955 matches found
CVE-2022-49546
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096):comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s)hex dump (first 32 bytes):7f 45 4c ...
CVE-2022-49927
In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the otherallocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100 (size 64):comm ""mount.n...
CVE-2022-49395
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number oflongs, not bytes. ==================================================================BUG: KASAN: stack-out-of-bounds in ...
CVE-2022-49531
In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk privatedata is valid until the gendisk is freed. Currently the loop driveruses a lot of effort to make sure a device is not freed when it issti...
CVE-2023-52988
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code.It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (li...
CVE-2023-53015
In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for eachreport field to be at least 4, but hid_betopff_play() expects 4 reportfields.A device advertising an output report with...
CVE-2024-54683
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen atthe same time as a read of its file in sysfs: | ======================================================| WARNI...
CVE-2024-58010
In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn'tresult in an integer overflow. The "relocs" count needs to be checkedas well. Otherwise on 32bit systems ...
CVE-2025-21685
In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()before setting the client ops via serdev_device_set_client_ops(). Thisordering can trigger ...
CVE-2025-21726
In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, itcan not avoid potential UAF issue for reorder_work. This issue canhappen just as below: crypto_request crypto_request crypto_d...
CVE-2022-49093
In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. Weencountered this problem during normal RX in the hns3 driver: (1) Initially we have three descriptors in the R...
CVE-2022-49759
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data()which uses wait_event() resulting in invalid sleep in an atomiccontext (and therefore potentially in a deadlock). Use thread...
CVE-2023-52926
In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list whenread i/o returned
CVE-2024-57874
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'variable, and a SETREGSET call with a length of zero will leave thisuninitialized. Consequentl...
CVE-2025-21957
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.cdriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. Ithink its clear from the code...
CVE-2025-22012
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not agiven across the spectrum of SDM845/850 devices, leading to lock-upsand resets. It works fine on s...
CVE-2022-49313
In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxu_bus_suspend() There is a deadlock in oxu_bus_suspend(), which is shown below: (Thread 1) | (Thread 2)| timer_action()oxu_bus_suspend() | mod_timer()spin_lock_irq() //(1) | (wait a time)... | ...
CVE-2022-49370
In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be cal...
CVE-2025-21652
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan andlinkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan andmacvlan. If the linkwatch work is trig...
CVE-2025-21855
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS,the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending the...
CVE-2025-21927
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length.When header digests are enabled, a target might send a packet with aninvalid header length (e.g. 2...
CVE-2025-40014
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz
CVE-2022-49535
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the nodereference count is decremented to trigger the release of the nodeliststructure. Ho...
CVE-2022-49922
In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skbshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()will only free skb when i2c...
CVE-2023-52993
In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernelfails to boot about half of the time. It triggers a NULL pointerdereference in the periodic tick code. T...
CVE-2024-36476
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the'always_invalidate' block to ensure it remains accessible for usethroughout the function. Previously, 'ib_sge list' was dec...
CVE-2024-58064
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() kunit_kzalloc() may return NULL, dereferencing it without NULL check maylead to NULL dereference.Add a NULL check for ies.
CVE-2025-22066
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently,imx_card_probe() does not check for this case, which results in a NULLpointer dereference. Add NULL check afte...
CVE-2025-22097
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function mightaccess an uninitialized or freed default_config pointer and it mightdouble free it. Fix both possible erro...
CVE-2025-37925
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668!Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTICPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc...
CVE-2022-49279
In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent integer overflow on 32 bit systems On a 32 bit system, the "len * sizeof(*p)" operation can have aninteger overflow.
CVE-2022-49664
In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068[] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc][] Call Trace:[...
CVE-2025-21820
In the Linux kernel, the following vulnerability has been resolved: tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1========================== ============================cdns_uart_isr() printk()uart_port_lock(port) console_lock()cdns_u...
CVE-2025-21912
In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid contextwhen spinlock debugging is enabled. The lock is only used to serializeregister access. [ 4.239592] ====...
CVE-2025-22054
In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently,com20020pci_probe() does not check for this case, which results in aNULL pointer dereference. Add NULL check after ...
CVE-2022-49063
In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80[ 718.206349] Read of size 4 at addr ffff8881bd127e00...
CVE-2022-49135
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why]Resource release is needed on the error handling pathto prevent memory leak. [how]Fix this by adding kfree on the error handling path.
CVE-2024-56772
In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in thekunit_suite_for_each_test_case() loop, the "suite->log = stream"has assigned before, and the error p...
CVE-2025-22062
In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0...
CVE-2025-40114
In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated byveml6075_read_int_time_index can range from 0 to 7,which could lead to out-of-bounds access. The che...
CVE-2022-49046
In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling dev_set_name() If dev_set_name() fails, the dev_name() is null, check the returnvalue of dev_set_name() to avoid the null-ptr-deref.
CVE-2022-49238
In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vdev stop of stationfor QCA6390 and WCN6855") is to fix firmware crash by changing the WMIcommand sequen...
CVE-2022-49276
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_scan_medium If an error is returned in jffs2_scan_eraseblock() and some memoryhas been added to the jffs2_summary *s, we can observe the followingkmemleak report: unreferenced object 0xffff88812b889c...
CVE-2022-49277
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,we can observe the following kmemleak report: unreferenced object 0xffff88811b25a640 (size 64):comm "mount", pid 691, j...
CVE-2022-49298
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rt...
CVE-2022-49864
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced.
CVE-2025-21943
In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module globalresources (e.g. gpio_aggregator_lock). To prevent race conditions withmodule unload, a reference ...
CVE-2025-21995
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and addingthe cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback()fails, ensuring proper...
CVE-2025-37800
In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as anotherthreads unbinds the device from its driver, change to dev->driver from avalid pointer to...
CVE-2022-49152
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFTwhen we call xas_create_range(), xas_create_range() will misinterpretthat entry as a node and d...