CVE-2022-49777

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 - fix leaking of platform device on module removal Avoid resetting the module-wide i8042_platform_device pointer ini8042_probe() or i8042_remove(), so that the device can be properlydestroyed by i8042_exit() on module ...

CVE-2022-49826

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(),ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() i...

CVE-2022-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows:EXT4-fs (loop0): Free/Dirty block detailsEXT4-fs (loop0): free_blocks=0EXT4-fs (loop0): dirty_blocks=0EXT4-fs (loop0): Block reservation detailsEXT4-fs ...

CVE-2022-49916

In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0...

CVE-2023-20850

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.

CVE-2023-3359

An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.

CVE-2023-52655

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0and sizeof(u64) the value passed to skb_trim()as length will wrap around ending up as some verylarge value. The driver will then proce...

CVE-2023-52785

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR If command timeout happens and cq complete IRQ is raised at the same time,ufshcd_mcq_abort clears lprb->cmd and a NULL pointer deref happens in theISR. Error l...

CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we mustallow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstoreaccess layer") added a new get...

CVE-2023-52896

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while anotherone is trying to disable quotas, we can end up hitting a race that resultsin th...

CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has avalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalidcombination according to the comment ab...

CVE-2023-53032

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value ofan arithmetic expression 2 <

CVE-2023-53050

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in margining Memory for the usb4->margining needs to be relased for the upstream portof the router as well, even though the debugfs directory gets releasedwith the router device removal. Fix this.

CVE-2023-53091

In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journalreplay, which is obviously unreasonable because we have successfully loadedand replayed the j...

CVE-2023-53116

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free therequest passed as argument. Such implementation potentially could resultin a use after free of the request...

CVE-2023-53137

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need toupdate '..' entry in the moved directory. However nothing prevents moveddirectory from being modified and ev...

CVE-2024-22386

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE-2024-26834

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: release dst in case direct xmit path is used Direct xmit does not use it since it calls dev_queue_xmit() to sendpackets, hence it calls dst_release(). kmemleak reports: unreferenced object 0xffff88814f4...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8i_ce_cipher_unprepare should be called beforecrypto_finalize_skcipher_request, because client callbacks mayimmediately free memory, that isn't needed anymore. But it will beuse...

CVE-2024-35793

In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfsremove while files are being accessed, even though the code inquestion now uses debugfs cancellations. Turns out th...

CVE-2024-36962

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses local_bh_disable()/local_bh_enable() in itsIRQ handler to avoid triggering net_rx_action() softirq on exit fromnetif_rx(). The net_rx_a...

CVE-2024-38539

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041)km...

CVE-2024-38551

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is presentand used on a board to assign the correct parameters and this is doneby checking the codec D...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot inthe ddp_comp array but mtk_drm_crtc_create() never seemed toinitialize it in the test case I ran. For me, this caused...

CVE-2024-41018

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

CVE-2024-41028

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMImatching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-...

CVE-2024-42113

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.Thus there will be kernel panic in wx_alloc_q_vectors() to allocatequeue vectors.

CVE-2024-42239

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finishexecuting,...

CVE-2024-43816

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out ofbounds pointer dereference when FCP targets are zoned. In lpfc_prep_embed_io, the ...

CVE-2024-44951

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same timeas a packet is about to be transmitted on channel B, we observe with alogic analyzer that the received packet on cha...

CVE-2024-44967

In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2Cadapter when the underlying Linux device goes away. But the connectorstill refers to it, so this cleanup leaves behind...

CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs oncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAMchunk. v2: Always use 2M pages for last chunk (Fei Y...

CVE-2024-46831

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checkingthe return code of vcap_del_rule.

CVE-2024-46869

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is usedto store internal data.

CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled.__dev_queue_xmit has the following: /* Disable...

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, itdoesn't check the remaining info_cnt. The following splat will bereported when the value of ret * nele...

CVE-2024-50174

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal arraywhen entries are being simultaneously added and removed. However thereis still a race betwee...

CVE-2024-56547

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60test_boost=2, will trigger the following war...

CVE-2024-56669

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS,leading to potential memory leaks and kernel crashes. Specifically,CACHE_TAG_DEVTLB type cache tags may still rema...

CVE-2024-56674

In the Linux kernel, the following vulnerability has been resolved: virtio_net: correct netdev_tx_reset_queue() invocation point When virtnet_close is followed by virtnet_open, some TX completions canpossibly remain unconsumed, until they are finally processed during thefirst NAPI poll after the ne...

CVE-2025-21801

In the Linux kernel, the following vulnerability has been resolved: net: ravb: Fix missing rtnl lock in suspend/resume path Fix the suspend/resume path by ensuring the rtnl lock is held whererequired. Calls to ravb_open, ravb_close and wol operations must beperformed under the rtnl lock to prevent ...

CVE-2025-21946

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsdstruct size. If it is smaller, It could cause slab-out-of-bounds.And when validating sid, It need to check it inclu...

CVE-2025-21949

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg errorreport message such as: kernel BUG at mm/hugetlb.c:5550!Oops - BUG[#1]:CPU: 0 UID: 0 PID: 1517 Comm...

CVE-2025-21987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned ifamdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (che...

CVE-2025-22000

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF,folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop allpage cache refs. Othe...

CVE-2025-22031

In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion When BIOS neglects to assign bus numbers to PCI bridges, the kernelattempts to correct that during PCI device enumeration. If it runs outof bus numbers, no pci_bus i...

CVE-2025-22034

In the Linux kernel, the following vulnerability has been resolved: mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Patch series "mm: fixes for device-exclusive entries (hmm)", v2. Discussing the PageTail() call in make_device_exclusive_range() withWilly, I recently discovered [1] that device-exclu...

CVE-2025-22051

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to thedriver cause a NULL dereference Oops as the bus_interfaceis set to NULL on disconnect. This problem was introd...

CVE-2025-22082

In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer iniio_backend_debugfs_write_reg() before passing it to sscanf(). It is astack variable so we should not assume it will 0 initialized.

CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spicontroller, but the legacy remove function will be called first duringdevice detach and trigger kernel p...