10747 matches found
CVE-2022-49947
In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f("binder_alloc: add missing mmap_lock calls when using the VMA"), inwhich we attempt to acquire the mmap_lock whe...
CVE-2022-49953
In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which shouldgoto the existing error handling path.Otherwise some resources leak.
CVE-2022-49967
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl,WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limitis long, so we need to add a paired READ_ONCE...
CVE-2022-49992
In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() tofetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/...
CVE-2022-49994
In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from memblock.Remove it from kmemleak when freeing the page. Otherwise, when we reusethe page, kmemleak may ...
CVE-2022-49996
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail ifthe path is invalid. In this case, btrfs_get_dev_args_from_path()returns directly without freei...
CVE-2022-49997
In the Linux kernel, the following vulnerability has been resolved: net: lantiq_xrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer addressis stored. When this descriptor is used again, the system panics in thebuild_skb() function when ...
CVE-2022-50014
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, we knowthat FOLL_FORCE can be possibly dangerous, especially if there are racesthat can be exploited by...
CVE-2022-50017
In the Linux kernel, the following vulnerability has been resolved: mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start We should call of_node_put() for the reference 'uctl_node' returned byof_get_parent() which will increase the refcount. Otherwise, there willbe a refcount l...
CVE-2022-50063
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that whendsa_tree_notify() fails, it doesn't know whether the operation failedmid way in a multi-switch tree, or it...
CVE-2022-50064
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq isfreed on suspend and reallocated on resume. So, hctx->user_data isinvalid after resume, and it will cause u...
CVE-2022-50075
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe(eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can...
CVE-2022-50114
In the Linux kernel, the following vulnerability has been resolved: net: 9p: fix refcount leak in p9_read_work() error handling p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoidtemporary refcount leak. [Dominique: commit wording adjustments, p9_req_put argument fixes for re...
CVE-2022-50170
In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunit_filter_tests It's possible that memory allocation for 'filtered' will fail, but for thecopy of the suite to succeed. In this case, the copy could be leaked. Properly free 'copy...
CVE-2022-50193
In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after z_erofs_lzma_head ready When the user mounts the erofs second times, the decompression threadmay hung. The problem happens due to a sequence of steps like thefollowing: Task A called z_erofs_load_lz...
CVE-2022-50195
In the Linux kernel, the following vulnerability has been resolved: ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock Replace gcc PXO phandle to pxo_board fixed clock declared in the dts.gcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause akernel panic if any driver actual...
CVE-2022-50214
In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) andhold a reference to the fwnode. When a device goes away, we walk throughthe devices on the coresight bus and make sure...
CVE-2022-50225
In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before execthe origin insn,and set spie after that.But When access the pagewhich origin insn has been placed a page fault may happen and...
CVE-2024-58238
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test onbtnxpuart for couple of hours, such that the interval between two HCIcommands coincide with...
CVE-2025-38021
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check forpipe_ctx->plane_state in dcn20_program_pipe") that addresses a nullpointer der...
CVE-2025-38076
In the Linux kernel, the following vulnerability has been resolved: alloc_tag: allocate percpu counters for module tags dynamically When a module gets unloaded it checks whether any of its tags are still inuse and if so, we keep the memory containing module's allocation tagsalive until all tags are...
CVE-2025-38372
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling __xa_store() and __xa_erase() were used without holding the proper lock,which led to a lockdep warning due to unsafe RCU usage. This patchreplaces them with xa_store() an...
CVE-2025-38379
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2_reconnect_server(), a dummy tconis passed down to smb2_reconnect() with ->query_interfaceuninitialized, so we can't call queue_delayed_work()...
CVE-2025-38398
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtd_nandbiterrs module for testing the driver occasionallyresults in weird things like below. swiotlb mapping fails with the following message: [ 85.926216] qcom_snand 79b0...
CVE-2025-38404
In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition ofcros_typec_altmode_data::mutex.The call chain is as follows: cros_typec_altmode_work() acquires the mutex typec_altmode_vd...
CVE-2025-38492
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALL_QUEUED being set When netfslib is issuing subrequests, the subrequests start processingimmediately and may complete before we reach the end of the issuingfunction. At the end o...
CVE-2022-50025
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in theerror handling path of afu_allocate_irqs().
CVE-2022-50043
In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both theobject rt and neigh are grabbed successfully, when lifetime isnonzero but the metric needs change, the ...
CVE-2022-50056
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL.The bug happens because we don't initialize i_op for records in $Extend.
CVE-2022-50070
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153Modules linked in: uio_ivshmem(OE)...
CVE-2022-50205
In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matchesthe number computed from number of inodes per group. Also verify we haveat least one block worth of inodes per gr...
CVE-2022-50233
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated sothis instead use strnlen and then attempt to determine if the resultingstring needs to be ...
CVE-2025-38366
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS aboutirqchip EIOINTC, here add validation about cpu number to avoid arraypointer overflow.
CVE-2025-38367
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modifyregister EIOINTC_ENABLE. There will be array index overflow problem.
CVE-2025-38370
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix failure to rebuild free space tree using multiple transactions If we are rebuilding a free space tree, while modifying the free spacetree we may need to allocate a new metadata block group.If we end up using multiple tra...
CVE-2025-38447
In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix potential out-of-bounds page table access during batched unmap As pointed out by David[1], the batched unmap logic intry_to_unmap_one() may read past the end of a PTE table when a largefolio's PTE mappings are not full...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's inthe future"), the following program would immediately enter a busyloop in the kernel: int main() { int...
CVE-2025-38357
In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on truncate_folio_batch_exceptionals() The WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() tocapture whether the filesystem has removed all DAX entries or not. And the fix has been applie...
CVE-2025-38397
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following"suspicious RCU usage" warning in nvme_mpath_add_sysfs_link(): '''[ 5.024557][ T44] nvmet: Created nvm controller 1...
CVE-2025-38433
In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the __runtime_fixup_32 function does not handle the case where val iszero correctly (as might occur when patching a nommu kernel and referringto a physical address below the 4Gi...
CVE-2025-38442
In the Linux kernel, the following vulnerability has been resolved: block: reject bs > ps block devices when THP is disabled If THP is disabled and when a block device with logical block size >page size is present, the following null ptr deref panic happens duringboot: [ [13.2 mK AOSAN: null-...
CVE-2025-38358
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and close_ctree() Syzbot reported an assertion failure due to an attempt to add a delayediput after we have set BTRFS_FS_STATE_NO_DELAYED_IPUT in the fs_infostate: WARNING: CPU: 0 PID: 6...
CVE-2025-38378
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe In probe appletb_kbd_probe() a "struct appletb_kbd *kbd" is allocatedvia devm_kzalloc() to store touch bar keyboard related data.Later on if backlight_device_get_by...
CVE-2025-38394
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix memory corruption of input_handler_list In appletb_kbd_probe an input handler is initialised and then registeredwith input core through input_register_handler(). When this happens inputcore will add the input ...
CVE-2025-38411
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix double put of request If a netfs request finishes during the pause loop, it will have the refthat belongs to the IN_PROGRESS flag removed at that point - however, if itthen goes to the final wait loop, that will also put...
CVE-2025-38432
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP checksum field before checksumming commit f1fce08e63fe ("netpoll: Eliminate redundant assignment") removedthe initialization of the UDP checksum, which was wrong and brokenetpoll IPv6 transmission due t...
CVE-2025-38500
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation,thus xfrmi_changelink() should fail when called on such interfaces. The check to...