CVE-2022-48707

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port tohave no explicit HDM decoders. Currently the region driver ...

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may besome socket waitqueue entries remaining in smc socket->wq, suchas eppoll_entries inserted by userspac...

CVE-2022-48767

In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked.Ensure we put it.

CVE-2022-48777

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty)the kernel panics in the cleanup function as the name entry is NULL.Rework the parser logic by first c...

CVE-2022-48779

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so ifthis is the same as the port's pvid_vlan which we access afterwards,what we're accessing is freed mem...

CVE-2022-48812

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_fre...

CVE-2022-48825

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add stag_work to all the vports Call trace seen when creating NPIV ports, only 32 out of 64 show online.stag work was not initialized for vport, hence initialize the stag work. WARNING: CPU: 8 PID: 645 at kernel/workque...

CVE-2022-48834

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0WARNING: CPU: 0 PID: 3813 at drivers/us...

CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcg_init_queue() may add rq qos structures to request queue, previouslyblk_cleanup_queue() calls rq_qos_exit() to release them, but commit8e141f9eb803 ("block: drain file sy...

CVE-2022-49077

In the Linux kernel, the following vulnerability has been resolved: mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) If an mremap() syscall with old_size=0 ends up in move_page_tables(), itwill call invalidate_range_start()/invalidate_range_end() unnecessarily,i.e. with ...

CVE-2022-49108

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Fix memory leaks on probe Handle the error branches to free memory where required. Addresses-Coverity-ID: 1491825 ("Resource leak")

CVE-2022-49138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multipletimes for the same handle, the device is registered multiple times whichleads to memory corruptions. Th...

CVE-2022-49150

In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram The of_find_compatible_node() function returns a node pointer withrefcount incremented, We should use of_node_put() on it when doneAdd the missing of_node_put()...

CVE-2022-49165

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer, but thenqueues a single planar capture buffer, the kernel will crash with"Unable to handle kernel NU...

CVE-2022-49192

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpsw_ethtool_begin directly returns the result of pm_runtime_get_syncwhen successful.pm_runtime_get_sync returns -error code on failure and 0 on succes...

CVE-2022-49203

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix double free during GPU reset on DC streams [Why]The issue only occurs during the GPU reset code path. We first backup the current state prior to commiting 0 streamsinternally from DM to DC. This state backup co...

CVE-2022-49255

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm-1): May loss orphan inode, run fsck to fix.[ 293.685358] Buffer I/O error on dev dm-1, logical block 83...

CVE-2022-49266

In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rq_qos_done_bio() a647a524a467 ("block: don't call rq_qos_ops->done_bio if the bio isn'ttracked") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.While this fixed a pote...

CVE-2022-49270

In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dm_cleanup_zoned_dev() dm_cleanup_zoned_dev() uses queue, so it must be calledbefore blk_cleanup_disk() starts its killing: blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue(...

CVE-2022-49274

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]Call Trace:ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]dquot_load_quo...

CVE-2022-49289

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against theaddress limit without taking a possible overflow into account.Passing a negative length or another overflow in here returnss...

CVE-2022-49386

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.am65_cpsw_init_cpts() and am65_cpsw_nuss_pro...

CVE-2022-49496

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev->pm.dev" will beNULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmodmtk-vcodec-dec.ko...

CVE-2022-49499

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereferences without iommu Check if 'aspace' is set before using it as it will stay null withoutIOMMU, such as on msm8974.

CVE-2022-49506

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL whenit's using in ovl irq handler. There is a timing issue betweenmtk_disp_ovl_irq_handler() and mt...

CVE-2022-49509

In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094Mem abort info:ESR = 0x96000004EC = 0x25: DA...

CVE-2022-49512

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so usethem. Otherwise we will get the following splat: [ 4.472703] denali-nand-pci 0000:00:05.0: timeout while wait...

CVE-2022-49650

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: fix runtime PM underflow Commit dbad41e7bb5f ("dmaengine: qcom: bam_dma: check if the runtime pm enabled")caused unbalanced pm_runtime_get/put() calls when the bam iscontrolled remotely. This commit revert...

CVE-2022-49682

In the Linux kernel, the following vulnerability has been resolved: xtensa: Fix refcount leak bug in time.c In calibrate_ccount(), of_find_compatible_node() will return a nodepointer with refcount incremented. We should use of_node_put() whenit is not used anymore.

CVE-2022-49709

In the Linux kernel, the following vulnerability has been resolved: cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle RCU_NONIDLE usage during __cfi_slowpath_diag can result in an invalidRCU state in the cpuidle code path: WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:613 rcu_eqs_enter+0xe4/0x138.....

CVE-2022-49778

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud The page table check trigger BUG_ON() unexpectedly when collapse hugepage: ------------[ cut here ]------------kernel BUG at mm/page_table_check.c:82!Internal error: Oops ...

CVE-2023-22997

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

CVE-2023-52636

In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from thesocket. Later, when the socket is ready for another read, themessenger invokes all read_partial_*() hand...

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption likethe following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304capage:0000000022261c5...

CVE-2023-52754

In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the secondinterface, the driver assumes blindly that the first interface gotbound with the same imon dr...

CVE-2023-52794

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2...

CVE-2023-52894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproduciblecrash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code ...

CVE-2023-52900

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree nodeblock by calling __nilfs_btree_get_block() against an invalid virtualblock address, it returns -ENO...

CVE-2023-52998

In the Linux kernel, the following vulnerability has been resolved: net: fec: Use page_pool_put_full_page when freeing rx buffers The page_pool_release_page was used when freeing rx buffers, and thisfunction just unmaps the page (if mapped) and does not recycle the page.So after hundreds of down/up...

CVE-2023-53083

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rq_pages if it's a continuation of last page The splice read calls nfsd_splice_actor to put the pages containing filedata into the svc_rqst->rq_pages array. It's possible however to get asplice result...

CVE-2023-53112

In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to store EUmask internally in UAPI format") exposed a potential out-of-boundsaccess, reported by UBSAN a...

CVE-2024-1312

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

CVE-2024-26690

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of structu64_stats_sync must ensure mutual exclusion, or one seqcount update couldbe lost on 32-bit platforms, thus blocking reade...

CVE-2024-26738

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULLpointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030Fault...

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order tosilence such warnings (and also avoid potential errors due to unexpectedinterrupts): WARNING: CPU: 1 PI...

CVE-2024-35846

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzil...

CVE-2024-35874

In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queueentry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip takingthe...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGHor O_*SYNC or RWF_*SYNC was specified, write-through caching is performedon a buffered ...

CVE-2024-36900

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink re...