9933 matches found
CVE-2022-50023
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised then thekernel will OOPS. Check the result of vchan_next_desc() in the handleraxi_chan_block_xfer_complete() to ...
CVE-2022-50036
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic.With a short sync pulse, this could underflow and wrap around to nearthe maximal u16 value. Fix th...
CVE-2022-50042
In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recordingnon-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing asit currently gives...
CVE-2022-50047
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp'is a null pointer and a crash happened on dereferencingit in mv88e6060_setup_port(): [ 9.575872] Unable to handle kernel NUL...
CVE-2022-50060
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix mcam entry resource leak The teardown sequence in FLR handler returns if no NIX LFis attached to PF/VF because it indicates that gracefulshutdown of resources already happened. But there is achance of all allocate...
CVE-2022-50062
In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytes_compl On one of our machines we got: kernel BUG at lib/dynamic_queue_limits.c:27!Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARMCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4....
CVE-2022-50077
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specificpath. When aa_replace_current_label() returns on success, the functionforgets to decrement the reference cou...
CVE-2022-50079
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 [Why & How]eng_id for DCN303 cannot be more than 1, since we have only twoinstances of stream encoders. Check the correct boundary condition for engine I...
CVE-2022-50123
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Fix missing of_node_put() in er...
CVE-2022-50137
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQresources are freed by irdma_cq_free_rsrc(). Fix this by moving the callto irdma_cq_free_rsrc() after the irdma_sc_c...
CVE-2022-50141
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avo...
CVE-2022-50145
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try to use it in multiple threads itwill cause oops and hanging the system. % echo 64 > /sys/module/dmatest/parameters/threads_per_chan%...
CVE-2022-50164
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled forsome reason, the related lists are not emptied. So if some new element isadded to the lis...
CVE-2022-50192
In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master willbe decrease to 0, and it will be freed in spi_controller_release(),the device data also will be freed, so it will...
CVE-2022-50199
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omapdss_init_of omapdss_find_dss_of_node() calls of_find_compatible_node() to get devicenode. of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() ...
CVE-2022-50202
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is a racewindow of AB-BA deadlock which involves probe_count variable. Currentlywait_for_device_probe() ...
CVE-2022-50203
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: display: Fix refcount leak bug In omapdss_init_fbdev(), of_find_node_by_name() will return a nodepointer with refcount incremented. We should use of_node_put() whenit is not used anymore.
CVE-2022-50204
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: pdata-quirks: Fix refcount leak bug In pdata_quirks_init_clocks(), the loop containsof_find_node_by_name() but without corresponding of_node_put().
CVE-2022-50207
In the Linux kernel, the following vulnerability has been resolved: ARM: bcm: Fix refcount leak in bcm_kona_smc_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50221
In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds accessin fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, thedamage han...
CVE-2022-50228
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared,since it's trivial for userspace to force the situation viaKVM_SET_VCPU_EVENTS (even if having at least...
CVE-2025-38013
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating thestruct cfg80211_registered_device::int_scan_req member. Seen withsyzkaller: UBSAN: array-index-out-of...
CVE-2025-38090
In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND)-> cm_chan_msg_send()-> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data butriocm_ch_send() fail...
CVE-2025-38103
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory andoptional parts of the HID Descriptor as per USB HID 1.11 specification.Note: the kernel currently ...
CVE-2025-38105
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, thedriver might be freed without the disconnect call. This leaves thetimer in an active state while the assigned obj...
CVE-2025-38111
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write datafrom/to network interface and its PHY via mdiobus, there is no verification ofparameters passed to t...
CVE-2025-38127
In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues.This means that the callback must update the Tx scheduler with the newqueue number. In the event of a Tx sched...
CVE-2025-38135
In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe()does not check for this case, which could result in a NULL pointerdereference. Add NULL check after devm_i...
CVE-2025-38146
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack.When there are many stacks, The label count value has wrapped around.A dead loop occurs, soft lockup/CPU stuck fin...
CVE-2025-38174
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tb_cfg_request_dequeue(): general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2 T...
CVE-2025-38183
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' valueis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).This se...
CVE-2025-38190
In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc byatm_account_tx(). It is expected to be reverted by atm_pop_raw() later called byvcc->dev->op...
CVE-2025-38192
In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernelif it indiscriminately flips ingress packets from v4 to v6: BUG: kernel NULL pointer dereference, address: 0000000000000000ip6_rcv...
CVE-2025-38194
In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by faultinjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn'tcheck return value...
CVE-2025-38201
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilte...
CVE-2025-38202
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpfprogram. When BPF JIT is disabled or under 32-bit host,bpf_map_lookup_percpu_elem() will n...
CVE-2025-38225
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, furtherallocation errors will be false-positives, which will cause buffers toremain uninitialized and cause NULL pointer ...
CVE-2025-38230
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catchcorrupted metadata early and avoid undefined behavior in dbAllocAG.Limits are derived from L2LPERCTL, L...
CVE-2025-38237
In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() In fimc_is_hw_change_mode(), the function changes camera modes withoutwaiting for hardware completion, risking corrupted data or system hangsif subsequ...
CVE-2025-38251
In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() callsclip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when readingskb->truesize.
CVE-2025-38264
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part ofany list, otherwise a malicious R2T PDU might inject a loop in requestlist processing.
CVE-2025-38280
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357Modules linked in:CPU: 3 UID: 0 PID: 217 Comm: kwork...
CVE-2025-38300
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to freeDMA ...
CVE-2025-38332
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because itthinks the target buffer will overflow although the correct targetbuffer size is passed in. Anyway, instead of memset() wi...
CVE-2022-49944
In the Linux kernel, the following vulnerability has been resolved: Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" The recent commit 87d0e2f41b8c ("usb: typec: ucsi: add a commonfunction ucsi_unregister_connectors()") introduced a regression thatcaused NULL dereferenc...
CVE-2022-49979
In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows:------------[ cut here ]------------refcount_t: saturated; leaking memory.WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf...
CVE-2022-49999
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix space cache corruption and potential double allocations When testing space_cache v2 on a large set of machines, we encountered afew symptoms: "unable to add free space :-17" (EEXIST) errors. Missing free space info items...
CVE-2022-50001
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.This fixes a crash (null dereference) when using tproxy from e.g. output.
CVE-2022-50040
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions'array will be accessed by negative index '-1'. Found by Linux Verification Center (...
CVE-2022-50197
In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynq_get_revision of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.