2811 matches found
CVE-2022-50168
In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happenswith multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile()on each sub program. And ...
CVE-2022-50212
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using its ID, a chainfrom a different table can be used. If a rule is added to a table butrefers to a chain in...
CVE-2022-50220
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which maysleep. On disconnect, completion of the work was originally awaited in->ndo_stop(). But in 2003, that was...
CVE-2025-37898
In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least one patchablefunction entry, which is not always the case (modules that export databut no code), othe...
CVE-2025-37906
In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, butwe may have scheduled task work via io_uring_cmd_complete_in_task() fordispatching reque...
CVE-2025-38236
In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The following sequences reproduce the issue: $ python3from socket import *s1, s2 = socketpair(AF_UNIX, SOCK_STRE...
CVE-2022-49977
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list whenftrace_startup_enable fails: register_ftrace_functionftrace_startup__register_ftrace_funct...
CVE-2022-49995
In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop furtherwriteback and wait for associated delayed work to complete. However,wb_inode_writeback_end() may schedule bandw...
CVE-2022-50177
In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: If (nr_cpus= > maxcpus=), which means if the total number of CPUsis higher than those brought online at boot, then tor...
CVE-2025-37966
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is notavailable, the kernel crashes: Oops - illegal instruction [#1][snip]epc : set_tagged_addr_ctrl+0x112/0x15a...
CVE-2022-49940
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() A null pointer dereference can happen when attempting to access the"gsm->receive()" function in gsmld_receive_buf(). Currently, the codeassumes that gsm->r...
CVE-2022-50012
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parse_early_param() On 64-bit, calling jump_label_init() in setup_feature_keys() is toolate because static keys may be used in subroutines ofparse_early_param() which is again subroutine of early...
CVE-2022-50022
In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh andmay cause sh to be released. However, sh is subsequently used in lines2886 "if (sh->batch_head && sh != sh->...
CVE-2022-50178
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tuneparameters and calibrate, and check the result. If the result isn't goodenough, it could adjust parameters and try agai...
CVE-2025-37896
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Forexample, in Winbond SPINAND flash memory devices, the write_cache andupdate_cache operation variants have zero dumm...
CVE-2025-38110
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write datafrom/to network interface and its PHY via C45 (clause 45) mdiobus,there is no verification...
CVE-2022-49936
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation inusb-storage: ============================================WARNING: possible recursive locking detected5.18.0 #3 Not taint...
CVE-2022-49983
In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurswhen the userspace tries to access the dma-buf via the CPU asreported by syzbot here: WARNING: CPU: 1 PID: 359...
CVE-2022-50045
In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEPwarning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580in_atomic(): 1, irq...
CVE-2022-50098
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is notpossible fail the escalation path. Following crash stack was seen: BUG: unable to handle...
CVE-2022-50213
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from adifferent table can be used. Then, when the table is removed, a reference to the set may...
CVE-2025-38060
In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied bycopy_verifier_state(). Otherwise, .loop_entry values from unrelatedstates would poison env->cur_state. Addition...
CVE-2022-49956
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()functions don't do anything except free the "pcmd" pointer. Itresults in a use after free. Delete them.
CVE-2022-50000
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequencenormally happens in order: gc_step work is stopped to disable any further stats/del requests. Al...
CVE-2022-50065
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returnsNULL, we should check if xdp_page was allocated by xdp_linearize_page().If it is newly allocated, it should...
CVE-2022-50067
In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Thenbtrfs_relocate_block_group() calls relocate_block_group()prepare_to_relocate()set_reloc_contr...
CVE-2022-50084
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizerand running this testsuite:https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid =...
CVE-2022-50087
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_infois not set and will remain NULL until the probe succeeds. If it is nottaken care, then...
CVE-2022-50099
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' may lar...
CVE-2022-50109
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for thereferences returned by of_graph_get_next_endpoint() andof_graph_get_remote_port_parent() which have increased the refc...
CVE-2022-50136
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn'tbeen received completely, and should not report IW_CM_EVENT_CONNECT_REPLYin this case. This may...
CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory isinitialized and the MSI memory region is allocated, the latter parts won'tbe undone thus causing a ...
CVE-2022-50173
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case.Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK st...
CVE-2022-50211
In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvmtest lvconvert-raid-reshape.sh. We fix this warning by verifying that thevalue "number" is valid. BUG: KASAN: slab-out-of-bounds in raid...
CVE-2022-50215
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg willimmediately return -ENODEV on any attempt to wait for active commands thatwere sent before the r...
CVE-2025-38005
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lockvalidator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x3...
CVE-2025-38009
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b("net: warn if NAPI instance wasn't shut down"). Disable tx napi beforedeleting it in mt76_dma_cleanup(). WARNING: CP...
CVE-2025-38011
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is acceptedand then waiting to take vm lock is interrupted and return, it causesmemory leaking and below warning backtrace. C...
CVE-2025-38014
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals andso on. Refactor remove call with the idxd_cleanup() helper to avoid codeduplication. Note, this ...
CVE-2025-38023
In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context innfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treatan nfs4_unlockdata structure (whos...
CVE-2025-38059
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG]When trying read-only scrub on a btrfs with rescue=idatacsums mountoption, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address:...
CVE-2025-38077
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the'length' variable will be zero. Accessing the 'buf' array element withindex 'le...
CVE-2025-38085
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may havepreviously been shared across processes, potentially turning it into anormal page table used in another process i...
CVE-2022-49937
In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction inthe mceusb driver: ------------[ cut here ]------------usb 6-1: BOGUS control dir, pipe 80000380 doesn't matc...
CVE-2022-49938
In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), afterthe request is sent, the checks would return -EIO when they should berather setting rc = -EIO and jumping to n...
CVE-2022-49954
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], foriforce_close() waiting at wait_event_interruptible() with dev->mutex heldis blocking input_disc...
CVE-2022-49962
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both mainand shared hcds even if only a main hcd exists (one roothub) This causes a null point...
CVE-2022-49978
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In do_fb_ioctl() of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will becopied from user, then go through fb_set_var() andinfo->fbops->fb_check_var() which could may be pm2...
CVE-2022-49981
In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leakunreferenced object 0xffff88810e72f180 (size 32):comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)hex ...
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as itdoesn't need to make forward progress under memory pressure. Marking thisworkqueue as WQ_MEM_RECLAIM ...