually frees the buffer in this case. Fix this...

CVE-2022-49165

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer, but then queues a single planar capture buffer, the kernel will crash with "Unable to handle kerne...

CVE-2022-49129

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the resetwork has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is calle...

CVE-2022-49095

In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap must be undone. Add the missing iounmap call in...

CVE-2022-49711

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fslmcbusremove In fslmcbusremove, mc-rootmcbusdev-mcio is passed to fsldestroymcio. However, mc-rootmcbusdev is already freed in fslmcdeviceremove. Then reference to mc-rootmcbusdev-mc...

CVE-2022-49703 scsi: ibmvfc: Store vhost pointer during subcrq allocation

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...

CVE-2022-49656

In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in mesonsmppreparecpus offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-49628

Linux kernel CVE-2022-49628 concerns the net: stmmac driver leaking resources during probe. Connected documents confirm the vulnerability and provide a fix: two error paths in probe are corrected to clean up before returning, addressing leaks in the probe sequence. The affected component is the L...

CVE-2022-49626

In CVE-2022-49626, the Linux kernel sfc (Solarflare) driver had a use-after-free: vf->pci_dev could be freed during pci_disable_sriov and later read in efx_ef10_sriov_free_vf_vswitching. The root cause is reading a freed vf->pci_dev in the SR-IOV disable path. A patch fixes this by setting ...