CVE-2023-54047 drm/rockchip: dw_hdmi: cleanup drm encoder during unbind

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...

CVE-2023-53851

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device...

UBUNTU-CVE-2023-53851

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device...

CVE-2023-53851

CVE-2023-53851 (Linux kernel, drm/msm/dp): Root cause is use of devres to depopulate the DP AUX bus, which could destroy and recreate an EDID-reading panel device after a probe deferral as the aux device’s struct can outlive the DP controller. Symptoms include EDID blocks filled with zeros or rar...

CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

AZL-62495 CVE-2025-37842 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

kernel: USB: Gadget: core: Help prevent panic during UVC unconfigure

A deadlock flaw was found in the Linux kernel's USB Gadget subsystem in the driver unbind path. A local privileged user can trigger this issue by removing a UVC gadget driver from a gadget configuration, causing the unbind callback to call usbgadgetdeactivate while the caller holds the connectloc...