955 matches found
CVE-2022-49131
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fixthe following kernel panic when unload/load ath11k modulesfor few iterations. [ 971.201365] Unable to handle kern...
CVE-2022-49196
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've calleddevice_unregister(&host_bridge->dev). But the unregister may have freedphb, because pcibios_free_...
CVE-2022-49311
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() There is a deadlock in rtw_joinbss_event_prehandle(), which is shownbelow: (Thread 1) | (Thread 2)| _set_timer()rtw_joinbss_event_prehandle()| mod_timer()sp...
CVE-2022-49327
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlockcan happen in the following situation. When all journal buckets are fully filled by active ...
CVE-2022-49508
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(),so there is no need to call input_free_device() explicitly orthere will be a double free. Accor...
CVE-2022-49657
In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffersneed to be freed in which error case. v2: add Fixes tagv3: fix uninitialized buf pointer
CVE-2022-49855
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg ipc_pcie_read_bios_cfg() is using the acpi_evaluate_dsm() toobtain the wwan power state configuration from BIOS but isnot freeing the acpi_object. The acpi_evaluate_dsm() r...
CVE-2025-21742
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within theURB based on the wNdpIndex value in NTH16. Only the start position ofNDP16 was checked, so it was possible for e...
CVE-2025-21773
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL.While this is true on commercially available devices, an attackercould spoof the d...
CVE-2025-21790
In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() successotherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000...
CVE-2025-21792
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICEsocket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix ref...
CVE-2025-21793
In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix division by zero When there is no dummy cycle in the spi-nor commands, both dummy bus cyclebytes and width are zero. Because of the cpu's warning when divided byzero, the warning should be avoided. Return just z...
CVE-2025-21937
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() inmgmt_remote_name() to prevent null pointer dereference.
CVE-2021-47632
In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines")included a spin_lock() to change_page_attr() in order tosafely perform the three step operations....
CVE-2022-49104
In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_core: handle NULL result of find_service_by_handle In case of an invalid handle the function find_servive_by_handlereturns NULL. So take care of this and avoid a NULL pointer dereference.
CVE-2022-49216
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe The reference taken by 'of_find_device_by_node()' must be released whennot needed anymore. Add put_device() call to fix this.
CVE-2022-49282
In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fs_quota_sync() cnt should be passed to sb_has_quota_active() instead of type to checkactive quota properly. Moreover, when the type is -1, the compiler with enough inline knowledgecan discard s...
CVE-2022-49312
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xu_drv_init() In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memoryallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is notproperly released as there is...
CVE-2022-49318
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and__is_bitmap_valid. For example, in f2fs_is_valid_blkaddr,if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ,it invokes WA...
CVE-2022-49331
In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() tothose failure paths.
CVE-2022-49410
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fieldsof variable ref_field, which is allocated in the previous function callto create_hist_field(). Function in...
CVE-2022-49472
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structureand the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data ...
CVE-2022-49502
In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rga_probe rga->m2m_dev needs to be freed when rga_probe fails.
CVE-2022-49544
In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking nullbefore dereference
CVE-2022-49729
In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b("Bluetooth: btusb: Fix memory leak in play_deferred"), we thoughta patch might be needed here as well. Currently...
CVE-2022-49837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048):comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s)hex dump (first 32 bytes):01 00 00 00 00 00...
CVE-2022-49890
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() tocomplete the memory allocation of tmpbuf, if we have completedthe memory allocation of tmpbu...
CVE-2023-53018
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() orhci_le_big_terminate(), the memory pointed by variable d is not freed,which will cause memory leak. Add release process to error pat...
CVE-2024-57944
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on thereturn value of such a call in ads1298_init() is missing. Add it.
CVE-2025-22003
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()")unintentionally introduced a one byte out of bound read on strscpy()'ssource argument (which is kind of ir...
CVE-2021-47641
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round uppixclock to get the derived frequency as cl...
CVE-2022-49119
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), ifpm8001_chip_fw_flash_update_build() fails, the struct fw_control_exallocated must be freed.
CVE-2022-49206
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fixthe error unwind flow to free that memory to avoid a memory leak.
CVE-2022-49353
In the Linux kernel, the following vulnerability has been resolved: powerpc/papr_scm: don't requests stats with '0' sized stats buffer Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic beingreported with vPMEM when papr_scm probe is being called. The panic is of theform below ...
CVE-2022-49445
In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() It will cause null-ptr-deref when using 'res', if platform_get_resource()returns NULL, so move using 'res' after devm_ioremap_resource() thatwill check i...
CVE-2022-49514
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak inthe error path.
CVE-2022-49607
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Yang Jihing reported a race between perf_event_set_output() andperf_mmap_close(): CPU1 CPU2 perf_mmap_close(e2) if (atomic_dec_and_test(&e2->rb->m...
CVE-2022-49623
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140Read of size 8 at addr c00000001d1d0118 by t...
CVE-2022-49751
In the Linux kernel, the following vulnerability has been resolved: w1: fix WARNING after calling w1_process() I got the following WARNING message while removing driver(ds2482): ------------[ cut here ]------------do not call blocking ops when !TASK_RUNNING; state=1 set at [] w1_process+0x9e/0x1d0 ...
CVE-2022-49930
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer problem in free_mr_init() Lock grab occurs in a concurrent scenario, resulting in stepping on a NULLpointer. It should be init mutex_init() first before use the lock. Unable to handle kernel NULL pointer ...
CVE-2023-53017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr isnot freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERRto pass the instance to call...
CVE-2025-22037
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return errorresponse. Subsequently, the client can send smb2 session setup eventhought conn->preauth_info is not...
CVE-2025-23137
In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Check if policy is NULL before dereferencing it in amd_pstate_update.
CVE-2021-47637
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks:[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132[ 77.028820] Call Trace:[ 77.029027] schedule+0x8c/0x1b0[ 77.029067] mutex_lock+0x50...
CVE-2022-49085
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) ifcb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),the skb will be freed by nlmsg_fre...
CVE-2022-49106
In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances vchiq_get_state() can return a NULL pointer. So handle this cases andavoid a NULL pointer derefence in vchiq_dump_platform_instances.
CVE-2022-49115
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix misused goto label Fix a misused goto label jump since that can result in a memory leak.
CVE-2022-49125
In the Linux kernel, the following vulnerability has been resolved: drm/sprd: fix potential NULL dereference 'drm' could be null in sprd_drm_shutdown, and drm_warn maybe dereferenceit, remove this warning log. v1 -> v2: Split checking platform_get_resource() return value to a separate patch Use ...
CVE-2022-49201
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead toibmvnic_xmit() accessing an scrq after it has been freed in the resetpath. It can result in a crash like: Kernel attempte...
CVE-2022-49242
In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs: Fix error handling in mxs_sgtl5000_probe This function only calls of_node_put() in the regular path.And it will cause refcount leak in error paths.For example, when codec_np is NULL, saif_np[0] and saif_np[1]are not NULL...