CVE-2022-50219

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

CVE-2022-50198 ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omap3xxxprmlateinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50141

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhcsignalvoltageswitch offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount...

CVE-2022-50131 HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()

In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcpsmbuswrite Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy '&mcp-txbuf5' too small 59 vs 255 drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy 'buf'...

CVE-2022-50121

CVE-2022-50121 affects the Linux kernel remoteproc code for k3-r5, where a missing of_node_put() in for_each_available_child_of_node() can leak a refcount when breaking early from the loop. The root cause is that each iteration decrements the previous node’s reference count without explicit relea...

CVE-2022-50113 ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in graphgettype We should call ofnodeput for the reference before its replacement as it returned by ofgetparent which has increased the refcount. Besides, we should also call ofnodep...

CVE-2022-50104

CVE-2022-50104 affects the Linux kernel, specifically the powerpc/xive subsystem. The root cause is a refcount leak caused by a node pointer returned by of_find_node_by_path() with an incremented refcount and missing of_node_put() when done. The remediation is a patch that adds the missing of_nod...

CVE-2022-50094

In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions tracespmiwritebegin and tracespmireadend both call memcpy with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified...

CVE-2022-50052

The CVE-2022-50052 issue affects the Linux kernel ASoC: Intel: avs component. It stems from using snprintf(), which returns the would-be-filled size on buffer overflow, creating a potential buffer overflow; the patch replaces snprintf() with scnprintf() to mitigate this. The vulnerability is trac...

CVE-2022-50052 ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow although it's...

CVE-2022-50051 ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-50050 ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-50050

CVE-2022-50050 is reported in the Linux kernel ASoC: SOF: Intel: hda component. The vulnerability stems from using snprintf() which returns the would-be-filled size on overflow, risking a buffer overflow; the fix replaces snprintf() with a safer scnprintf() to paper over this potential issue. Con...

CVE-2022-50037

CVE-2022-50037 concerns the Linux kernel: the drm/i915/ttm path could leak CCS state between users. The issue is resolved by applying the patch that prevents leaking CCS state (cherry-picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec). Affected product is the Linux kernel (ttm subsystem...

CVE-2022-49985 bpf: Don't use tnum_range on array range checking for poke descriptors

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...

CVE-2022-49969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock Why After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. How Clear that if have when clock o...

CVE-2022-49936 USB: core: Prevent nested device-reset calls

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

CVE-2025-38072

In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in ndlabeldatainit If a faulty CXL memory device returns a broken zero LSA size in its memory device information Identify Memory Device Opcode 4000h, CXL spec. 3.1, 8.2.9.9.1.1, a divide error...

CVE-2025-38013

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...

CVE-2025-38078 ALSA: pcm: Fix race of buffer access at PCM OSS layer

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization or reconfiguration of a stream with the explicit call of sndpcmformatsetsilence with...