Linux Kernel vulnerabilities

CVE-2022-50427 [MEDIUM] CWE-401 CVE-2022-50427: In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked.

CVE-2022-50426 [MEDIUM] CVE-2022-50426: In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rproc_stop_subdevices(), then rproc_vq_interrupt() accessing these resources will caus

CVE-2023-53461 [MEDIUM] CVE-2023-53461: In the Linux kernel, the following vulnerability has been resolved: io_uring: wait interruptibly fo In the Linux kernel, the following vulnerability has been resolved: io_uring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by io_ring_exit_work. That function is invoked by kworker, which doesn't take any signals. Because of that, it doesn't really matt

CVE-2023-53530 [MEDIUM] CVE-2023-53530: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use raw_smp_proc In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092 localh

CVE-2023-53512 [MEDIUM] CWE-401 CVE-2023-53512: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory lea In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree().

CVE-2025-39895 [MEDIUM] CWE-476 CVE-2025-39895: In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_ In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_cpu() if mask offline sched_numa_find_nth_cpu() uses a bsearch to look for the 'closest' CPU in sched_domains_numa_masks and given cpus mask. However they might not intersect if all CPUs in the cpus mask are offline. bsearch will return NULL in that

CVE-2023-53463 [MEDIUM] CVE-2023-53463: In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_queued and num_completed byte counters. These stats are used in Byte Queue Limit (BQL) algorithms. The difference

CVE-2025-39897 [MEDIUM] CWE-476 CVE-2025-39897: In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Add error In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the er

CVE-2022-50456 [MEDIUM] CVE-2022-50456: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs f In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical address in the non-inline region will result in add_all_parents reading the invalid offset f

CVE-2023-53498 [MEDIUM] CWE-476 CVE-2023-53498: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null dereference The adev->dm.dc pointer can be NULL and dereferenced in amdgpu_dm_fini() without checking. Add a NULL pointer check before calling dc_dmub_srv_destroy(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2023-53464 [MEDIUM] CWE-476 CVE-2023-53464: In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Check that soc In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()") introduced this change which may le

CVE-2025-39893 [MEDIUM] CWE-401 CVE-2025-39893: In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal. Change the qcom_spi_probe() function to unregister the

CVE-2022-50451 [MEDIUM] CWE-401 CVE-2022-50451: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak on nt In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak on ntfs_fill_super() error path syzbot reported kmemleak as below: BUG: memory leak unreferenced object 0xffff8880122f1540 (size 32): comm "a.out", pid 6664, jiffies 4294939771 (age 25.500s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00

CVE-2022-50444 [MEDIUM] CVE-2022-50444: In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak in tegra20_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.

CVE-2025-39903 [MEDIUM] CWE-476 CVE-2025-39903: In the Linux kernel, the following vulnerability has been resolved: of_numa: fix uninitialized memo In the Linux kernel, the following vulnerability has been resolved: of_numa: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes (nodes without CPUs), these nodes are not properly initialized, causing kernel panic during boot. of_numa_init of_numa_parse_cpu_nodes node_set(nid, numa_nodes_parsed); of_numa_parse_mem

CVE-2023-53477 [MEDIUM] CVE-2023-53477: In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size o In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6_nlmsg_size(), the length of nexthop is calculated by multipling the nexthop length of fib6_info and the number of siblings. However if the fib6_info has no lwtunnel but the siblings have lwtunnels, the ne

CVE-2025-39920 [MEDIUM] CWE-476 CVE-2025-39920: In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory acc

CVE-2022-50461 [MEDIUM] CVE-2022-50461: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: F In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() Ensure pm_runtime_put() is issued in error path.

CVE-2023-53523 [MEDIUM] CWE-476 CVE-2023-53523: In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: fix time stamp cou In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: fix time stamp counter initialization If the gs_usb device driver is unloaded (or unbound) before the interface is shut down, the USB stack first calls the struct usb_driver::disconnect and then the struct net_device_ops::ndo_stop callback. In gs_usb_disconnect() all

CVE-2023-53482 [MEDIUM] CVE-2023-53482: In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iomm In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iommu_group_alloc() If either iommu_group_grate_file() fails then the iommu_group is leaked. Destroy it on these error paths. Found by kselftest/iommu/iommufd_fail_nth