kernel: media: em28xx: initialize refcount before kref_get

A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xxusbprobe for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in armsmmudeviceprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoid...

kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: race condition in xfrm_probe_algs can lead to OOB read/write

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

PT-2025-54147

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a resource leak in the brcmuart probe function. Smatch analysis identified that the baud mux clk obtained from clk prepare enable was not released, leading to a...

kernel: race condition in xfrm_probe_algs can lead to OOB read/write

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

kernel: tcp: Fix a data-race around sysctl_tcp_probe_interval.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobeinterval. While reading sysctltcpprobeinterval, it can be changed concurrently. Thus, we need to add READONCE to its reader...

kernel: tcp: Fix a data-race around sysctl_tcp_probe_threshold.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobethreshold. While reading sysctltcpprobethreshold, it can be changed concurrently. Thus, we need to add READONCE to its reader...

kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in sndcardregister at probe time, it will free the 'bcd2k-midiouturb' before killing it, which may cause a UAF bug. The following log can reveal it:...

kernel: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe

A flaw was found in the mt8173-rt5650-rt5676 module in the Linux kernel. A missing decrement of the reference count when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

kernel: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797mt6351devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

kernel: Linux kernel: Denial of Service in ASoC Mediatek due to refcount leak

A flaw was found in the Linux kernel. A local user could exploit a refcount leak in the Audio System on Chip ASoC Mediatek component, specifically within the mt8183mt6358ts3a227max98357devprobe function. This vulnerability could lead to a Denial of Service DoS due to resource exhaustion...

kernel: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

kernel: net/mlx5: Fix command stats access after free

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failure is being logged to command stats. This results in...

kernel: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

kernel: media: airspy: fix memory leak in airspy probe

In the Linux kernel, the following vulnerability has been resolved: media: airspy: fix memory leak in airspy probe The commit ca9dc8d06ab6 "media: airspy: respect the DMA coherency rules" moves variable buf from stack to heap, however, it only frees buf in the error handling code, missing...

kernel: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173rt5650devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Fix refcount leak in some error paths...

kernel: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in armsmmudeviceprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoid...

kernel: media: pvrusb2: fix memory leak in pvr_probe

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvrprobe The error handling code in pvr2hdwcreate forgets to unregister the v4l2 device. When pvr2hdwcreate returns back to pvr2contextcreate, it calls pvr2contextdestroy to destroy context, but...

kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()

A flaw was found in the Linux kernel's ASoC da7219 audio codec driver. An error handling path in da7219registerdaiclks incorrectly attempts to unregister a clock that was never successfully registered. This could lead to incorrect resource cleanup during driver probe failure, potentially causing...