CVE-2025-21819

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/display: Use HW lock mgr for PSR1" This reverts commita2b5a9956269 ("drm/amd/display: Use HW lock mgr for PSR1") Because it may cause system hang while connect with two edp panel.

CVE-2025-21842

In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared asvoid amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void mem_obj);Which takes void as the second parameter. GCC allow...

CVE-2025-21880

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmm_range_fault() as a non-fatal errorwhen called from xe_vm_userptr_pin() with the idea that we want to avoidkilling the entire vm and chucking an error, under the...

CVE-2025-21897

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is calledwithout preceding balance_scx()") added a workaround to handle the cas...

CVE-2025-23153

In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Fix a silly bug where an array was used outside of its scope.

CVE-2025-37822

In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer is used to single-step thereplaced instruction(s) for uprobes. The RISC-V port was missing aproper fence.i (i$ flushing) after c...

CVE-2025-37837

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure:arm-smmu-v3.9.auto: Failed to register iommuarm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed ...

CVE-2025-37843

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing racecondition which can lead to a deadlock: A parent hotplug port acquirespci_lock_rescan_remove(), then w...

CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the resetthread resets them, the task management thread accesses an invalid queue ID(0xFFFF), set...

CVE-2025-37870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why]When link training fails, the phy clock will be disabled. However, inenable_streams, it is assumed that link training succeeded and themux selects the phy clock, causing a ha...

CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc classhas a netem child qdisc. The crux of the issue is that hfsc is assumingthat chec...

CVE-2025-37924

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointercreated by ksmbd_free_user. However, it is possible another thread couldbe operating on the session and mak...

CVE-2025-37937

In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the resultis a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSA...

CVE-2022-49783

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rtbut the same issue also applies to the current preempt-rt tree. BUG: sleeping function called from i...

CVE-2022-49792

In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out ofbound access in iio core.

CVE-2022-49797

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() When trace_get_event_file() failed, gen_kretprobe_test will be assignedas the error code. If module kprobe_event_gen_test is removed ...

CVE-2022-49812

In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware eithervia switchdev or the 8021q driver. When the former is used, the VLAN ismarked in the bridge driver...

CVE-2022-49825

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() isnot checked. As a result, it causes null-ptr-deref while removingthe module, because transport_remove_dev...

CVE-2022-49833

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfs_device, we're not cloning the associatedbtrfs_zoned_device_info structure of the device in case of a zonedfilesystem. Later on this leads to a NULL po...

CVE-2022-49840

In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment faultif KFENCE enabled. When the size from user bpf program is an oddnumber, like 399, 407, etc, it will cause ...

CVE-2022-49895

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allocation crash When an intermediate port's decoders have been exhausted by existingregions, and creating a new region with the port in question in it'shierarchical path is attempted, cxl_port_attach_region...

CVE-2022-49901

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024):comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s)hex dump (first 32 ...

CVE-2023-52936

In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. To make things simpler, justcall debugfs_lookup_an...

CVE-2023-53035

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges ametadata array to/from user space, may copy uninitialized buffer regionsto user space memory for read-only i...

CVE-2023-53040

In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data ifieee802154_hdr_peek_addrs() fails.

CVE-2023-53061

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix thisby adding the missing posix_acl_release().

CVE-2023-53074

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed afterthe mode1 reset. During mode1 reset, from suspend to resume,there is no need to reinitialize the ta firmware bufferwhich ...

CVE-2023-53082

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panicThe root cause is: vdpa_mgmtdev_unregister() will accesses moderndevices which will cause a use after free.So need to ...

CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously orasynchronously when using asynchronous I/O unless memory allocation fails.Hence, modify loop_handle_cmd() such that it does not der...

CVE-2023-53118

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only becalled once per host that is removed. This change does not require ascsi_add_host_with_dma() chan...

CVE-2024-54191

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworkingiso_sock_recvmsg, to ensure that the socket lock is always releasedbefore calling a function that locks hd...

CVE-2024-54456

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remainsunknown. Invoking strcat() directly will also lead to potential bufferoverflow. Change them to ...

CVE-2024-57984

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound withdw_i3c_hj_work. And dw_i3c_master_irq_handler can calldw_i3c_master_irq_handle_ibis function to star...

CVE-2025-21813

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix off-by-one root mis-connection Before attaching a new root to the old root, the children counter of thenew root is checked to verify that only the upcoming CPU's top group havebeen connected to it. However sin...

CVE-2025-21817

In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several->store() callbacks(update_nr_requests, wbt, scheduler) to allocatememory with GFP_KERNEL which may run into d...

CVE-2025-21907

In the Linux kernel, the following vulnerability has been resolved: mm: memory-failure: update ttu flag inside unmap_poisoned_folio Patch series "mm: memory_failure: unmap poisoned folio during migrateproperly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Co...

CVE-2025-21990

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will beNULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebe...

CVE-2025-37802

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the currenttask to TASK_UNINTERRUPTIBLE, before doing the condition check. Thismeans that ksmbd_durable_scavenger_alive() w...

CVE-2025-37814

In the Linux kernel, the following vulnerability has been resolved: tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), but asit turns out, (1) the logic I im...

CVE-2025-37818

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD sloteven if the underlying entry points to invalid_pte_table (indicating nomapping). Callers like smap...

CVE-2025-37826

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fixufshcd_abort_o...

CVE-2025-37866

In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() A warning is seen when running the latest kernel on a BlueField SOC:[251.512704] ------------[ cut here ]------------[251.512711] invalid sysfs_emit: buf:000000000...

CVE-2025-37868

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix notifier vs folio deadlock User is reporting what smells like notifier vs folio deadlock, wheremigrate_pages_batch() on core kernel side is holding folio lock(s) andthen interacting with the mappings of it, howe...

CVE-2025-37989

In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition,which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function...

CVE-2022-49747

In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Fix incorrect offset calculation Effective offset to add to length was being incorrectly calculated,which resulted in iomap->length being set to 0, triggering a WARN_ONin iomap_iter_done(). Fix that, and describe i...

CVE-2022-49758

In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(res) invoked,if platform_get_resource() returns NULL.

CVE-2022-49764

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot [1] about warnings that were caused bybpf program attached to contention_begin raw tracepoint triggeringthe same tracepoint by using bpf_trace_p...

CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcg_css_online blkcg_css_online is supposed to pin the blkcg of the parent, but397c9f46ee4d refactored things and along the way, changed it to pin thecss instead. This results in extra pins,...

CVE-2022-49820

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: don't count unused / invalid keys for flow release We're currently hitting the WARN_ON in mctp_i2c_flow_release: if (midev->release_count > midev->i2c_lock_count) { WARN_ONCE(1, "release count overflow"); This ma...

CVE-2022-49831

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary toinitialize each zoned device's btrfs_zoned_device_info structure,otherwise mounting the filesystem will cause a...