CVE-2025-22062

In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0...

CVE-2025-22081

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition canhave an integer wrapping issue. Fix it by using size_add().

CVE-2025-22095

In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulatorsare created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a cal...

CVE-2025-23142

In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible bydoing a lookup based on the socket endpoint and the message destinationaddress, and then sctp_se...

CVE-2025-23145

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./ne...

CVE-2025-37799

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (thatis, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's...

CVE-2025-39778

In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries, but theiteration code in nvmet_ctrl_state_show() iterates seven, resulting in apotential out-of-bou...

CVE-2021-47636

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds infollowing process: ubifs_wbuf_write_nolock():aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_le...

CVE-2021-47654

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memorypointed to by 'path_list'ret = 0;^path_list is allocated in parse_path() but never freed.

CVE-2022-49065

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferredwhile the sunrpc tracing subsystem is enabled. svc_revisit() setsdr->xprt to NULL, so it can't be relied upon in the t...

CVE-2022-49074

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICR_CTLR.RWP polling It turns out that our polling of RWP is totally wrong when checkingfor it in the redistributors, as we test the distributor bit index,whereas it is a different bit number in the RDs... Oops...

CVE-2022-49113

In the Linux kernel, the following vulnerability has been resolved: powerpc/secvar: fix refcount leak in format_show() Refcount leak will happen when format_show returns failure in multiplecases. Unified management of of_node_put can fix this problem.

CVE-2022-49115

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix misused goto label Fix a misused goto label jump since that can result in a memory leak.

CVE-2022-49128

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pm_runtime_put_sync pm_runtime_get_sync() will increase the rumtime PM countereven when it returns an error. Thus a pairing decrement is neededto prevent refcount leak. Fix this by replacing this API withpm_...

CVE-2022-49137

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path inamdgpu_cs_fence_to_handle_ioctl(). When info->in.what falls intodefault case, the function simply returns -EINVAL, forgetti...

CVE-2022-49148

In the Linux kernel, the following vulnerability has been resolved: watch_queue: Free the page array when watch_queue is dismantled Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when thewatch_queue is torn down") took care of the bitmap, but not the pagearray. BUG: memory leakunreference...

CVE-2022-49176

In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfq_dispatch_request KASAN reports a use-after-free report when doing normal scsi-mq test [69832.239032] ==================================================================[69832.241810] BUG: KASAN: use-af...

CVE-2022-49187

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_hw_get_clk() when dev is NULL Any registered clk_core structure can have a NULL pointer in its devfield. While never actually documented, this is evidenced by the wideusage of clk_register and clk_hw_register with a NU...

CVE-2022-49189

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms tosupport M/N as (2/3) and the final D value calculated results inunderflow errors.As the current i...

CVE-2022-49224

In the Linux kernel, the following vulnerability has been resolved: power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add()： If this function returns an error, kobject_put() must be calle...

CVE-2022-49390

In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. That cannot ensure that real_dev is freed after macsec. That will trigger theUAF bug for real_dev as following: ========================...

CVE-2022-49418

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. Send along the already-allocated fattr along with nfs4_fs_locations, anddrop the memcpy of fattr. We end up growing two more allocations, but thisfixes up a crash as: ...

CVE-2022-49422

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resourcesare leaking. Add the needed error handling path to fix the leak.

CVE-2022-49438

In the Linux kernel, the following vulnerability has been resolved: Input: sparcspkr - fix refcount leak in bbc_beep_probe of_find_node_by_path() calls of_find_node_opts_by_path(),which returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_...

CVE-2022-49468

In the Linux kernel, the following vulnerability has been resolved: thermal/core: Fix memory leak in __thermal_cooling_device_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888010080000 (size 264312):comm "182", pid 102533, jiffies 4296434960 (age...

CVE-2022-49473

In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not needed anymore.Add missing of_node_put() to avoid refcount l...

CVE-2022-49484

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector Fix possible NULL pointer dereference in mt7915_mac_fill_rx_vectorroutine if the chip does not support dbdc and the hw reports band_idxset to 1.

CVE-2022-49486

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe of_find_i2c_device_by_node() takes a reference,In error paths, we should call put_device() to dropthe reference to aviod refount leak.

CVE-2022-49516

In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as ifhandling messages during a reset where the VSI is being removed andrecreated. Several places throughout the driver do not ...

CVE-2022-49525

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'[ 14.747449] ...

CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: destroy() which is called when the VM is being destroyed; release() which is called when a device fd is closed. Most KVM devices u...

CVE-2022-49621

In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fix refcount leak bug In pmac_cpufreq_init_MacRISC3(), we need to add correspondingof_node_put() for the three node pointers whose refcount havebeen incremented by of_find_node_by_name().

CVE-2022-49623

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140Read of size 8 at addr c00000001d1d0118 by t...

CVE-2022-49627

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in ima_init_crypto() On failure to allocate the SHA1 tfm, IMA fails to initialize and exitswithout freeing the ima_algo_array. Add the missing kfree() forima_algo_array to avoid the potential memory l...

CVE-2022-49713

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we shouldcall usb_put_hcd to free it when platform_get_resource()fails to prevent memory leak.goto error2 label instead error1 to fix this.

CVE-2022-49725

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setup_tx_descriptors After PF reset and ethtool -t there was call trace in dmesgsometimes leading to panic. When there was some time, around 5seconds, between reset and test there were no errors. Problem was...

CVE-2022-49729

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b("Bluetooth: btusb: Fix memory leak in play_deferred"), we thoughta patch might be needed here as well. Currently...

CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflowand causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculatin...

CVE-2023-52938

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused bythe driver attempting to resume ports that were not yetregistered.

CVE-2023-52991

In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer in skb_segment_list Commit 3a1296a38d0c ("net: Support GRO/GSO fraglist chaining.")introduced UDP listifyed GRO. The segmentation relies on frag_list beinguntouched when passing through the network stack. This...

CVE-2023-53005

In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' Function 'create_hist_field' is called recursively attrace_events_hist.c:1954 and can return NULL-value that's why we haveto check it to avoid null pointer derefe...

CVE-2024-57916

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs whileaccessing GPIO values. This is done by replacing generic_handle_irq withhandle_nested_irq.

CVE-2024-57921

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously,the tester found a system hang / race condition issue withthe multi-display configuration setting. Adding a lo...

CVE-2024-58099

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's serviceload-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such asIP...

CVE-2025-21809

In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or morerxrpc_peer objects. The address list is freed under RCU and at this time,it puts the refs on those peers. Now...

CVE-2025-21812

In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible circular locking dependen...

CVE-2025-21883

In the Linux kernel, the following vulnerability has been resolved: ice: Fix deinitializing VF in error path If ice_ena_vfs() fails after calling ice_create_vf_entries(), it freesall VFs without removing them from snapshot PF-VF mailbox list, leadingto list corruption. Reproducer:devlink dev eswitc...

CVE-2025-22015

In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at thesame time. Namely, once it is in swap cache, folio->mapping should beNULL, and the folio is no longer...

CVE-2025-22025

In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, weincrement the reference count of dl_stid.We expect that after the corresponding work_struct is processed, thereferenc...

CVE-2025-22033

In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handler() only fixes up alignment faults forspecific instructions; it returns NULL otherwise (e.g. LDREX). Whenthat's the case, signal to the caller that it ...