UBUNTU-CVE-2022-49870

In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in...

CVE-2022-49851 riscv: fix reserved memory setup

In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result, when trying to get a reserved memory region using ofreservedmemlookup, the pointer to reserved...

CVE-2022-49827 drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drmvblankdestroyworker drmvblankinit call drmmaddactionorreset with drmvblankinitrelease as action. If drmmaddaction failed, will directly call drmvblankinitrelease with the vblank whose worke...

CVE-2022-49820 mctp i2c: don't count unused / invalid keys for flow release

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: don't count unused / invalid keys for flow release We're currently hitting the WARNON in mctpi2cflowrelease: if midev-releasecount midev-i2clockcount WARNONCE1, "release count overflow"; This may be hit if we expire a...

CVE-2022-49796

The CVE-2022-49796 issue affects the Linux kernel tracing/kprobe path. It concerns a potential NULL pointer dereference in trace_array if test_gen_kprobe_cmd() fails after kprobe_event_gen_cmd_end(), where gen_kretprobe_test could reference an invalid trace_array after kprobe_event_delete(). The ...

CVE-2022-49772 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't have happened, but in reality, the NULL port may be seen when the devic...

CVE-2025-37791 ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()

In the Linux kernel, the following vulnerability has been resolved: ethtool: cmiscdb: use correct rpl size in ethtoolcmismodulepoll rpl is passed as a pointer to ethtoolcmismodulepoll, so the correct size of rpl is sizeofrpl which should be just 1 byte. Using the pointer size instead can cause...

SUSE CVE-2025-39755

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmciadriver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp called from pcmciaregisterdriver. Initialize the...

CVE-2025-38575 ksmbd: use aead_request_free to match aead_request_alloc

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...

DEBIAN-CVE-2025-23132

In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquotwritebackdquots F2FS-fs dm-59: checkpoint=enable has some unwritten data. ------------ cut here ------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691...

CVE-2025-22102

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix kernel panic during FW release This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1...

DEBIAN-CVE-2025-22045

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flushtlbrange when used for zapping normal PMDs On the following path, flushtlbrange can be used for zapping normal PMD entries PMD entries that point to page tables together with the PTE entries in the pointed-to pag...

DEBIAN-CVE-2024-58096

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng-lock for ath11khalsrng in monitor mode ath11khalsrng should be used with srng-lock to protect srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng for many times but...

CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...

CVE-2025-22074

CVE-2025-22074 : In the Linux kernel, ksmbd had a r_count increment/decrement mismatch that could cause r_count to become negative, leading to ksmbd thread termination issues. The issue is fixed by a patch fixing the r_count dec/increment pairing when oplock breaks occur. Affected component is ks...

CVE-2025-22074 ksmbd: fix r_count dec/increment mismatch

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix rcount dec/increment mismatch rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause rcount to become negative, which can lead to a problem where the ksmbd...

CVE-2025-22050 usbnet:fix NPE during rx_complete

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rxcomplete Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas usbnetqueueskb includes this check. This inconsistency creates a race conditio...

CVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some LoongArch-specific devices such as APBDMA require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error...

CVE-2025-22033

CVE-2025-22033: Linux kernel arm64 fix for a NULL pointer dereference in alignment handling. The issue occurs when do_alignment_t32_to_handler() fixes only specific instructions and returns NULL for others (e.g., LDREX); callers would proceed with regular alignment fault handling (SIGBUS). Withou...

CVE-2025-22013 KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: Host SVE being discarded unexpectedly due to inconsistent...