UBUNTU-CVE-2022-50368

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...

CVE-2022-50369 drm/vkms: Fix null-ptr-deref in vkms_release()

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkmsrelease A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms-output.composerworkq in vkmsrelease. KASAN: null-ptr-deref in range 0x0000000000000118-0x000000000000011f CP...

CVE-2022-50360 drm/msm/dp: fix aux-bus EP lifetime

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2022-50360

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2025-39807

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add error handling for old state CRTC in atomicdisable Introduce error handling to address an issue where, after a hotplug event, the cursor continues to update. This situation can lead to a kernel panic due to...

UBUNTU-CVE-2025-39811

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: Clear the scratchpt pointer on error Avoid triggering a dereference of an error pointer on cleanup in xevmfreescratch by clearing any scratchpt error pointer. cherry picked from commit...

UBUNTU-CVE-2025-39820

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add a null ptr check for dpuencoderneedsmodeset The drmatomicgetnewconnectorstate can return NULL if the connector is not part of the atomic state. Add a check to prevent a NULL pointer dereference. This follows the...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox to version 143.0 or higher. References -...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher. Reference...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird-ESR to version 140.3 or higher...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox-ESR to version 140.3 or higher. Reference...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox to version 143.0 or higher...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox to version 143.0 or higher. Referenc...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox to version 143.0 or higher...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox-ESR to version 140.3 or higher...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird-ESR to version 140.3 or higher...

CVE-2023-53288 drm/client: Fix memory leak in drm_client_modeset_probe

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclientmodesetprobe When a new mode is set to modeset-mode, the previous mode should be freed. This fixes the following kmemleak report: drmmodeduplicate+0x45/0x220 drm...