10742 matches found
CVE-2022-49966
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.
CVE-2022-50004
In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev== NULL) through xfrm interface we can hit a null pointer dereference[1]in xfrmi_xmit2(...
CVE-2022-50006
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using thepassed in filehandle if its not a regular filehandle. If alloc_file_pseudo() has failed, we need to decrement a referenceo...
CVE-2022-50027
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails toissue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq requ...
CVE-2022-50046
In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the functionfails to grab the object xprt, it simply returns 0, forgetting todecrease the reference count ...
CVE-2022-50065
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returnsNULL, we should check if xdp_page was allocated by xdp_linearize_page().If it is newly allocated, it should...
CVE-2022-50067
In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Thenbtrfs_relocate_block_group() calls relocate_block_group()prepare_to_relocate()set_reloc_contr...
CVE-2022-50076
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64):comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s)hex dump (first 32 bytes):80 5a d0 11...
CVE-2022-50084
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizerand running this testsuite:https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid =...
CVE-2022-50085
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm testlvconvert-raid.sh. The reason for the warning is that mddev->raid_disksis greater than rs->raid_disks, so ...
CVE-2022-50087
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_infois not set and will remain NULL until the probe succeeds. If it is nottaken care, then...
CVE-2022-50098
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is notpossible fail the escalation path. Following crash stack was seen: BUG: unable to handle...
CVE-2022-50099
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' may lar...
CVE-2022-50102
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the userspace, under special arguments that may result in a divide-by-zero bugin:drivers/video/fbdev/a...
CVE-2022-50109
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for thereferences returned by of_graph_get_next_endpoint() andof_graph_get_remote_port_parent() which have increased the refc...
CVE-2022-50125
In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid r...
CVE-2022-50129
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular membersinto pointers. Allocate the LIO port data structures from insidesrpt_make_tport() and free these from inside srpt_make_tport()....
CVE-2022-50132
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointerand its dereference with priv_ep->cdns3_dev may cause panic....
CVE-2022-50138
In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() __qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" withinit_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr"is released while "mr->...
CVE-2022-50154
In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount incremented, sowe should use of_node_put() on it when we don't need it anymore. Add missing of_node_pu...
CVE-2022-50157
In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() of_get_next_child() returns a node pointer with refcount incremented, so weshould use of_node_put() on it when we don't need it anymore. mc_pcie_init_irq_domains() onl...
CVE-2022-50172
In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine.
CVE-2025-37896
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Forexample, in Winbond SPINAND flash memory devices, the write_cache andupdate_cache operation variants have zero dumm...
CVE-2025-38043
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointerlead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124
CVE-2025-38044
In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get aWARN_ON instead). Not seen before since currently 417 support...
CVE-2025-38087
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by anRCU read-side critical section, a race with advance_sched()can lead to a use-after-free. Adding rcu_read_lock() inside t...
CVE-2025-38181
In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocatinga CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_full_sk() incalipso_req_...
CVE-2025-38234
In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview When a CPU chooses to call push_rt_task and picks a task to push toanother CPU's runqueue then it will call find_lock_lowest_rq methodwhich would take a double lock on both CPUs' runqueue...
CVE-2022-49937
In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction inthe mceusb driver: ------------[ cut here ]------------usb 6-1: BOGUS control dir, pipe 80000380 doesn't matc...
CVE-2022-49945
In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed togpio_fan_set_cur_state() exceeds the maximum cooling state asstored in fan_data->num_speeds. Since the cooling state is lat...
CVE-2022-49954
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], foriforce_close() waiting at wait_event_interruptible() with dev->mutex heldis blocking input_disc...
CVE-2022-49978
In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In do_fb_ioctl() of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will becopied from user, then go through fb_set_var() andinfo->fbops->fb_check_var() which could may be pm2...
CVE-2022-49987
In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the pathraid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid tofix the KASAN issu...
CVE-2022-49989
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmd_ioctl_dm_op() The error exit of privcmd_ioctl_dm_op() is calling unlock_pages()potentially with pages being NULL, leading to a NULL dereference. Additionally lock_pages() doesn't check for pin...
CVE-2022-50008
In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarm_kprobe() for disabled kprobes The assumption in __disable_kprobe() is wrong, and it could try to disarman already disarmed kprobe and fire the WARN_ONCE() below. [0] We caneasily reproduce this issue. Wri...
CVE-2022-50032
In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will returna node pointer with refcount incremented. We should use of_node_put()when it is not used anymore.
CVE-2022-50034
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request(){...kfree(priv_req->request.buf);cdns3_gadget_ep_free_request(&priv_ep->endpoint...
CVE-2022-50055
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherentmemory for VF mailbox.Free DMA regions for both ASQ and ARQ in case error happens duringconfiguration of ASQ/ARQ registers.Wit...
CVE-2022-50083
In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size isnot less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,the end position may be greater than...
CVE-2022-50092
In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports:BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80Read of size 8 at addr ffff8881b9d50068 ...
CVE-2022-50101
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' iscalculated by the user input. If the user provides the improper value,the value of 'screen_size' m...
CVE-2022-50104
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer withrefcount incremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50120
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not needed anymore.This function has two paths missing of_no...
CVE-2022-50124
In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcou...
CVE-2022-50134
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups withhfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groupsis not released, which will le...
CVE-2022-50159
In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently ima_get_kexec_buffer() doesn't check if the previous kernel'sima-kexec-buffer lies outside the addressable memory range. This can resultin a kernel panic ...
CVE-2022-50173
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case.Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK st...
CVE-2022-50179
In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. Theproblem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-...
CVE-2022-50196
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.of_nod...
CVE-2025-37966
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is notavailable, the kernel crashes: Oops - illegal instruction [#1][snip]epc : set_tagged_addr_ctrl+0x112/0x15a...