2811 matches found
CVE-2025-37961
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1].commit 4754957f04f5 ("ipvs: do not use random local source address fortunnels") already implies that the input value of...
CVE-2025-37964
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 isset and the CPU should be getting TLB flushes for the new mm. Butshould_flush_tlb() has a...
CVE-2025-37975
In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of therelocation section. Simplify to num_relocations which is equivalent tothe existing size expression.
CVE-2025-37981
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determinewhether special adjustments need to be made for kdump. This has theeffect that after a regular kexec reboot,...
CVE-2024-57992
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (bothsdio and spi) which can lead to kernel panic, as this one for examplewhen using SPI: Unable to h...
CVE-2025-37946
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize stateof zpci_dev's") the code to ignore power off of a PF that has child VFswas change...
CVE-2025-37958
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry duringa deferred split scan can lead to an invalid address access, asillustrated below. To prevent thi...
CVE-2022-50066
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, thedereference of self->aq_vec[i] is not checked and then leads to theindex out of range error.Also fixed thi...
CVE-2025-37897
In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion isincorrect, because even if it was possible, it would not be the validbehaviour. The function is us...
CVE-2025-37900
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out thata NULL pointer should be rejected prior to dereferencing it:https://lore.kernel.org/all/86881827-8E2D...
CVE-2025-37933
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device,the driver calls the device-specific ndo_stop function,which frees the resources. If the driver is unloaded inthis scenario,...
CVE-2025-37962
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease contextintroduced a memory leak. When the bounds check fails, the functionreturns NULL without freeing the previously allocat...
CVE-2025-38083
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timerfires at the wrong time. The race is as follows: CPU 0 CPU 1[1]: lock root[2]: qdisc_tree_flush_backlog()[3]: unloc...
CVE-2022-50100
In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in boot ona distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: 10...
CVE-2025-37922
In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap start address to PAGE_SIZE A vmemmap altmap is a device-provided region used to providebacking storage for struct pages. For each namespace, the altmapshould belong to that same namespace. If ...
CVE-2025-37973
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, themulti-link element length added to the total IEs length when calculatingthe leng...
CVE-2022-49951
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call todevice_unregister() could result in the dev_release function freeing thefw_upload_priv structure before it ...
CVE-2022-50088
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx withdamon_new_ctx(). When damon_select_ops() fails, ctx is not released,which will lead to a memory leak. We ...
CVE-2025-37916
In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core][Mon Apr 21 21:21:33 2025] ...
CVE-2025-37939
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure the core_relo header is presentbefore reading its fields. This avoids a potential buffer read overflowreported by the OSS Fuzz project.
CVE-2025-37965
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why]"BUG: sleeping function called from invalid context" error.after:"drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()" The populate_dml_plane_cfg_from_plane...
CVE-2022-50020
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to anunaligned cluster boundary. An online resize to a size that is notintegral to cluster size results in the last iteration atte...
CVE-2022-50117
In the Linux kernel, the following vulnerability has been resolved: vfio: Split migration ops from main device ops vfio core checks whether the driver sets some migration op (e.g.set_state/get_state) and accordingly calls its op. However, currently mlx5 driver sets the above ops without regards to ...
CVE-2025-37934
In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid, before writing to them.This also fixes a USBAN warning:UBSAN: invalid-load in ../sound/soc/fsl/imx-card....
CVE-2025-37935
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it willjump to release_desc and refill the high word of the SDP on the 4GB RFB.Subsequently, mtk_rx_clean will pr...
CVE-2025-37942
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up.This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're makin...
CVE-2025-38089
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends akernel RPC server a specially crafted packet. If decoding the RPC replyfails in such a way ...
CVE-2022-49991
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the pagecache are installed in the ptes. But hugepage_add_new_anon_rmap is calledfor them mista...
CVE-2022-49998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should release the socket lock when returningan error from rxrpc_get_call_slot(). (2) rxrpc_wait_for_tx_window_...
CVE-2022-50029
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying todisable the sleep clock source also. However, it seems that it cannot be disabled and trying to do so produces:[...
CVE-2022-50044
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling.It may leads to 2 race conditions issues. Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qd...
CVE-2022-50095
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not atask") started looking up tasks by PID when deleting a CPU timer. When a non-leader thread...
CVE-2022-50151
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix random warning message when driver load Warning log:[ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code![ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-...
CVE-2022-50200
In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memoryout-of-bound access.
CVE-2022-50201
In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the result of __security_read_policywithout freeing the allocated memory in *data, cause memory leak issue,so free the memory if __security_...
CVE-2025-37895
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() failsbecause we call cancel_work_sync() on dim work that has not beeninitialized. WARNING: CPU: 37 PID: 5223 at kerne...
CVE-2025-37910
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call__handle_signal_outputs() or __handle_signal_inputs() while the irigand dcf pointers are uninitialized, leadin...
CVE-2025-37919
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Update chip data using dev_get_drvdata(dev->parent) to fixNULL pointer deref in acp_i2s_set_tdm_slot.
CVE-2025-37955
In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently revealsthat there is a mem leak on the error path of virtnet_xsk_pool_enable(): unreferenced object 0xffff888...
CVE-2022-49960
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel.The root cause is null pointer defeference of bi_nextin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c. BUG: kernel ...
CVE-2022-50069
In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anothereBPF program from within the kernel. In this case the argument unionbpf_attr pointer (as well as th...
CVE-2022-50190
In the Linux kernel, the following vulnerability has been resolved: spi: Fix simplification of devm_spi_register_controller This reverts commit 59ebbe40fb51 ("spi: simplifydevm_spi_register_controller"). If devm_add_action() fails in devm_add_action_or_reset(),devm_spi_unregister() will be called, ...
CVE-2025-37894
In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to bereturned from the functions __inet_lookup_established() and__inet6_lookup_established(). This can cause a cr...
CVE-2025-37941
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails,wcd937x_soc_codec_probe() returns without releasing 'wcd937x->clsh_info',which i...
CVE-2025-37971
In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state tovchiq_state") changed mmal_init to pass dev->v4l2_dev.dev tovchiq_mmal_init, however nothing iniitialised de...
CVE-2022-49961
In the Linux kernel, the following vulnerability has been resolved: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO Precision markers need to be propagated whenever we have an ARG_CONST_*style argument, as the verifier cannot consider imprecise scalars to beequivalent for the purposes...
CVE-2022-49969
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why]After ODM clock off, optc underflow bit will be kept there always and clear not work.We need to clear that before clock off. [How]Clear that if have when clock of...
CVE-2022-50035
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex If amdgpu_cs_vm_handling returns r != 0, then it will unlock thebo_list_mutex inside the function amdgpu_cs_vm_handling and again onamdgpu_cs_parser_fini. This problem results ...
CVE-2022-50072
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to freeeither the open slot or the layoutget operation arguments, since theyare likely still in use by the hung RPC call.
CVE-2022-50115
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes We have sanity checks for byte controls and if any of the fail the locallyallocated scontrol->ipc_control_data is freed up, but not set to NULL....