Linux Kernel vulnerabilities

CVE-2022-50420 [MEDIUM] CWE-401 CVE-2022-50420: In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix re In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In hpre_remove(), when the disable operation of qm sriov failed, the following logic should continue to be executed to release the remaining resources that have been allocated, instead of returning directly, otherwise th

CVE-2023-53480 [MEDIUM] CWE-476 CVE-2023-53480: In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for k In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset->kobj.ktype in kset_register() When I register a kset in the following way: static struct kset my_kset; kobject_set_name(&my_kset.kobj, "my_kset"); ret = kset_register(&my_kset); A null pointer dereference exception is occurred: [ 4453.568337] U

CVE-2023-53457 [MEDIUM] CWE-476 CVE-2023-53457: In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Rea In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the filesystem is read-only before calling txBegin, and retu

CVE-2022-50452 [MEDIUM] CWE-476 CVE-2022-50452: In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null poin In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cake_init() fails When the default qdisc is cake, if the qdisc of dev_queue fails to be inited during mqprio_init(), cake_reset() is invoked to clear resources. In this case, the tins is NULL, and it will cause gpf issue. The p

CVE-2023-53450 [MEDIUM] CWE-617 CVE-2023-53450: In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUG_ON in ext4_m In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUG_ON in ext4_mb_release_group_pa() If a malicious fuzzer overwrites the ext4 superblock while it is mounted such that the s_first_data_block is set to a very large number, the calculation of the block group can underflow, and trigger a BUG_ON check. Change this to

CVE-2023-53517 [MEDIUM] CVE-2023-53517: In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_ In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for the minimum mtu, l->mtu will be set to 4 in tipc_link_proto_rcv(), then n->lin

CVE-2023-53520 [MEDIUM] CWE-362 CVE-2023-53520: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the call trace: [102152.653246] Call Trace: [102152.653254] hci_suspend_sync+0x109/0x301 [bluetooth]

CVE-2023-53518 [MEDIUM] CWE-401 CVE-2023-53518: In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfr In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call. Reported by kmemleak.

CVE-2023-53462 [MEDIUM] CWE-908 CVE-2023-53462: In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fill_frame_info() Syzbot reports the following uninit-value access problem. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616 fill_frame

CVE-2023-53468 [MEDIUM] CWE-401 CVE-2023-53468: In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in alloc In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in alloc_wbufs() kmemleak reported a sequence of memory leaks, and show them as following: unreferenced object 0xffff8881575f8400 (size 1024): comm "mount", pid 19625, jiffies 4297119604 (age 20.383s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00

CVE-2023-53488 [MEDIUM] CVE-2023-53488: In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic dur In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the update counters work might be pending, and may run after memory has been freed. Cancel the update counters work before freeing memory.

CVE-2022-50429 [MEDIUM] CVE-2022-50429: In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak b In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically increase and decrease the refcount.

CVE-2022-50459 [MEDIUM] CWE-476 CVE-2022-50459: In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix nul In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Fix a NULL pointer crash that occurs when we are freeing the socket at the same time we access it via sysfs. The problem is that: 1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take the fr

CVE-2022-50435 [MEDIUM] CVE-2022-50435: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline d In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets truncated later to say 1 byte and written using normal write, we will try to store the da

CVE-2023-53526 [MEDIUM] CVE-2023-53526: In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh->b_transaction' In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh->b_transaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2_journal_commit_transaction __jbd2_journal_insert_checkpoint(jh, commit_transaction) // Put jh into trans1->t_checkpoint_list journal->j_checkpoint_transactions = comm

CVE-2023-53497 [MEDIUM] CWE-476 CVE-2023-53497: In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2_is_str In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2_is_streaming() with vb2_start_streaming_called() The vsp1 driver uses the vb2_is_streaming() function in its .buf_queue() handler to check if the .start_streaming() operation has been called, and decide whether to just add the buffer to an internal queue,

CVE-2025-39918 [MEDIUM] CVE-2025-39918: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list cor In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list

CVE-2023-53531 [MEDIUM] CWE-476 CVE-2023-53531: In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request time In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. [1] BUG: kernel NULL pointer dereference, address: 0000000000000008 Workqueue: kblockd blk_mq_timeout_

CVE-2025-39899 [MEDIUM] CVE-2025-39899: In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmap_local In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using kmap_local_page(), which requires unmapping in Last-In-First-Out order. The current code maps dst_pte first, then src_pte, but unmaps them in the same o

CVE-2023-53499 [MEDIUM] CVE-2023-53499: In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding of XDP initialization When initializing XDP in virtnet_open(), some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled NAPI, which is not the expected behavior. Need to roll