CVE-2022-49391

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no needto free it explicitly in the remove function.

CVE-2022-49452

In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dma_unmap The TSO header was DMA unmapped before the virtual address was retrievedand then used to free the buffer. This meant that we were actuallyremoving the DMA map and then trying...

CVE-2022-49464

In the Linux kernel, the following vulnerability has been resolved: erofs: fix buffer copy overflow of ztailpacking feature I got some KASAN report as below: [ 46.959738] ==================================================================[ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_tra...

CVE-2022-49767

In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop()from p9_conn_destroy() from p9_fd_close() is failing to interrupt alreadystarted kernel_read() from p9_fd_read(...

CVE-2022-49818

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().

CVE-2022-49822

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, thenthe module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it wil...

CVE-2022-49841

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance whensystem hibernates. [ 37.371969] ------------[ cut here ]------------[ 37.376599] uart3_root_clk already disabled[ 37.380810]...

CVE-2022-49863

In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following:(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.(b) use syscall(__NR_sendmsg, ...) to...

CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, __ifal_reservedremained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

CVE-2022-49891

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Move kfree(buf) from fail path to common pathto prevent the memleak....

CVE-2023-20847

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.

CVE-2023-32810

In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.

CVE-2023-53022

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: ================================WARNING: inconsistent lock state6.2.0-rc2-07010-ga9b9500ffaac-dirty #967 Not tainted inconsiste...

CVE-2023-53035

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges ametadata array to/from user space, may copy uninitialized buffer regionsto user space memory for read-only i...

CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously orasynchronously when using asynchronous I/O unless memory allocation fails.Hence, modify loop_handle_cmd() such that it does not der...

CVE-2023-53118

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only becalled once per host that is removed. This change does not require ascsi_add_host_with_dma() chan...

CVE-2023-53125

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger thanthe actual socket buffer length (up to 9026 bytes). In suchcase the cloned skb passed up the network stack will leakkern...

CVE-2023-53135

In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding functionwalk_stackframe randomly reads the stack and then, when KASAN is enabled,it can lead to the following ba...

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possiblefor a migration job to be stuck behind a fault if migration exec queueshares engines with use...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointerdereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->p...

CVE-2024-41083

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid Fix netfs_page_mkwrite() to check that folio->mapping is valid once it hastaken the folio lock (as filemap_page_mkwrite() does). Without this,generic/247 occasi...

CVE-2024-42234

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often onflags when freeing, yet the flags shown are not bad: PG_locked had beenset and cleared??), and VM_BUG_...

CVE-2024-44973

In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deepinside do_slab_free to the wrapper functions outside. This is a nicechange, but unfortunately it missed one spot ...

CVE-2024-45030

In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with largeMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payloadcorruption on TX. An easy reproducer is to run ssh to connect to the ...

CVE-2024-46699

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable preemption while updating GPU stats We forgot to disable preemption around the write_seqcount_begin/end() pairwhile updating GPU stats: [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.is...

CVE-2024-46701

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations tosimple_offset_dir_operations, every rename happened will fill new dentryto dest dir's maple tree(&SHMEM_I(inode)-&...

CVE-2024-46776

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Run DC_LOG_DC after checking link->link_enc [WHAT]The DC_LOG_DC should be run after link->link_enc is checked, not before. This fixes 1 REVERSE_INULL issue reported by Coverity.

CVE-2024-46850

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipecontext passed to dcn35_set_drr() is a member of this resource context. If dc_state...

CVE-2024-47676

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens becausevmf_anon_prepare() could drop the per-VMA lock and allow the current VMAto be freed before hugetlb_vma_unlock_read()...

CVE-2024-49943

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be runningconcurrently with an async queue destroy, therefore dereferencing thequeue ptr to check wedge status after t...

CVE-2024-49984

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...

CVE-2024-50092

In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the bufferfor userdata. However, this is not an issue since userdata will be sentin the next iteration. Current warning message: --------...

CVE-2024-53080

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when convertinggroup handle to group object") we need to use the XArray's internallocking when retrieving a vm pointer ...

CVE-2024-53192

In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member hws in struct clk_hw_onecell_data is annotatedwith the counted_by() attribute. This means that when memory isallocated for this...

CVE-2024-57799

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked beforeplatform_set_drvdata() is executed in ->probe(), leading to a NULLpointer dereference when us...

CVE-2024-57934

In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]elements, which are fgraph_ops. The loop checks if an element is afgraph_stub to prevent using a fgraph_s...

CVE-2025-21783

In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_() macros to print messages.However these macros rely on gpiodev to be initialised and set,which is not the case when called via bgpio_init()....

CVE-2025-21874

In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors,which should be done only ...

CVE-2025-21983

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is"system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warni...

CVE-2025-23154

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix io_req_post_cqe abuse by send bundle [ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0[ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0[ 115.001880][ ...

CVE-2025-37760

In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commitmerge or a failure to duplicate anon_vma's, we report this so the callercan handle it. ...

CVE-2025-37762

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources whenerror happens.

CVE-2025-37802

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the currenttask to TASK_UNINTERRUPTIBLE, before doing the condition check. Thismeans that ksmbd_durable_scavenger_alive() w...

CVE-2025-37826

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fixufshcd_abort_o...

CVE-2025-37846

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET* and reading it can result ina UBSAN out-of-bounds array access error, specifically when the MOPSexception is taken from a SET* seq...

CVE-2025-37938

In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make surethat they do not point at memory that is not in the trace event itself orin data that will never be freed. If a...

CVE-2025-37948

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influencewhat the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgat...

CVE-2025-37963

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typicallydisabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigat...

CVE-1999-0074

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

CVE-2001-1394

Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.