9842 matches found
CVE-2025-38014
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals andso on. Refactor remove call with the idxd_cleanup() helper to avoid codeduplication. Note, this ...
CVE-2025-38024
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace:__dump_stack lib/dump_stack.c:94 [inline]dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120print_address_description mm/kasan/report.c:378 [inline]print_report+0...
CVE-2025-38059
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG]When trying read-only scrub on a btrfs with rescue=idatacsums mountoption, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address:...
CVE-2025-38077
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the'length' variable will be zero. Accessing the 'buf' array element withindex 'le...
CVE-2025-38086
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to callmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()utilises a local buffer called "buff", which is initialis...
CVE-2022-49956
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()functions don't do anything except free the "pcmd" pointer. Itresults in a use after free. Delete them.
CVE-2022-50065
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returnsNULL, we should check if xdp_page was allocated by xdp_linearize_page().If it is newly allocated, it should...
CVE-2022-50067
In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Thenbtrfs_relocate_block_group() calls relocate_block_group()prepare_to_relocate()set_reloc_contr...
CVE-2022-50068
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resourcemem_type. v2: Fix commit description unwrapped warning [ 40.191227][ T184] general protection fault, probably for non-canonical ...
CVE-2022-50073
In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver.When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null(in tap.c skb-...
CVE-2022-50084
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizerand running this testsuite:https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid =...
CVE-2022-50087
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_infois not set and will remain NULL until the probe succeeds. If it is nottaken care, then...
CVE-2022-50091
In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by theearly_param() function csdlock_debug(). If set, csdlock_debug()invokes static_branch_enable() to enable csd_...
CVE-2022-50099
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' may lar...
CVE-2022-50109
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for thereferences returned by of_graph_get_next_endpoint() andof_graph_get_remote_port_parent() which have increased the refc...
CVE-2022-50126
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' injbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a)jh-&...
CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory isinitialized and the MSI memory region is allocated, the latter parts won'tbe undone thus causing a ...
CVE-2022-50148
In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in __kernfs_remove When lockdep is enabled, lockdep_assert_held_write wouldcause potential NULL pointer dereference. Fix the following smatch warnings: fs/kernfs/dir.c:1353 __kernfs_remove() w...
CVE-2022-50173
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case.Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK st...
CVE-2022-50215
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg willimmediately return -ENODEV on any attempt to wait for active commands thatwere sent before the r...
CVE-2025-38027
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using anarray of struct of_regulator_match allocated on the stack for thematches argument. of_regulator_match() calls devm_of_...
CVE-2025-38043
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointerlead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124
CVE-2025-38057
In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb.
CVE-2025-38072
In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in itsmemory device information (Identify Memory Device (Opcode 4000h), CXLspec. 3.1, 8.2.9.9.1.1), a divide er...
CVE-2025-38079
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash withMSG_MORE flag set and crypto_ahash_import fails,sk2 is freed. However, it is also freed in af_alg_release,leading to slab-use-...
CVE-2025-38094
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high aswell. Because jiffies are never updated, as we are in a context withinterrupts disabled, we never exi...
CVE-2025-38177
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendlyto its callers, like fq_codel_dequeue(). Let's make it idempotentto ease qdisc_tree_reduce_backlog() callers' life: update_vf(...
CVE-2025-38195
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0...Call Trace:[] huge_pte_offset+0x3c/0x58[] hugetlb_follow_page_mask+0x74/0x438[] __get_u...
CVE-2025-38197
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping throughthe packet list. Without this patch, reading the packet data via sysfs will show the dataincorrectly (because it starts...
CVE-2025-38216
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain")changed the context entry setup during domain attachment from aset-and-check policy to a cl...
CVE-2022-49937
In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction inthe mceusb driver: ------------[ cut here ]------------usb 6-1: BOGUS control dir, pipe 80000380 doesn't matc...
CVE-2022-49938
In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), afterthe request is sent, the checks would return -EIO when they should berather setting rc = -EIO and jumping to n...
CVE-2022-49954
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], foriforce_close() waiting at wait_event_interruptible() with dev->mutex heldis blocking input_disc...
CVE-2022-49978
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In do_fb_ioctl() of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will becopied from user, then go through fb_set_var() andinfo->fbops->fb_check_var() which could may be pm2...
CVE-2022-49981
In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leakunreferenced object 0xffff88810e72f180 (size 32):comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)hex ...
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as itdoesn't need to make forward progress under memory pressure. Marking thisworkqueue as WQ_MEM_RECLAIM ...
CVE-2022-49987
In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the pathraid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid tofix the KASAN issu...
CVE-2022-49989
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmd_ioctl_dm_op() The error exit of privcmd_ioctl_dm_op() is calling unlock_pages()potentially with pages being NULL, leading to a NULL dereference. Additionally lock_pages() doesn't check for pin...
CVE-2022-49990
In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation controlblocks are stored in the thread_struct of the associated task. Thesepointers are initially copied on fork(...
CVE-2022-50008
In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarm_kprobe() for disabled kprobes The assumption in __disable_kprobe() is wrong, and it could try to disarman already disarmed kprobe and fire the WARN_ONCE() below. [0] We caneasily reproduce this issue. Wri...
CVE-2022-50054
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_resin iavf_init_get_resources. Previous commit introduced a regression,where receiving IAVF_ERR_A...
CVE-2022-50055
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherentmemory for VF mailbox.Free DMA regions for both ASQ and ARQ in case error happens duringconfiguration of ASQ/ARQ registers.Wit...
CVE-2022-50083
In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size isnot less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,the end position may be greater than...
CVE-2022-50092
In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports:BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80Read of size 8 at addr ffff8881b9d50068 ...
CVE-2022-50094
In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both callmemcpy() with a length of "len + 1". This leads to one extrabyte being read beyond the end of the spec...
CVE-2022-50101
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' m...
CVE-2022-50102
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the userspace, under special arguments that may result in a divide-by-zero bugin:drivers/video/fbdev/a...
CVE-2022-50104
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer withrefcount incremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50134
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups withhfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groupsis not released, which will le...
CVE-2022-50152
In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.