CVE-2021-47524

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning onprobe errors.

CVE-2021-47530

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. Inparticular, when the fence has already been signalled. Split outa helper to simplify handling this in the various different retu...

CVE-2021-47532

In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak

CVE-2021-47569

In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0Workqueue: events ...

CVE-2021-47584

In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zeroafter-donation hweight, so the lowest active hweight a donating cgroup canhave is 2 so that it can don...

CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val]BPF_R0 = cmpxchg{32,64}(DST_REG + insn->off, BPF_R0, SRC_REG)-...

CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

CVE-2022-48722

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Onlyieee802154_wake_queue() is called manually. We then leak the skbstructure. Free the skb structure upon error before ret...

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure thatallocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in ucma_cleanup_multic...

CVE-2022-48781

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - get rid of alg_memory_allocated alg_memory_allocated does not seem to be really used. alg_proto does have a .memory_allocated field, but nocorresponding .sysctl_mem. This means sk_has_account() returns true, but al...

CVE-2022-48801

In the Linux kernel, the following vulnerability has been resolved: iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL If we fail to copy the just created file descriptor to userland, wetry to clean up by putting back 'fd' and freeing 'ib'. The code usesput_unused_fd() for the ...

CVE-2022-48815

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() w...

CVE-2022-48831

In the Linux kernel, the following vulnerability has been resolved: ima: fix reference leak in asymmetric_verify() Don't leak a reference to the key if its algorithm is unknown.

CVE-2022-48847

In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we checkthat the filter type value does not exceed what the type_filter bitmapcan hold. One place calculates the number of bits by:...

CVE-2022-48854

In the Linux kernel, the following vulnerability has been resolved: net: arc_emac: Fix use after free in arc_mdio_probe() If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will freethe "bus". But bus->name is still used in the next line, which will leadto a use after free. We can...

CVE-2022-48898

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller,HPDstatus, Controller state changes and Aux read/write transaction.At every irq, DP...

CVE-2022-48903

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_gro...

CVE-2022-48907

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed.Fix the memory leak by switching to devm_kzalloc().

CVE-2022-48924

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32):comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s)...

CVE-2022-48927

In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels +timestamp channel. On other side we have an array allocated only forphysical chann...

CVE-2022-48945

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000#PF: supervisor write access in kernel mode#PF: error_code(0x0002) - not-present pagePGD 100000067 ...

CVE-2022-49064

In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakageoccurs in cachefiles_open_file(), Cachefiles will complain "Inodealready in use" when later another cookie with the s...

CVE-2022-49067

In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have:__pa(0x8000000000000000) == 0, and thereforevirt_to_pfn(0x800000000...

CVE-2022-49458

In the Linux kernel, the following vulnerability has been resolved: drm/msm: don't free the IRQ if it was not requested As msm_drm_uninit() is called from the msm_drm_init() error path,additional care should be necessary as not to call the free_irq() forthe IRQ that was not requested before (becaus...

CVE-2022-49752

In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() The 'parent' returned by fwnode_graph_get_port_parent()with refcount incremented when 'prev' is not NULL, itneeds be put when finish using it. Because t...

CVE-2022-49756

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() sp_usb_phy_probe() will call platform_get_resource_byname() that may failand return NULL. devm_ioremap() will use usbphy->moon4_res_mem->start asinput, whi...

CVE-2022-49783

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rtbut the same issue also applies to the current preempt-rt tree. BUG: sleeping function called from i...

CVE-2022-49807

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the oldsecrets as well. kmemleak complaint: unreferenced object 0xffff8c7f44ed8180 (size 64):comm "check", pid 7304, jiffies 4295686133 ...

CVE-2022-49829

In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence.

CVE-2022-49830

In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. Whendrmm_add_action() failed, the release function won't be added. As theresult, the ref cnt added by device_get() i...

CVE-2022-49834

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadatacorruption on disk and is remounted read/write, or if emergency read-onlyremount is performed, detaching a log ...

CVE-2022-49836

In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(),the name allocated by dev_set_name() need be freed. Ascomment of device_register() says, it should use put_device()to give ...

CVE-2022-49868

In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table With mt7621 soc_dev_attr fixed to register the soc as a device,kernel will experience an oops in soc_device_match_attr This quirk test was introduced in the staging driver incom...

CVE-2022-49918

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in __ip_vs_cleanup_batch() During the initialization of ip_vs_conn_net_init(), if file ip_vs_connor ip_vs_conn_sync fails to be created, the initialization is successfulby default. Therefore, the ip_vs_conn or ip_...

CVE-2022-49991

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the pagecache are installed in the ptes. But hugepage_add_new_anon_rmap is calledfor them mista...

CVE-2022-49998

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should release the socket lock when returningan error from rxrpc_get_call_slot(). (2) rxrpc_wait_for_tx_window_...

CVE-2022-50054

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_resin iavf_init_get_resources. Previous commit introduced a regression,where receiving IAVF_ERR_A...

CVE-2023-52744

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev isdereferenced in in_dev_for_each_ifa_rtnl(). This patch adds acheck for NULL value in idev beforehand. Found by Linux...

CVE-2023-52785

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR If command timeout happens and cq complete IRQ is raised at the same time,ufshcd_mcq_abort clears lprb->cmd and a NULL pointer deref happens in theISR. Error l...

CVE-2023-53053

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in theirndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() whichbetter describe what is needed...

CVE-2023-53074

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed afterthe mode1 reset. During mode1 reset, from suspend to resume,there is no need to reinitialize the ta firmware bufferwhich ...

CVE-2023-53082

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panicThe root cause is: vdpa_mgmtdev_unregister() will accesses moderndevices which will cause a use after free.So need to ...

CVE-2023-53099

In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep:[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209[ 6.69...

CVE-2023-53109

In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroomin their xmit path. This patch takes care of three tunnels xmit, and also thecore LL_RESERVED_SPACE() and L...

CVE-2023-6200

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came inwith the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybeit something like all worker thread...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointerdereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->p...

CVE-2024-38542

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.

CVE-2024-40962

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-casebtrfs/167 on emulated zoned devices, he's seeing the following NULLpointer dereference in 'btrfs_zone_f...

CVE-2024-41043

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: drop bogus WARN_ON Happens when rules get flushed/deleted while packet is out, so removethis WARN_ON. This WARN exists in one form or another since v4.14, no need to backportthis to older releases, hence...