CVE-2021-4453

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(),but not freed in int smu_v12_0_fini_smc_tables(). Free it!

CVE-2022-49731

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter ofata_host_alloc_pinfo() points to an array starting with a NULL pointer,there's going to be a ke...

CVE-2025-21756

In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicitbind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transp...

CVE-2025-21700

In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilegeescalation with the following script Step 1. create root qdisctc qdisc add dev lo roo...

CVE-2025-21684

In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, wemust also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] =...

CVE-2025-21689

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due toan incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(...

CVE-2025-21764

In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.

CVE-2022-49294

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if modulo is 0 before dividing. [How & Why]If a value of 0 is read, then this will cause a divide-by-0 panic.

CVE-2025-21703

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if childqdisc becomes empty, therefore we need to reduce the backlog of thechild qdisc before calling it. Otherw...

CVE-2022-49371

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows:...__device_attachdevice_lock(dev) // get lock devasync_schedule_dev(__device_attach_async_helper, dev); // funcasync_sc...

CVE-2022-49647

In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're moving tasks aroundacross csets for a migration, we need to hold the source and destinationcsets to en...

CVE-2025-21694

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") thenumber of softlockups in __read_vmcore at kdump time have gone down, butthey still happen sometimes. In a m...

CVE-2025-21718

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, withoutchecking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free in...

CVE-2025-21776

In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can causeusb_hub_to_struct_hub() to dereference a NULL or inappropriatepointer: Oops: general protection fault, p...

CVE-2024-57979

In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-freein sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): ...

CVE-2022-49376

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized,sd_zbc_release_disk() is called. This causes a NULL pointer dereferencewhen sd_is_zoned() is called inside tha...

CVE-2022-49492

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (typically-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, whichis checked immediately ...

CVE-2022-49541

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799

CVE-2022-49319

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.

CVE-2022-49114

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When thereference count reaches zero, it is freed. But ep is still used in thefollowing code, which will lead to a u...

CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to becareful to release the layout locks before we can call any further RPCcalls, such as setattr(). The r...

CVE-2022-49323

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform_get_resource()returns NULL, so move using 'res' after devm_ioremap_resource() thatwill check it to av...

CVE-2022-49451

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix list protocols enumeration in the base protocol While enumerating protocols implemented by the SCMI platform usingBASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols iscurrently validated in an im...

CVE-2025-21814

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback.Not all drivers implement that callback, leading to NULL dereferences.Example of affected drivers: ptp_s3...

CVE-2022-49058

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning:arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:__memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'lin...

CVE-2025-21693

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of thecurrent CPU at the beginning of the operation is retrieved and usedthroughout. However, ...

CVE-2025-21785

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a boundscheck on the array size but does not account for cache levels withseparate data/instructions cache...

CVE-2022-49273

In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocationsof ldata->rtc device, resulting in a ...

CVE-2022-49365

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of boundsaccess.

CVE-2022-49636

In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlan_newlink() Blamed commit added back a bug I fixed in commit 9bbd917e0bec("vlan: fix memory leak in vlan_dev_set_egress_priority") If a memory allocation fails in vlan_changelink() after other allocation...

CVE-2025-21687

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, onlyoffset is capped to 40 bits, which can be used to read/write out ofbounds of the device.

CVE-2025-21715

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot beused after free_netdev() call. Using dm after free_netdev()can cause UAF bug. Fix it by moving free_netdev() at the end of thefunction. This is si...

CVE-2022-49275

In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move thecan_put_echo_skb() for the m_can version 3.0.x directly before thestart of the xmit in hardware, similar to the ...

CVE-2022-49700

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long asthe TID stays the same. However, two places in __slab_alloc() currentlydon't update the TID when de...

CVE-2025-21731

In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbd_config UAF: grab nbd_config temporarily; nbd_genl_disconnect() flush all recv_work() and release theinitial reference: nbd_genl_disconnectnbd_disconnect_an...

CVE-2025-21791

In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg()ip_push_pending_frames()ip_send_skb()ip_local_out()__ip_local_out()l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock(...

CVE-2022-49116

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaksin l2cap_ecred_connect

CVE-2025-21690

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning forfailed I/O can flood the kernel log and max out CPU utilization,preventing troubleshooting f...

CVE-2022-49111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receivingHCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del withoutfirst checking if conn->type is in fact AMP_LINK and in case it...

CVE-2025-21699

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag:depending on that flag, the pages in the address space will either usebuffer heads or iomap_foli...

CVE-2025-21760

In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()and avoid a potential UAF.

CVE-2022-49587

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently.Thus, we need to add READ_ONCE() to its reader.

CVE-2022-49639

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently.So, we need to add READ_ONCE() to avoid data-races.

CVE-2024-57980

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it willfree the dev->status pointer but doesn't reset the pointer to NULL. Thisresults in the kfree() call in uvc_st...

CVE-2024-58002

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handlethat started the operation. That pointer will be used when the device isdone. Which could be anytime in the future. If ...

CVE-2025-21697

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device mustbe set to NULL. Failing to do so triggers a warning when unloadingthe driver, as it appears the job ...

CVE-2022-49653

In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memoryleak in that code path. The leak is caused by the fact thatrelease_resource() merely removes the resource fr...

CVE-2022-49471

In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check indexbefore we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23index 188 is out of range ...

CVE-2022-49583

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly.iavf_get_rx_buffer now sets the rx_buffer return value for dummy receivedescriptors. Without this patch, when ...

CVE-2022-49603

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. While reading sysctl_ip_fwd_update_priority, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its readers.