CVE-2022-49380

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable C...

CVE-2022-49469

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, orbtrfs_insert_root() fail in create_subvol(), we return without freeinganon_dev. Reorganize the error handling in create_subvol() to ...

CVE-2022-49624

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: remove aq_nic_deinit() when resume aq_nic_deinit() has been called while suspending, so we don't have to callit again on resume.Actually, call it again leads to another hang issue when resuming fromS3. Jul 8 03:09:44...

CVE-2022-49755

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that theprocess of ffs_ep0_write/ffs_ep0_read get into a race conditiondue to ep0req being freed up from fun...

CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the"dm_target_iterate(list_version_get_needed, &needed)" call and then willfill the space using the "...

CVE-2022-49790

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], forcommit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data bufferwhen fetching device I...

CVE-2022-49800

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Add kfree(buf) to prevent the memleak. Thesame reason and s...

CVE-2022-49801

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128):comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)hex dump (first 32 bytes):25 73 00 90 8...

CVE-2022-49810

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarraywhilst being under the RCU read lock. It should call xas_retry() as thefirst thing inside of the lo...

CVE-2022-49818

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().

CVE-2022-49850

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadatacorruption while locating data blocks and a superblock writeback occurs atthe same time: task 1 task 2 A file ope...

CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, __ifal_reservedremained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

CVE-2022-49888

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called whenhandling debug exceptions (and synchronous exceptions from BRKinstructions), and so is called when a probed function execute...

CVE-2022-49900

In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe()piix4_add_adapters_sb800() / piix4_add_adapter()i2c_add_adapter() Based on the probed device type, pii...

CVE-2022-49901

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024):comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s)hex dump (first 32 ...

CVE-2022-49962

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both mainand shared hcds even if only a main hcd exists (one roothub) This causes a null point...

CVE-2022-50053

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so canlead to double call of napi_disable, which can lead to deadlock there.Removing VF would lead to iavf_remove task being stuck, beca...

CVE-2022-50069

In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anothereBPF program from within the kernel. In this case the argument unionbpf_attr pointer (as well as th...

CVE-2022-50095

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not atask") started looking up tasks by PID when deleting a CPU timer. When a non-leader thread...

CVE-2023-3317

A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to ...

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning incheck_flush_dependency is being triggered. This is due to ice driverworkqueue being allocated with the WQ_MEM_RECLAIM flag...

CVE-2023-52746

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) {return -EOPNOTSUPP;} @type is then used as an array index and can be usedas a Spectre v1 gadget. if (nla_le...

CVE-2023-52747

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs.

CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’:fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between1 and 7 bytes i...

CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") addedsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches toshadow_stack temporarily before switching...

CVE-2023-52928

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), whichwould be captured in fixup_kfunc_call() if such insn is not eliminatedby dead code elimination. However, this can lead...

CVE-2023-53041

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace wasobserved: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50CPU: 3...

CVE-2023-53118

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only becalled once per host that is removed. This change does not require ascsi_add_host_with_dma() chan...

CVE-2023-53125

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger thanthe actual socket buffer length (up to 9026 bytes). In suchcase the cloned skb passed up the network stack will leakkern...

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree. Si...

CVE-2024-27060

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1device: BUG: kernel NULL pointer dereference, address: 0000000000000020#PF: supervisor rea...

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: mkfs.f2fs -O extra_attr,compression -f /dev/vdb mount /dev/vdb /mnt/f2fs touch /mnt/f2fs/file f2fs_io set...

CVE-2024-35793

In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfsremove while files are being accessed, even though the code inquestion now uses debugfs cancellations. Turns out th...

CVE-2024-36033

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leakingslab data when later requesting the firmware.

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG]Since v6.8 there are rare kernel crashes reported by various people,the common factor is bad page status error messages like this: BUG: Bad page state in proces...

CVE-2024-38624

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression:vbo = 2 * vbo + skip

CVE-2024-40985

In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, onversion 5 1 of TCP-AO patches. Quite frustrative that having all theseselftests that I've written, running kmemtest & kc...

CVE-2024-42300

In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in z_erofs_get_gbuf() In z_erofs_get_gbuf(), the current task may be migrated to anotherCPU between z_erofs_gbuf_id() and spin_lock(&gbuf->lock). Therefore, z_erofs_put_gbuf() will trigger the following issuewhic...

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...

CVE-2024-43827

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.

CVE-2024-44973

In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deepinside do_slab_free to the wrapper functions outside. This is a nicechange, but unfortunately it missed one spot ...

CVE-2024-44979

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault andaccess counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...

CVE-2024-46701

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations tosimple_offset_dir_operations, every rename happened will fill new dentryto dest dir's maple tree(&SHMEM_I(inode)-&...

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashingon pin state setting, as well as for the intended state changes to takeeffect.

CVE-2024-46789

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the followingwarning always occurs,This is because the following call stack occurred:mem_pool_allock...

CVE-2024-46793

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Componentvia COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy,DAILINK_COMP_AR...

CVE-2024-56669

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS,leading to potential memory leaks and kernel crashes. Specifically,CACHE_TAG_DEVTLB type cache tags may still rema...

CVE-2024-58089

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG]When running btrfs with block size (4K) smaller than page size (64K,aarch64), there is a very high chance to crash the kernel atgeneric/750, with the fol...

CVE-2025-21880

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmm_range_fault() as a non-fatal errorwhen called from xe_vm_userptr_pin() with the idea that we want to avoidkilling the entire vm and chucking an error, under the...