10742 matches found
CVE-2022-50126
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' injbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a)jh-&...
CVE-2025-37895
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() failsbecause we call cancel_work_sync() on dim work that has not beeninitialized. WARNING: CPU: 37 PID: 5223 at kerne...
CVE-2025-37919
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot Update chip data using dev_get_drvdata(dev->parent) to fixNULL pointer deref in acp_i2s_set_tdm_slot.
CVE-2025-37939
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure the core_relo header is presentbefore reading its fields. This avoids a potential buffer read overflowreported by the OSS Fuzz project.
CVE-2025-37965
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why]"BUG: sleeping function called from invalid context" error.after:"drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()" The populate_dml_plane_cfg_from_plane...
CVE-2025-38086
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to callmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()utilises a local buffer called "buff", which is initialis...
CVE-2022-49936
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation inusb-storage: ============================================WARNING: possible recursive locking detected5.18.0 #3 Not taint...
CVE-2022-50054
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_resin iavf_init_get_resources. Previous commit introduced a regression,where receiving IAVF_ERR_A...
CVE-2022-50073
In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver.When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null(in tap.c skb-...
CVE-2022-50220
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which maysleep. On disconnect, completion of the work was originally awaited in->ndo_stop(). But in 2003, that was...
CVE-2025-37894
In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to bereturned from the functions __inet_lookup_established() and__inet6_lookup_established(). This can cause a cr...
CVE-2025-37942
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago, pool report is sometimes messed up.This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're makin...
CVE-2022-49984
In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a FeatureReport. The HID Steam driver presently makes no prevision for thisand de-references the 'st...
CVE-2022-50135
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some erroroccurs, the error handler of function rxe_qp_from_init will setboth scq and rcq to NULL. Then rxe_create_...
CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory isinitialized and the MSI memory region is allocated, the latter parts won'tbe undone thus causing a ...
CVE-2025-37898
In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least one patchablefunction entry, which is not always the case (modules that export databut no code), othe...
CVE-2025-37906
In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, butwe may have scheduled task work via io_uring_cmd_complete_in_task() fordispatching reque...
CVE-2025-37941
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails,wcd937x_soc_codec_probe() returns without releasing 'wcd937x->clsh_info',which i...
CVE-2025-37955
In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently revealsthat there is a mem leak on the error path of virtnet_xsk_pool_enable(): unreferenced object 0xffff888...
CVE-2025-38005
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lockvalidator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x3...
CVE-2025-38009
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b("net: warn if NAPI instance wasn't shut down"). Disable tx napi beforedeleting it in mt76_dma_cleanup(). WARNING: CP...
CVE-2025-38014
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals andso on. Refactor remove call with the idxd_cleanup() helper to avoid codeduplication. Note, this ...
CVE-2025-38023
In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context innfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treatan nfs4_unlockdata structure (whos...
CVE-2025-38024
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace:__dump_stack lib/dump_stack.c:94 [inline]dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120print_address_description mm/kasan/report.c:378 [inline]print_report+0...
CVE-2025-38060
In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied bycopy_verifier_state(). Otherwise, .loop_entry values from unrelatedstates would poison env->cur_state. Addition...
CVE-2025-38079
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash withMSG_MORE flag set and crypto_ahash_import fails,sk2 is freed. However, it is also freed in af_alg_release,leading to slab-use-...
CVE-2022-49938
In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), afterthe request is sent, the checks would return -EIO when they should berather setting rc = -EIO and jumping to n...
CVE-2022-49981
In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leakunreferenced object 0xffff88810e72f180 (size 32):comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)hex ...
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as itdoesn't need to make forward progress under memory pressure. Marking thisworkqueue as WQ_MEM_RECLAIM ...
CVE-2022-49990
In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation controlblocks are stored in the thread_struct of the associated task. Thesepointers are initially copied on fork(...
CVE-2022-50012
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parse_early_param() On 64-bit, calling jump_label_init() in setup_feature_keys() is toolate because static keys may be used in subroutines ofparse_early_param() which is again subroutine of early...
CVE-2022-50152
In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50153
In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50206
In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmaxand can generate the following Oops if called concurrently with itself: | Unable to handle kerne...
CVE-2025-37971
In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state tovchiq_state") changed mmal_init to pass dev->v4l2_dev.dev tovchiq_mmal_init, however nothing iniitialised de...
CVE-2025-38011
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is acceptedand then waiting to take vm lock is interrupted and return, it causesmemory leaking and below warning backtrace. C...
CVE-2025-38027
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using anarray of struct of_regulator_match allocated on the stack for thematches argument. of_regulator_match() calls devm_of_...
CVE-2025-38085
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may havepreviously been shared across processes, potentially turning it into anormal page table used in another process i...
CVE-2025-38177
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendlyto its callers, like fq_codel_dequeue(). Let's make it idempotentto ease qdisc_tree_reduce_backlog() callers' life: update_vf(...
CVE-2022-50027
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails toissue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq requ...
CVE-2022-50033
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will returna node pointer with refcount incremented. We should use of_node_put()when it is not used anymore.
CVE-2022-50045
In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEPwarning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580in_atomic(): 1, irq...
CVE-2022-50085
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm testlvconvert-raid.sh. The reason for the warning is that mddev->raid_disksis greater than rs->raid_disks, so ...
CVE-2022-50098
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is notpossible fail the escalation path. Following crash stack was seen: BUG: unable to handle...
CVE-2022-50129
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular membersinto pointers. Allocate the LIO port data structures from insidesrpt_make_tport() and free these from inside srpt_make_tport()....
CVE-2022-50181
In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()and it will lead to a NULL dereference by a lately use of it(i.e., ptr = cache_ent->caps_cache). Fix it wi...
CVE-2022-50191
In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned byof_get_child_by_name() which has increased the refcount.
CVE-2022-50215
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg willimmediately return -ENODEV on any attempt to wait for active commands thatwere sent before the r...
CVE-2025-37896
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Forexample, in Winbond SPINAND flash memory devices, the write_cache andupdate_cache operation variants have zero dumm...
CVE-2025-38057
In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb.