CVE-2023-53043

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent If the controller is not marked as cache coherent, then kernel willtry to ensure coherency during dma-ops and that may cause data corruption.So, mark the PCIe node as...

CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insizein struct cros_ec_command1 when invoking EC host commands. Fix it by using zeroed memory.

CVE-2023-53064

In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the followinghang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver:PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "s...

CVE-2023-53091

In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journalreplay, which is obviously unreasonable because we have successfully loadedand replayed the j...

CVE-2023-53110

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driverduring the wrk/nginx test, we found that there is a probabilityof triggering a panic while terminating all link gro...

CVE-2023-53135

In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding functionwalk_stackframe randomly reads the stack and then, when KASAN is enabled,it can lead to the following ba...

CVE-2024-52559

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32values that come from the user via the submit_lookup_cmds() function.This addition could l...

CVE-2024-55642

In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned blockdevice always execute a zone report whenever a write BIO to a zonefails. The intent of this is to...

CVE-2024-57998

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make surewe do not read a freq out of the opp->rates[] table when calledfrom the indexed variants:dev_pm_opp_f...

CVE-2024-58006

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() updateinbound map address") set_bar() was modified to support dynamicallychanging the backing p...

CVE-2025-21713

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used bydifferent iommu group, the spapr_tce_set_window() returns -EPERMand the subsequent cleanup leads to ...

CVE-2025-21770

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommuiopf queue when PRI is disabled on the device. It responds to alloutstanding iopf's with an IOM...

CVE-2025-21801

In the Linux kernel, the following vulnerability has been resolved: net: ravb: Fix missing rtnl lock in suspend/resume path Fix the suspend/resume path by ensuring the rtnl lock is held whererequired. Calls to ravb_open, ravb_close and wol operations must beperformed under the rtnl lock to prevent ...

CVE-2025-21824

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra")caused a use of uninitialized mutex leading to below warning whenCONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are e...

CVE-2025-21845

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operationto sst_nor_write_data()")' introduced a bug where only one byte of datais written, regardless of the number of byte...

CVE-2025-21903

In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present,in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case apacket is transmi...

CVE-2025-21911

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, ratherthan in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ====================...

CVE-2025-21940

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrencewhen calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)

CVE-2025-21977

In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebufferdevice. When the kdump kernel runs in such a VM, loading the efifbdriver may hang because of acc...

CVE-2025-21983

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is"system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warni...

CVE-2025-23152

In the Linux kernel, the following vulnerability has been resolved: arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Fix a silly bug where an array was used outside of its scope.

CVE-2025-37849

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with thehypervisor, we propagate the error back to the ioctl but leave thevGIC vCPU data initialised. Note only does this lea...

CVE-2025-37876

In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=yCONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] ------------[ cut here ]------------[ 3.766484] kernel...

CVE-2022-49079

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone btrfs_can_activate_zone() can be called with the device_list_mutex alreadyheld, which will lead to a deadlock: insert_dev_extents() // Takes device_list_mu...

CVE-2022-49761

In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, butif end users hit such problem, there will be no chance thatbtrfs_debug() is enabled. This can lead to very ...

CVE-2022-49769

In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's veryunlikely that this field would be corrupted on its own. Nevertheless itshould be checked to avoid the possibil...

CVE-2022-49775

In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an alreadydisconnected flow. This is generally fine, unless current congestioncontrol is CDG, because it might trig...

CVE-2022-49776

In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at link creation. This patch avoids the current behavior (which could lead to crashesin ipv6 stack if the link is brought up) $ ip link add ...

CVE-2022-49793

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freedwhen device_add() fails, call put_device() to give up thereference that hold in device_initialize(), s...

CVE-2022-49800

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Add kfree(buf) to prevent the memleak. Thesame reason and s...

CVE-2022-49835

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error.And in this function, if call 'kobject_add' failed didn't free kobject.So call 'kobject_put' to re...

CVE-2022-49850

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadatacorruption while locating data blocks and a superblock writeback occurs atthe same time: task 1 task 2 A file ope...

CVE-2022-49871

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napi_get_frags kmemleak reports after running test_progs: unreferenced object 0xffff8881b1672dc0 (size 232):comm "test_progs", pid 394388, jiffies 4354712116 (age 841.975s)hex dump (first 32 bytes):e0 ...

CVE-2022-49873

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, theverifier requires the eBPF program to release these memories by callingthe corresponding helper functio...

CVE-2022-49874

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible memory leak in mousevsc_probe() If hid_add_device() returns error, it should call hid_destroy_device()to free hid_dev which is allocated in hid_allocate_device().

CVE-2022-49888

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called whenhandling debug exceptions (and synchronous exceptions from BRKinstructions), and so is called when a probed function execute...

CVE-2022-49889

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actualCPUs that exist. The tracing subsystem allocates a per_cpu directory withaccess to the per...

CVE-2022-49892

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found fromvmcore that perf had registered two ops with the same contentsuccessively, both dynamic. After unregistering th...

CVE-2022-49906

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the listprocessed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic:retry reset if there are no other resets") introduces an issue t...

CVE-2022-49910

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run inparallel: l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) ->__sock_queue...

CVE-2023-53045

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()via g_audio_cleanup() will disconnect the card and then wait for allresources to be released, whic...

CVE-2023-53067

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can seethe following messages on LoongArch, this is because using might_sleep()in preemption d...

CVE-2023-53096

In the Linux kernel, the following vulnerability has been resolved: interconnect: fix mem leak when freeing nodes The node link array is allocated when adding links to a node but is notdeallocated when nodes are destroyed.

CVE-2023-53097

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. To make things simpler, justcall debugfs_lookup_and_remove(...

CVE-2023-53119

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is notinitialized properly. Its uninitialized 'phy' field can be dereferenced inerror cases inside pn533_out_complete...

CVE-2023-53139

In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and causeout-of-bounds write in device_property_read_u8_array later.

CVE-2023-53142

In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice:Reimplement module reads used by ethtool") In this refactor,ice_get_module_eeprom() reads the eeprom in block...

CVE-2024-58018

In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdqbuffer when handling a large RPC request. When it sees at least oneavailable page in the cmdq, it...

CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n.In particular, the report is on tcp_congestion_ops that hasa "struct module...

CVE-2025-21930

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]Call Trace:? __warn+0xca/0x1c0? ...