Linux Kernel vulnerabilities

CVE-2022-50486 [MEDIUM] CVE-2022-50486: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return t In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they

CVE-2023-53565 [MEDIUM] CWE-476 CVE-2023-53565: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe() id argument being NULL The probe() id argument may be NULL in 2 scenarios: 1. brcmf_pcie_pm_leave_D3() calling brcmf_pcie_probe() to reprobe the device. 2. If a user tries to manually bind the driver from sysfs then the sdio / pcie / usb probe()

CVE-2022-50498 [MEDIUM] CVE-2022-50498: In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on res In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace: __alx_open+0x230/0x570 [alx] alx_resume+0x54/0x80 [alx] ? pci_legacy_resume+0x80/0

CVE-2022-50491 [MEDIUM] CVE-2022-50491: In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852 ("Revert "firmware: arm_scmi: Add clock management

CVE-2023-53588 [MEDIUM] CVE-2023-53588: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for stati In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also

CVE-2025-39932 [MEDIUM] CVE-2025-39932: In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbd_destroy() In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) In smbd_destroy() we may destroy the memory so we better wait until post_send_credits_work is no longer pending and will never be started again. I actually just hit the case using rxe: WARNING: CPU: 0

CVE-2023-53573 [MEDIUM] CVE-2023-53573: In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume D In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume Disabling the cache in commit 2ff4ba9e3702 ("clk: rs9: Fix I2C accessors") without removing cache synchronization in resume path results in a kernel panic as map->cache_ops is unset, due to REGCACHE_NONE. Enable flat cache again to support resume again. num_re

CVE-2022-50500 [MEDIUM] CWE-401 CVE-2022-50500: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in n In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed If some items in nsim_dev_resources_register() fail, memory leak will occur. The following is the memory leak information. unreferenced object 0xffff888074c02600 (size 128): comm "echo", pid

CVE-2023-53580 [MEDIUM] CWE-667 CVE-2023-53580: In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated interaction between the kernel driver and a userspace c

CVE-2025-39947 [MEDIUM] CWE-476 CVE-2025-39947: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5_uplink_netdev_get() gets the uplink netdevice pointer from mdev->mlx5e_res.uplink_netdev. However, the netdevice can be removed and its pointer cleared when unbound from the mlx5_core.eth driver. This r

CVE-2023-53582 [MEDIUM] CWE-476 CVE-2023-53582: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM vers In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace() in brcmf_c_preinit_dcmds(). This buffer is filled with a CLM

CVE-2022-50483 [MEDIUM] CVE-2022-50483: In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdp_do_redirect() failure Before enetc_clean_rx_ring_xdp() calls xdp_do_redirect(), each software BD in the RX ring between index orig_i and i can have one of 2 refcount values on its page. We are the owner of the current buffer that is being processed, s

CVE-2023-53545 [MEDIUM] CVE-2023-53545: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove cs In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csa_va properly Root PD BO should be reserved before unmap and remove a bo_va from VM otherwise lockdep will complain. v2: check fpriv->csa_va is not NULL instead of amdgpu_mcbp (christian) [14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdg

CVE-2023-53542 [MEDIUM] CVE-2023-53542: In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos542 In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver adding support for Exynos5420 MIPI phy back in 2016 wasn't used on Exynos5420, which caused a kernel panic. Add the proper compatible for it.

CVE-2023-53607 [MEDIUM] CWE-617 CVE-2023-53607: In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUG_ON in pro In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUG_ON in probe function The snd_dma_buffer.bytes field now contains the aligned size, which this snd_BUG_ON() did not account for, resulting in the following: [ 9.625915] ------------[ cut here ]------------ [ 9.633440] WARNING: CPU: 0 PID: 126 at sound/pci/ymf

CVE-2023-53612 [MEDIUM] CWE-476 CVE-2023-53612: In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify plat In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation and the registration of the hwmon interface in a

CVE-2022-50481 [MEDIUM] CWE-476 CVE-2022-50481: In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-dere In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added devic

CVE-2025-39936 [MEDIUM] CWE-476 CVE-2025-39936: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() When 9770b428b1a2 ("crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown") moved the error messages dumping so that they don't need to be issued by the callers, it missed the case

CVE-2023-53581 [MEDIUM] CWE-362 CVE-2023-53581: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from unready_flows list by the workqueue task, which ca

CVE-2023-53576 [MEDIUM] CWE-476 CVE-2023-53576: In the Linux kernel, the following vulnerability has been resolved: null_blk: Always check queue mo In the Linux kernel, the following vulnerability has been resolved: null_blk: Always check queue mode setting from configfs Make sure to check device queue mode in the null_validate_conf() and return error for NULL_Q_RQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is set to 1 from configfs, following are repro