CVE-2025-38265

In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050Oops: Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 16 UID: 0 PID: ...

CVE-2025-38268

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked toprevent a deadlock where the DisplayPort Alt Mode driver would beexecuting work and attempting to g...

CVE-2025-38269

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we callextent_io_tree_panic() which will trigger a BUG() call. However ifCONFIG_BUG is disabled,...

CVE-2025-38272

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMIIports where external PHYs may be connected. If one of these PHYs are EEEcapable, we may try to enable EEE for the M...

CVE-2025-38273

In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning 1 caused by calling get_net() ona network namespace that is being destroyed (refcount=0). This happenswhen a TIPC discovery timer fires during ...

CVE-2025-38275

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result ofdevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may returna NULL pointer and the caller only chec...

CVE-2025-38280

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357Modules linked in:CPU: 3 UID: 0 PID: 217 Comm: kwork...

CVE-2025-38282

In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism butthe active reference is not truly active after unbreak -- callers don'tuse it afterwards but it's important for prope...

CVE-2025-38285

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861Modules linked in:CPU: 3 UID: 0 PID: 5971 Co...

CVE-2025-38291

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash Currently, we encounter the following kernel call trace when a firmwarecrash occurs. This happens because the host sends WMI commands to thefirmware while...

CVE-2025-38298

In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), ifunload only i10nm_edac, then reload it and perform error injection testing,a general protection fault may occur: ...

CVE-2025-38300

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to freeDMA ...

CVE-2025-38311

In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock.That frees us from the error prone logic of try_locks. Thanks to netdev_lock() by Jakub it is now easy, and in most cases we wereprotected by it already - replace crit lock by...

CVE-2025-38321

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move thedentries to a separate list to dput() them once the locks are dropped.This will result in a "Dentry still in use"...

CVE-2025-38322

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000CPU: 23 UID: 0 PID: 0 Comm: swapper...

CVE-2025-38323

In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error pathin lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(),lec_vcc_attach() and lec_...

CVE-2025-38332

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because itthinks the target buffer will overflow although the correct targetbuffer size is passed in. Anyway, instead of memset() wi...

CVE-2025-38347

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds.Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0"echo 0 > /proc/sys/kerne...

CVE-2022-49939

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref->proc caused by race condition A transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment thereference for a node. In this case, the target proc normally releasesthe failed reference upon close as...

CVE-2022-49947

In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f("binder_alloc: add missing mmap_lock calls when using the VMA"), inwhich we attempt to acquire the mmap_lock whe...

CVE-2022-49959

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()allocates array via kmalloc.If for some reason new_vport() fails during ovs_dp_cmd_new()dp->upcall_port...

CVE-2022-49967

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl,WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limitis long, so we need to add a paired READ_ONCE...

CVE-2022-49970

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------kernel BUG at kernel/bpf/cgroup.c:925!invalid opcode: 0000 [#1] PREEMPT SMP NOPTICPU: 1 ...

CVE-2022-49992

In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() tofetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/...

CVE-2022-49994

In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from memblock.Remove it from kmemleak when freeing the page. Otherwise, when we reusethe page, kmemleak may ...

CVE-2022-49996

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail ifthe path is invalid. In this case, btrfs_get_dev_args_from_path()returns directly without freei...

CVE-2022-50001

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.This fixes a crash (null dereference) when using tproxy from e.g. output.

CVE-2022-50004

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev== NULL) through xfrm interface we can hit a null pointer dereference[1]in xfrmi_xmit2(...

CVE-2022-50017

In the Linux kernel, the following vulnerability has been resolved: mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start We should call of_node_put() for the reference 'uctl_node' returned byof_get_parent() which will increase the refcount. Otherwise, there willbe a refcount l...

CVE-2022-50042

In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recordingnon-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing asit currently gives...

CVE-2022-50057

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.Code should check this ptr before dereferencing. Syzbot hit this issuevia passing wrong mount param as can be ...

CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added twonew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot toinitialize them for vdpa_sim_blk. Wh...

CVE-2022-50063

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that whendsa_tree_notify() fails, it doesn't know whether the operation failedmid way in a multi-switch tree, or it...

CVE-2022-50064

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq isfreed on suspend and reallocated on resume. So, hctx->user_data isinvalid after resume, and it will cause u...

CVE-2022-50075

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe(eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can...

CVE-2022-50080

In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() hasan integer overflow when calculating the number of pages covered by asupplied user space memory region. This cau...

CVE-2022-50082

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows:------------[ cut here ]------------WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0RIP: 0010:ext4_iomap_beg...

CVE-2022-50089

In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seco...

CVE-2022-50090

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size On zoned filesystem, data write out is limited by max_zone_append_size,and a large ordered extent is split according the size of a bio. OTOH,the number of extent...

CVE-2022-50107

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when using fscache If we hit the 'index == next_cached' case, we leak a refcount on thestruct page. Fix this by using readahead_folio() which takes care ofthe refcount for you.

CVE-2022-50113

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() We should call of_node_put() for the reference before its replacementas it returned by of_get_parent() which has increased the refcount.Besides, we should also ca...

CVE-2022-50130

In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() beforeinitializing info->fix.smem_len. It is set to zero by theframebuffer_alloc() function. It will tr...

CVE-2022-50147

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix get_nodes out of bound access When user specified more nodes than supported, get_nodes will access nmaskarray out of bounds.

CVE-2022-50170

In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunit_filter_tests It's possible that memory allocation for 'filtered' will fail, but for thecopy of the suite to succeed. In this case, the copy could be leaked. Properly free 'copy...

CVE-2022-50182

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH,with arbitrary W (image width) and H (image height) dimensions. Align upwards buffer size for both encoder and decoder.and leave the picture res...

CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after z_erofs_lzma_head ready When the user mounts the erofs second times, the decompression threadmay hung. The problem happens due to a sequence of steps like thefollowing: Task A called z_erofs_load_lz...

CVE-2022-50210

In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,cpu_max_bits_warn() generates a runtime warning similar as below whilewe show /proc/cpuinfo. Fix this b...

CVE-2022-50214

In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) andhold a reference to the fwnode. When a device goes away, we walk throughthe devices on the coresight bus and make sure...

CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit whenthe NX huge page mitigation is enabled (mindblowing) and trigger the WARNthat fires on reserved SPTE bits b...

CVE-2022-50225

In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before execthe origin insn,and set spie after that.But When access the pagewhich origin insn has been placed a page fault may happen and...