CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free like below FREE | USE adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue 1 | adf7242cmdrx | moddelayedwork 2 |...

UBUNTU-CVE-2022-50116

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

UBUNTU-CVE-2022-50100

In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpusmask The following warning was triggered on a large machine early in boot on a distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: ...

UBUNTU-CVE-2022-50166

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...

UBUNTU-CVE-2022-49974

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendohidremove is called, in which the rumblequeue is destroye...

UBUNTU-CVE-2022-49986

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...

UBUNTU-CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free like below FREE | USE adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue 1 | adf7242cmdrx | moddelayedwork 2 |...

CVE-2022-50166 Bluetooth: When HCI work queue is drained, only queue chained work

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...

CVE-2022-50100 sched/core: Do not requeue task on CPU excluded from cpus_mask

In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpusmask The following warning was triggered on a large machine early in boot on a distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: ...

CVE-2022-50100

CVE-2022-50100 affects the Linux kernel sched/core: Do not requeue a task on a CPU excluded from cpus_mask. The issue arises from a ttwu wakeup optimization that could queue a task on the wrong CPU, triggering an early-boot warning on large machines. The commit c6e7bd7afaeb implements a fix by en...

CVE-2022-49974

CVE-2022-49974 refers to a Linux kernel vulnerability in the HID Nintendo driver where a null pointer could be dereferenced when queuing rumble work to a destroyed workqueue. The root cause is attempting to queue work after the controller is disconnected and nintendo_hid_remove has destroyed the ...

CVE-2022-49968 ieee802154/adf7242: defer destroy_workqueue call

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free like below FREE | USE adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue 1 | adf7242cmdrx | moddelayedwork 2 |...

CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free like below FREE | USE adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue 1 | adf7242cmdrx | moddelayedwork 2 |...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bnxten: Error handling in bnxtinitchip has been fixed. The WARNON function is triggered in flushwork if bnxtinitchip fails because we call cancelworksync on dim work that has not been initialized. WARNING: CPU: 37, PID: 5223, at...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath10k: avoiding NULL pointer errors during sdio removal When running ‘rmmod ath10k’, ath10ksdioremove will free the sdioworkqueue by calling destroyworkqueue. However, if CONFIGINITONFREEDEFAULTON is set to yes, a kernel...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/imagination: avoided deadlock on fence release The processing of fence release in the scheduler queue is performed on a workqueue, rather than directly in the release function itself. Deadlock issues have been fixed, such ...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should only be released after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal The devicedel function can cause new work to be scheduled in the gadget-workqueue. This issue is observed, for example, with the dwc3 driver, as follows: c devicedel...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a slab-use-after-free issue in hdcpwork Why A slab-use-after-free issue was reported when HDCP was destroyed, but the propertyvalidatedwork queue was still running. How The delayed work was canceled when th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: acct: performs the last write operation from the workqueue. In 1, it was reported that the acct2 system call can be used to trigger a NULL derefrence in cases where it is set to write to a file that triggers an internal lookup...