CVE-2022-50118

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clearpending PMI before resetting an overflown PMC") added a newfunction...

CVE-2022-50129

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular membersinto pointers. Allocate the LIO port data structures from insidesrpt_make_tport() and free these from inside srpt_make_tport()....

CVE-2022-50155

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with refcount incremented,we should use of_node_put() on it when not need anymore.Add missing of_node_put() to av...

CVE-2022-50158

In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: Fix refcount leak in parse_redboot_of of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak...

CVE-2022-50160

In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.

CVE-2022-50169

In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a singlebyte is initialized. However, we need to initialize the whole bufferto prevent information leaks. Just...

CVE-2022-50176

In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() decrementsthe reference counter of the previous node. There is no decrementwhen break out from the loop and results in refcount leak...

CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()and it will lead to a NULL dereference by a lately use of it(i.e., ptr = cache_ent->caps_cache). Fix it wi...

CVE-2022-50191

In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned byof_get_child_by_name() which has increased the refcount.

CVE-2022-50209

In the Linux kernel, the following vulnerability has been resolved: meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcou...

CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function inisl29028_remove(). To keep the release order as mirroring the orderingin probe, the driver should use non-man...

CVE-2022-50222

In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be readimmediately after resize operation. Initialize buffer using kzalloc(). #include #include #include #include int main(...

CVE-2022-50231

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]Read of size 4 at addr ffff0010e293f010 by ta...

CVE-2025-38010

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses bias_pad_enable as a reference count tomanage the shared bias pad for all UTMI PHYs. However, during systemsuspension with connected ...

CVE-2025-38045

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly.Now we implemented the dump split and do the FW reset only in themiddle of the dump (rather than the FW killing itself on error...

CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing throughvm_ops->may_split(). This happens before the VMA lock and rmap locks aretaken - which is too earl...

CVE-2025-38087

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by anRCU read-side critical section, a race with advance_sched()can lead to a use-after-free. Adding rcu_read_lock() inside t...

CVE-2025-38105

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, thedriver might be freed without the disconnect call. This leaves thetimer in an active state while the assigned obj...

CVE-2025-38182

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queueswe get from userspace when adding a device.

CVE-2025-38184

In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: create a tun interface enable l2 bearer TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started in network modetipc: Node identi...

CVE-2025-38198

In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node willrun afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon....

CVE-2025-38214

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory forfb_videomode, later it may lead to a null-ptr dereference infb_videomode_to_var(), as the fb_i...

CVE-2025-38218

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image whichcontains inconsistent metadata, so when mounting such image, itwill trigger kernel panic: touch imgtruncate -s $((512102...

CVE-2025-38229

In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()succeeds and rlen is greater than 0, the read oper...

CVE-2025-38230

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catchcorrupted metadata early and avoid undefined behavior in dbAllocAG.Limits are derived from L2LPERCTL, L...

CVE-2025-38336

In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system whendoing ATAPI DMAs without any trace of what happened. Depending on thedevice attached, it can also preve...

CVE-2025-38339

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampolinebefore the buffer for JIT'ing it is allocated. The total number ofinstructions emitted for BPF trampolin...

CVE-2022-49942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch"announcement doesn't make any sense. The BSS list is empty in that case. This causes the for l...

CVE-2022-49946

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypi_discover_clocks() relies on the assumptionthat the id of the last clock element is zero. Because this data comesfrom the Videocore firmware and it doesn't gu...

CVE-2022-49948

In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font sizecan be bigger than the previous font. A previous selection may thus nowbe outside of the new screen size and thus tri...

CVE-2022-49952

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoidcorrupting memory beyond the fixed-size slab-allocated session arraywhen there are more than FASTRPC_MAX_SESSIONS sessio...

CVE-2022-49958

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and queue 0 failsto attach qdisc because there is no memory in attach_one_default_qdisc().Then dev->qdi...

CVE-2022-49966

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.

CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE)adf7242_remove | adf7242_channelcancel_delayed_work_sync |destroy_workqueue (1) | adf7242_cmd_rx| mod_del...

CVE-2022-49982

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister thev4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,it calls pvr2_context_destroy to destroy context...

CVE-2022-49985

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer whichis based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_com...

CVE-2022-49993

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, whereina configuration of type loop_config is passed (see lo_ioctl()'scase on line 1550 of drivers/block/loop.c). This proceeds...

CVE-2022-50004

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev== NULL) through xfrm interface we can hit a null pointer dereference[1]in xfrmi_xmit2(...

CVE-2022-50006

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using thepassed in filehandle if its not a regular filehandle. If alloc_file_pseudo() has failed, we need to decrement a referenceo...

CVE-2022-50010

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740_calc_vclk() Since the user can control the arguments of the ioctl() from the userspace, under special arguments that may result in a divide-by-zero bug. If the user provides an impro...

CVE-2022-50011

In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610Modules ...

CVE-2022-50019

In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointerwith refcount incremented. We should use of_node_put() when it isnot used anymore.

CVE-2022-50028

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() isinterrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack.

CVE-2022-50030

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adaptinput string lengths to fit within internal buffers, leaving space for NULLte...

CVE-2022-50031

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free If qla4xxx doesn't remove the connection before the session, the iSCSIclass tries to remove the connection for it. We were doing aiscsi_put_conn() in the iter function which is not ne...

CVE-2022-50032

In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will returna node pointer with refcount incremented. We should use of_node_put()when it is not used anymore.

CVE-2022-50034

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request(){...kfree(priv_req->request.buf);cdns3_gadget_ep_free_request(&priv_ep->endpoint...

CVE-2022-50046

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the functionfails to grab the object xprt, it simply returns 0, forgetting todecrease the reference count ...

CVE-2022-50059

In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwsem isheld and the function is expected to release it before returning. Itcurrently fails to do that in all cases whic...

CVE-2022-50074

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however themanagement struct and data blob are allocated independently, so onlykvfree(data) cause a memleak issue here....