CVE-2025-21928 HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtphidremove...

CVE-2023-53016

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcommskstatechange syzbot reports a possible deadlock in rfcommskstatechange 1. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsockrelease could have the...

CVE-2023-53020 l2tp: close all race conditions in l2tp_tunnel_register()

In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...

CVE-2023-53016 Bluetooth: Fix possible deadlock in rfcomm_sk_state_change

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcommskstatechange syzbot reports a possible deadlock in rfcommskstatechange 1. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsockrelease could have the...

CVE-2023-52989 firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region

In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue...

CVE-2022-49740 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2024-58091 drm/fbdev-dma: Add shadow buffering for deferred I/O

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers that require deferred I/O and use it as...

Linux Distros Unpatched Vulnerability : CVE-2023-52881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is...

CVE-2025-21795

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4shutdowncallback If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until...

CVE-2024-58001

In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;- So I've redone it as individual patches, and...

SUSE CVE-2022-49383

In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart callback by using clkprepareenable instead of pmruntimegetsync for turning on the clocks during restart. Th...

CVE-2024-52557 drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdp: Fix integer overflow in zynqmpdprateget This patch fixes a potential integer overflow in the zynqmpdprateget The issue comes up when the expression drmdpbwcodetolinkratedp-test.bwcode 10000 is evaluated using 32-bi...

CVE-2025-21738 ata: libata-sff: Ensure that we cannot write outside the allocated buffer

In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...

UBUNTU-CVE-2022-49565

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fix unchecked MSR access error on HSW The fuzzer triggers the below trace. 7763.384369 unchecked MSR access error: WRMSR to 0x689 tried to write 0x1fffffff8101349e at rIP: 0xffffffff810704a4...

CVE-2022-49711 bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fslmcbusremove In fslmcbusremove, mc-rootmcbusdev-mcio is passed to fsldestroymcio. However, mc-rootmcbusdev is already freed in fslmcdeviceremove. Then reference to mc-rootmcbusdev-mc...

CVE-2022-49640

The CVE-2022-49640 issue affects the Linux kernel’s sysctl path, specifically proc_douintvec_minmax(). A concurrent access to a sysctl variable led to potential data races; the fix patches the function to use READ_ONCE() and WRITE_ONCE() internally, addressing the data-race on the sysctl side. Th...

CVE-2022-49489

CVE-2022-49489 details (NORMAL mode) Affects the Linux kernel component: drm/msm/disp/dpu1. The issue arises from set vbif hw config to NULL to avoid use-after-free during PM runtime resume in the DPU, leading to an Unable to handle kernel paging request crash (illustrated by the call trace inclu...

CVE-2022-49444 module: fix [e_shstrndx].sh_size=0 OOB access

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2022-49182 net: hns3: add vlan list lock to protect vlan list

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use...

CVE-2022-49176 bfq: fix use-after-free in bfq_dispatch_request

In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfqdispatchrequest KASAN reports a use-after-free report when doing normal scsi-mq test 69832.239032 ================================================================== 69832.241810 BUG: KASAN:...