CVE-2025-22107

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() There are actually 2 problems: deleting the last element doesn't require the memmove of elements[i + 1, end) over it. Actually, element i+1 is out o...

CVE-2025-22117

In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in functionice_vc_fdir_parse_raw() by verifying if it does not exceed theVIRTCHNL_MAX_SIZE_RAW_PACKET value...

CVE-2025-23157

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times duringmanipulated payload from video firmware. In such case, if codecs_countcan get incremented to v...

CVE-2025-37742

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: =====================================================BUG: KMSAN: uninit-value in hex_dump_to_buf...

CVE-2025-37755

In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle page_pool_dev_alloc_pages error page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046("ne...

CVE-2025-37775

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to d...

CVE-2025-37831

In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not presentin the policy->cpus mask. apple_soc_cpufreq_get_rate() does not checkfor this case, w...

CVE-2025-37840

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitializedstruct nand_operation that checks chip select field :WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.5...

CVE-2025-37880

In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling intime-travel mode as no time has passed. In the case seen it appears tobe a badly implemented userspace spin...

CVE-2025-37995

In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is createdusing 'module_ktype'. So call to 'kobject_put()' on error handlingpath causes an attempt to us...

CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPUregisters in a virtualized environment., including TLB fl...

CVE-2022-49052

In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONE_VM cloning, user process can be corrupted byseeing zeroed page unexpectedly. CPU A CPU B do_swap_page do_swap_pageSWP_SYNCHRONOUS_IO path SWP_SYNCHRONO...

CVE-2022-49062

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setting thexattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in cachefiles_set_volu...

CVE-2022-49082

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...

CVE-2022-49091

In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_modefails. Addresses-Coverity-ID: 1443943 ("Resource leak")

CVE-2022-49117

In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in ill_acc_of_setup() of_node_put(np) needs to be called when pdev == NULL.

CVE-2022-49163

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it maybe the default value MXC_MAX_SLOTS.If the driver access the slot using the incorrect slot number, it ...

CVE-2022-49166

In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocationsize. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size.

CVE-2022-49170

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 OverviewUBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and opera...

CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error.Provided ->shutdown() is not called when ->activate() fails, nothingactually frees the buffer in th...

CVE-2022-49217

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is notinitialized to 0. This missing initialization sometimes lead to the taskcompletion path seeing the ccb with a non-ze...

CVE-2022-49252

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds accesson platforms like aarch64 where sizeof(long) is 8 compared to enum sizewhich is 4 bytes...

CVE-2022-49261

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vm_access A missing bounds check in vm_access() can lead to an out-of-bounds reador write in the adjacent memory area, since the len attribute is notvalidated before the memcpy later in t...

CVE-2022-49324

In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Add the missing of_node_put() to release the refcount incrementedby of_find_compatible_node().

CVE-2022-49336

In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as wewould otherwise try to remove the mapping twice, corrupting the involveddata structures.

CVE-2022-49352

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows:EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memoryEXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: m...

CVE-2022-49400

In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this:do_md_stop|__md_stop (pers->free(); mddev->private=NULL)|md_free (free mddev)__md_stop sets mddev->private to NULL after ...

CVE-2022-49421

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we shoulduse of_node_put() on it when not need anymore. Add missing of_node_put() toavoid refcount...

CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if (info->secstrings[strhdr->sh_size - 1] != '\0') { BUG: unable to handle page fault for address: ffffc90000aa...

CVE-2022-49522

In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) andlimit the maximum segment size based on the DMA engine's capabilities. Thisis needed to avoid w...

CVE-2022-49556

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybeless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the datathat PSP firmwar...

CVE-2022-49560

In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap.This was triggered by reproducer calling truncute with size 0,which causes the following trace: BUG: KASAN: slab-out-of-bounds in ex...

CVE-2022-49613

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() callsserial8250_console_setup() before .dev is set to uart_port. Therefore,it will not call pm_runtime_get_sync(). Later, when ...

CVE-2022-49667

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"),resolve case, when there is several aggregation groups in the same bond.bond_3ad_unbind_slave will inva...

CVE-2022-49676

In the Linux kernel, the following vulnerability has been resolved: memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_nod...

CVE-2022-49704

In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid hasbeen obtained. Just move the version check earlier.

CVE-2022-49722

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled,when it requests a reset. If PF driver assumes that VF is disabled,while VF still has queues configured, VF may unmap...

CVE-2022-49724

In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this splat when the driveris unbound: WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irqTrying to free already-free IRQ 65Call Trace:war...

CVE-2022-49749

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflowby depending on the values of the given parameters including the ic_clk.For example...

CVE-2022-49890

In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() tocomplete the memory allocation of tmpbuf, if we have completedthe memory allocation of tmpbu...

CVE-2023-53086

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb orsdio devices. This patch fixes the crash reported below: [ 21.946627] wlp0s3u1i3: authenticate wi...

CVE-2023-53095

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removedfrom an object. The locking rules here are a bit unclear but it lookscurrently like res->bo assignment is protected ...

CVE-2023-53103

In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails syzbot reported a warning[1] where the bond device itself is a slave andwe try to enslave a non-ethernet device as the first slave which failsbut then in the err...

CVE-2023-53117

In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369

CVE-2024-57923

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can bearbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE maycause read-in bytes to excee...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIOwrite on that file), future copying to the cache for that file is disableduntil al...

CVE-2024-57943

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data mustbe zeroed, otherwise uninitialized data in the page cache willbe written. So this commit uses folio_zero_new_buffe...

CVE-2024-58070

In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptiblecontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch isto enforce bpf_mem_alloc in the b...

CVE-2024-58097

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix RCU stall while reaping monitor destination ring While processing the monitor destination ring, MSDUs are reaped from thelink descriptor based on the corresponding buf_id. However, sometimes the driver cannot obta...

CVE-2025-21732

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in aCQE with an error on the UMR QP. During the __mlx5_ib_dereg_mr() flow, the following sequence...