Linux Kernel vulnerabilities

CVE-2025-39950 [MEDIUM] CWE-476 CVE-2025-39950: In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix a NULL pointer der In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR A NULL pointer dereference can occur in tcp_ao_finish_connect() during a connect() system call on a socket with a TCP-AO key added and TCP_REPAIR enabled. The function is called with skb being NULL and atte

CVE-2023-53567 [MEDIUM] CWE-401 CVE-2023-53567: In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disa

CVE-2023-53599 [MEDIUM] CWE-476 CVE-2023-53599: In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing in In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will oops when it tries to do gcm_walk_start(

CVE-2025-39948 [MEDIUM] CWE-401 CVE-2025-39948: In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi- In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi-buffer frames The ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice driver. It works by iterating over the buffers f

CVE-2023-53547 [MEDIUM] CVE-2023-53547: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini error Fix sdma v4 sw fini error for sdma 4.2.2 to solve the following general protection fault [ +0.108196] general protection fault, probably for non-canonical address 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI [ +0.000018] RIP: 0010:free_fw_priv+0xd/0

CVE-2023-53589 [MEDIUM] CVE-2023-53589: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the

CVE-2023-53553 [MEDIUM] CVE-2023-53553: In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcp In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from drivers/hid/hid-hyperv.c:8: In function 'fortify_memcpy_chk', inlined from

CVE-2023-53562 [MEDIUM] CWE-401 CVE-2023-53562: In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind errors Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Patchwork: https://patchwork.freedesktop.org/patch/525094/

CVE-2023-53561 [MEDIUM] CWE-476 CVE-2023-53561: In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL point In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipc_imem_wwan_channel_init() fails to get the valid device capabilities it re

CVE-2022-50475 [MEDIUM] CWE-476 CVE-2022-50475: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ib_port" In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ib_port" is valid when access sysfs node The "ib_port" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle kernel NULL pointer dereference at virtual address

CVE-2022-50471 [MEDIUM] CVE-2022-50471: In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA spl In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized (PV) Xen domains: * User process sets up a gntdev mapping composed of two grant mappings (i.e., two pages shared by another Xen domain).

CVE-2023-53557 [MEDIUM] CVE-2023-53557: In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after t In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftrace_ops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI ... Call Trace: fprobe_handler+0x

CVE-2025-39949 [MEDIUM] CVE-2025-39949: In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many pro In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previously-kmalloc'ed dump buffer. This will result in a kernel panic with reason: B

CVE-2023-53539 [MEDIUM] CVE-2023-53539: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to rxe_xmit_packet() can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state before the packet was sent so it can be resent. However,

CVE-2023-53609 [MEDIUM] CVE-2023-53609: In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do no In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed" The "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would cause kernel panic because cmd->device may be freed after returning from scsi_dispatch_cmd(). This reverts commit cfee29ffb45b1

CVE-2023-53533 [MEDIUM] CVE-2023-53533: In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix ref In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe rpi_firmware_get() take reference, we need to release it in error paths as well. Use devm_rpi_firmware_get() helper to handling the resources. Also remove the existing rpi_firmware_put().

CVE-2022-50472 [MEDIUM] CVE-2022-50472: In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ib_query_pkey() in atomic context. WARNING: CPU: 0 PID: 1888000 at kernel/trace/ring_buffer.c:2492 rb_commit+0xc1/0x220 CPU

CVE-2025-39934 [MEDIUM] CWE-476 CVE-2025-39934: In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpc_client device, potentially leading to NULL pointer dereference.

CVE-2023-53563 [MEDIUM] CVE-2023-53563: In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix ker In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy of the CPU and mark it as busy. In these functions, cpufreq_cpu_put() should be used

CVE-2023-53548 [MEDIUM] CVE-2023-53548: In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usb In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked