CVE-2025-38022

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline]dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120print_address_description mm/kasan/report.c:408 [inl...

CVE-2025-38031

In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak:the parallel_data refcount is incremented unconditionally, regardlessof the return value of queue_work(). If the wor...

CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform usingatmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738in_atomic(...

CVE-2025-38044

In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get aWARN_ON instead). Not seen before since currently 417 support...

CVE-2025-38065

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len'a size_t results in truncation to 4GiB on 32-bit systems.

CVE-2025-38068

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO neverchecked for output overruns. It instead assumes that the calleralways provides enough buffer space, disregarding the buffe...

CVE-2025-38078

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data atinitialization (or reconfiguration) of a stream with the explicit callof snd_pcm_format_set_silence() with ru...

CVE-2025-38080

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why]It's possible to generate more than 50 steps in hwss_build_fast_sequence,for example with a 6-pipe asic where all pipes are in one MPC chain. Thisoverflows the block_sequence...

CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects.GPIOs can be numbered much higher than native CS.Also, it makes no sense.

CVE-2025-38086

In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to callmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()utilises a local buffer called "buff", which is initialis...

CVE-2025-38195

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0...Call Trace:[<900000000023c30c>] huge_pte_offset+0x3c/0x58[<900000000057fd4c&gt...

CVE-2025-38197

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping throughthe packet list. Without this patch, reading the packet data via sysfs will show the dataincorrectly (because it starts...

CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain")changed the context entry setup during domain attachment from aset-and-check policy to a cl...

CVE-2025-38339

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampolinebefore the buffer for JIT'ing it is allocated. The total number ofinstructions emitted for BPF trampolin...

CVE-2022-49942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch"announcement doesn't make any sense. The BSS list is empty in that case. This causes the for l...

CVE-2022-49948

In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font sizecan be bigger than the previous font. A previous selection may thus nowbe outside of the new screen size and thus tri...

CVE-2022-49952

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoidcorrupting memory beyond the fixed-size slab-allocated session arraywhen there are more than FASTRPC_MAX_SESSIONS sessio...

CVE-2022-49958

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and queue 0 failsto attach qdisc because there is no memory in attach_one_default_qdisc().Then dev->qdi...

CVE-2022-49965

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced.

CVE-2022-49966

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.

CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE)adf7242_remove | adf7242_channelcancel_delayed_work_sync |destroy_workqueue (1) | adf7242_cmd_rx| mod_del...

CVE-2022-49971

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table insmu_v13_0_4_init_smc_tables(), but not freed insmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it.

CVE-2022-49982

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister thev4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,it calls pvr2_context_destroy to destroy context...

CVE-2022-49984

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a FeatureReport. The HID Steam driver presently makes no prevision for thisand de-references the 'st...

CVE-2022-49985

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer whichis based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_com...

CVE-2022-49993

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, whereina configuration of type loop_config is passed (see lo_ioctl()'scase on line 1550 of drivers/block/loop.c). This proceeds...

CVE-2022-50003

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: ethtool -L $IFACE rx 8 tx 96 xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket intxonly mode at a queue id that does ...

CVE-2022-50006

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using thepassed in filehandle if its not a regular filehandle. If alloc_file_pseudo() has failed, we need to decrement a referenceo...

CVE-2022-50010

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740_calc_vclk() Since the user can control the arguments of the ioctl() from the userspace, under special arguments that may result in a divide-by-zero bug. If the user provides an impro...

CVE-2022-50011

In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610Modules ...

CVE-2022-50016

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so brokenthat it will send a reply message before a FW_READY message (it is notyet clear if FW_READY ...

CVE-2022-50019

In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointerwith refcount incremented. We should use of_node_put() when it isnot used anymore.

CVE-2022-50027

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails toissue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq requ...

CVE-2022-50028

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() isinterrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack.

CVE-2022-50030

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adaptinput string lengths to fit within internal buffers, leaving space for NULLte...

CVE-2022-50031

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free If qla4xxx doesn't remove the connection before the session, the iSCSIclass tries to remove the connection for it. We were doing aiscsi_put_conn() in the iter function which is not ne...

CVE-2022-50032

In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will returna node pointer with refcount incremented. We should use of_node_put()when it is not used anymore.

CVE-2022-50034

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request(){...kfree(priv_req->request.buf);cdns3_gadget_ep_free_request(&priv_ep->endpoint...

CVE-2022-50041

In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM andsimultaneously changing VFs spoofcheck and trust there was acall trace in ice_reset_vf that VF's VSI is null. [145237....

CVE-2022-50046

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the functionfails to grab the object xprt, it simply returns 0, forgetting todecrease the reference count ...

CVE-2022-50054

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_resin iavf_init_get_resources. Previous commit introduced a regression,where receiving IAVF_ERR_A...

CVE-2022-50059

In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwsem isheld and the function is expected to release it before returning. Itcurrently fails to do that in all cases whic...

CVE-2022-50074

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however themanagement struct and data blob are allocated independently, so onlykvfree(data) cause a memleak issue here....

CVE-2022-50086

In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions ofinner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0 cpu 1ioc_qos_write ioc_...

CVE-2022-50103

In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed With cgroup v2, the cpuset's cpus_allowed mask can be empty indicatingthat the cpuset will just use the effective CPUs of its parent. Socpuset_can_attach() can...

CVE-2022-50108

In the Linux kernel, the following vulnerability has been resolved: mfd: max77620: Fix refcount leak in max77620_initialise_fps of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount...

CVE-2022-50110

In the Linux kernel, the following vulnerability has been resolved: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does notfree the resource, so it has to be freed explicitly to avoid a memoryleak.

CVE-2022-50118

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clearpending PMI before resetting an overflown PMC") added a newfunction...

CVE-2022-50125

In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid r...

CVE-2022-50127

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called toinitialize qp, internally things like the spin locks are not setup untilrxe_qp_init_req(). If an error occures before thi...