CVE-2022-50152

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.

CVE-2022-50206

In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmaxand can generate the following Oops if called concurrently with itself: | Unable to handle kerne...

CVE-2023-32246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connectionand rmmod. In ksmbd, rcu_barrier() is not called at module unload time,so nothing prevents ksmbd from getting un...

CVE-2024-43874

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.Return from __sev_snp_shutdown_locked() if the psp_device or thesev_device structs are not i...

CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow pathKASAN report error. Fix this error.west login:[ 52.987278] eth1: renamed from veth11[ 53.078814] eth1: renamed from veth21[ 53.181355...

CVE-2024-52557

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expressiondrm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 i...

CVE-2025-21747

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling thevideo signal, while the timeout is only 200 msec. This results in akernel error message. Increase the timeou...

CVE-2025-21822

In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclock_ptp_register() fails during probing, vmclock_remove() iscalled to clean up the ptp clock and misc device.It uses dev_get_drvdata() to access the vmclock state.However the dr...

CVE-2025-37916

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core][Mon Apr 21 21:21:33 2025] ...

CVE-2025-38110

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write datafrom/to network interface and its PHY via C45 (clause 45) mdiobus,there is no verification...

CVE-2022-49938

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), afterthe request is sent, the checks would return -EIO when they should berather setting rc = -EIO and jumping to n...

CVE-2022-49966

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.

CVE-2022-50046

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the functionfails to grab the object xprt, it simply returns 0, forgetting todecrease the reference count ...

CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()and it will lead to a NULL dereference by a lately use of it(i.e., ptr = cache_ent->caps_cache). Fix it wi...

CVE-2024-58000

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent reg-wait speculations With *ENTER_EXT_ARG_REG instead of passing a user pointer with argumentsfor the waiting loop the user can specify an offset into a pre-mappedregion of memory, in which case the[offset, offset...

CVE-2025-37904

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG]There is a bug report that a syzbot reproducer can lead to the followingbusy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd39...

CVE-2025-38060

In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied bycopy_verifier_state(). Otherwise, .loop_entry values from unrelatedstates would poison env->cur_state. Addition...

CVE-2016-6752

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

CVE-2022-49958

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and queue 0 failsto attach qdisc because there is no memory in attach_one_default_qdisc().Then dev->qdi...

CVE-2022-50032

In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will returna node pointer with refcount incremented. We should use of_node_put()when it is not used anymore.

CVE-2022-50034

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request(){...kfree(priv_req->request.buf);cdns3_gadget_ep_free_request(&priv_ep->endpoint...

CVE-2022-50076

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64):comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s)hex dump (first 32 bytes):80 5a d0 11...

CVE-2022-50125

In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid r...

CVE-2022-50132

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointerand its dereference with priv_ep->cdns3_dev may cause panic....

CVE-2022-50138

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() __qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" withinit_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr"is released while "mr->...

CVE-2022-50154

In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount incremented, sowe should use of_node_put() on it when we don't need it anymore. Add missing of_node_pu...

CVE-2022-50157

In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() of_get_next_child() returns a node pointer with refcount incremented, so weshould use of_node_put() on it when we don't need it anymore. mc_pcie_init_irq_domains() onl...

CVE-2022-50172

In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine.

CVE-2022-50191

In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned byof_get_child_by_name() which has increased the refcount.

CVE-2022-50220

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which maysleep. On disconnect, completion of the work was originally awaited in->ndo_stop(). But in 2003, that was...

CVE-2023-20677

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.

CVE-2024-57991

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() During rtw89_entity_recalc_mgnt_roles(), there is a normalizing processwhich will re-order the list if an entry with target pattern is found.And once one is fou...

CVE-2024-57995

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a differentradio, it gets deleted from that radio through a call toath12k_mac_unassign_link_vif...

CVE-2025-37950

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit9a5e08652dc4b ("ocfs2: use an array of folios instead of an array ofpages") save -ENOMEM in the folio array upon allo...

CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease contextintroduced a memory leak. When the bounds check fails, the functionreturns NULL without freeing the previously allocat...

CVE-2025-38005

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lockvalidator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x3...

CVE-2025-38009

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b("net: warn if NAPI instance wasn't shut down"). Disable tx napi beforedeleting it in mt76_dma_cleanup(). WARNING: CP...

CVE-2025-38014

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals andso on. Refactor remove call with the idxd_cleanup() helper to avoid codeduplication. Note, this ...

CVE-2025-38023

In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context innfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treatan nfs4_unlockdata structure (whos...

CVE-2025-38079

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash withMSG_MORE flag set and crypto_ahash_import fails,sk2 is freed. However, it is also freed in af_alg_release,leading to slab-use-...

CVE-2025-38086

In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to callmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()utilises a local buffer called "buff", which is initialis...

CVE-2016-3907

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

CVE-2022-50027

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails toissue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq requ...

CVE-2022-50085

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm testlvconvert-raid.sh. The reason for the warning is that mddev->raid_disksis greater than rs->raid_disks, so ...

CVE-2022-50111

In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6359: Fix refcount leak bug In mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should callof_node_put() for the reference returned by of_get_child_by_name()which has increased the refcount.

CVE-2022-50120

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not needed anymore.This function has two paths missing of_no...

CVE-2022-50124

In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcou...

CVE-2022-50196

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.of_nod...

CVE-2022-50215

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg willimmediately return -ENODEV on any attempt to wait for active commands thatwere sent before the r...

CVE-2024-57983

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq areintended to save and restore the interrupt mask registers in the MBOXICU0. However, the arra...