10167 matches found
CVE-2025-38619
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer ismarked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue.This causes the same buffer to be ...
CVE-2025-38624
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, thepnv_php driver leaked the allocated IRQ resources for the child bridges'hotplug event notifications, resulting in ...
CVE-2025-38636
In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the followingwarning: BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0Read of size 32 at a...
CVE-2025-38640
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called withoutmigration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the splatbelow. [0] Let's use b...
CVE-2025-38643
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock.Which triggers the warning below with the me...
CVE-2025-38646
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW thinka packet is received on 6 GHz band even if the chip does not support ...
CVE-2025-38648
In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that thepointer returned by of_device_get_match_data is not NULL beforeaccessing its members. This resolves a war...
CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 truncate -s $((10241024 1024)) /mnt/f2fs/012345678901234567890123456789012345678901234567890123 touch /mn...
CVE-2025-38663
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfsand causing malfunctions or assertion failures, add a missing sanity checkwhen reading an inode from a blo...
CVE-2025-38664
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup()to prevent potential null pointer dereference.
CVE-2025-38668
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs canlead to NULL pointer dereference when regulators are accessed post-unbind. This can ...
CVE-2025-38673
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field...
CVE-2022-50075
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe(eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can...
CVE-2022-50078
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes (eprobes), I tried to see what wouldhappen if I attempted to retrieve the instruction pointer (%rip) knowingthat event probes do not...
CVE-2022-50089
In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seco...
CVE-2022-50119
In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch whendriver_set_override fails. Fix this by adding a put_device() to the error path.
CVE-2022-50122
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Fix refcount leak in some error...
CVE-2022-50182
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH,with arbitrary W (image width) and H (image height) dimensions. Align upwards buffer size for both encoder and decoder.and leave the picture res...
CVE-2025-38150
In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578__mutex_lock+0x106/0xe80 kernel/locking/mut...
CVE-2025-38271
In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnl_create_link() At the time rtnl_create_link() is running, dev->netdev_ops is NULL,we must not use netdev_lock_ops() or risk a NULL deref ifCONFIG_NET_SHAPER is defined. Use netif_set_group() inst...
CVE-2025-38308
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified beforebeing used. As 'template' is already known whenavs_hw_constraints_init() is fired, drop the search ...
CVE-2025-38309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(),however during vm creation we can call this on the error path, beforehaving actually initialised the svm state, leading to vari...
CVE-2025-38327
In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable function_graph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is netenabled, it incorrectly enables it. Worse, it unregisters itself when itwas never regis...
CVE-2025-38621
In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0...Oops: Oops: 0000 [#1] SMP NOPTICPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94P...
CVE-2025-38626
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------kernel BUG at fs/f2fs/segment.c:2835!Call Trace:f...
CVE-2025-38627
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously afterI/O completion. If this file is deleted immediately after read,and the kworker of processing post_read_wq has not...
CVE-2025-38635
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently,davinci_lpsc_clk_register() does not check for this case, which resultsin a NULL pointer dereference....
CVE-2025-38670
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() cpu_switch_to() and call_on_irq_stack() manipulate SP to changeto different stacks along with the Shadow Call Stack if it is enabled.Those two stack changes cannot be d...
CVE-2025-38672
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dma_buf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becomes...
CVE-2025-38674
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dma_buf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becomes N...
CVE-2025-38676
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments,avoid writing 1 byte past the end of "acpiid" if the "str" argument ismaximum length.
CVE-2022-49947
In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f("binder_alloc: add missing mmap_lock calls when using the VMA"), inwhich we attempt to acquire the mmap_lock whe...
CVE-2022-49976
In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the Chuwi Hi8 is only necessary withthe Android BIOS and it is causing problems with the Windows BIOS ver...
CVE-2022-49996
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail ifthe path is invalid. In this case, btrfs_get_dev_args_from_path()returns directly without freei...
CVE-2022-50043
In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both theobject rt and neigh are grabbed successfully, when lifetime isnonzero but the metric needs change, the ...
CVE-2022-50063
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that whendsa_tree_notify() fails, it doesn't know whether the operation failedmid way in a multi-switch tree, or it...
CVE-2022-50064
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq isfreed on suspend and reallocated on resume. So, hctx->user_data isinvalid after resume, and it will cause u...
CVE-2022-50113
In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() We should call of_node_put() for the reference before its replacementas it returned by of_get_parent() which has increased the refcount.Besides, we should also ca...
CVE-2022-50193
In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after z_erofs_lzma_head ready When the user mounts the erofs second times, the decompression threadmay hung. The problem happens due to a sequence of steps like thefollowing: Task A called z_erofs_load_lz...
CVE-2022-50217
In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied afterfuse_flush -> write_inode_now(). If these pages are not flushed fromfuse_release(), then there might not be a writable open...
CVE-2022-50225
In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before execthe origin insn,and set spie after that.But When access the pagewhich origin insn has been placed a page fault may happen and...
CVE-2025-38447
In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix potential out-of-bounds page table access during batched unmap As pointed out by David[1], the batched unmap logic intry_to_unmap_one() may read past the end of a PTE table when a largefolio's PTE mappings are not full...
CVE-2025-38508
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based onthe nominal P0 frequency, which deviates slightly (typically ~0.2%) fromthe actual mean TSC freq...
CVE-2025-38525
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in local_bh_enable() The rxrpc_assess_MTU_size() function calls down into the IP layer to findout the MTU size for a route. When accepting an incoming call, this iscalled from rxrpc_new_incoming_call() which...
CVE-2025-38596
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put().In general the object should be fully constructed before callingdrm_gem_handle_create(), ex...
CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free()is the single entrypoint for removing the vdpa device resourcesadded in mlx5_vdpa_dev_add(), even in the cle...
CVE-2025-38631
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a powerdomain, the following crash is thrown:error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMPWorkqueue: ...
CVE-2025-38662
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Given mt8365_dai_set_priv allocate priv_size space to copy priv_data whichmeans we should pass mt8365_i2s_priv[i] or "struct mtk_afe_i2s_priv"instead of afe_p...
CVE-2025-38669
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dma_buf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becom...
CVE-2022-49953
In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which shouldgoto the existing error handling path.Otherwise some resources leak.