Linux Kernel vulnerabilities

CVE-2022-50466 [MEDIUM] CWE-401 CVE-2022-50466: In the Linux kernel, the following vulnerability has been resolved: fs/binfmt_elf: Fix memory leak In the Linux kernel, the following vulnerability has been resolved: fs/binfmt_elf: Fix memory leak in load_elf_binary() There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 (size 224): comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00

CVE-2023-53503 [MEDIUM] CWE-476 CVE-2023-53503: In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info() to fail Previously, ext4_get_group_info() would treat an invalid group number as BUG(), since in theory it should never happen. However, if a malicious attaker (or fuzzer) modifies the superblock via the block device while it is the file system is

CVE-2023-53449 [MEDIUM] CWE-401 CVE-2023-53449: In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memlea In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasd_eckd_init() `dasd_reserve_req` is allocated before `dasd_vol_info_req`, and it also needs to be freed before the error returns, just like the other cases in this function.

CVE-2022-50462 [MEDIUM] CWE-401 CVE-2022-50462: In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memo In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, it need be freed when module exiting, call put_device() to give up reference, so that

CVE-2023-53527 [MEDIUM] CWE-401 CVE-2023-53527: In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request() The memory allocated in tb_queue_dp_bandwidth_request() needs to be released once the request is handled to avoid leaking it.

CVE-2023-53475 [MEDIUM] CVE-2023-53475: In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following splat: [ 167.057718] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:229 [ 167.057872] Workqueue: events tegra_xusb_usb_phy_work [ 167.057954] Ca

CVE-2022-50440 [MEDIUM] CWE-476 CVE-2022-50440: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box si In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox have to be validated against the expected size of t

CVE-2023-53452 [MEDIUM] CWE-362 CVE-2023-53452: In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then, it hits BUG_ON(): kernel BUG at net/core/dev.c:

CVE-2025-39910 [MEDIUM] CWE-667 CVE-2025-39910: In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: respect g In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to supp

CVE-2025-39916 [MEDIUM] CWE-369 CVE-2025-39916: In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: avoid divide- In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() When creating a new scheme of DAMON_RECLAIM, the calculation of 'min_age_region' uses 'aggr_interval' as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when suc

CVE-2023-53458 [MEDIUM] CWE-476 CVE-2023-53458: In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr- In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buf

CVE-2025-39921 [MEDIUM] CVE-2025-39921: In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop checking viability of op->max_freq in supports_op callback In commit 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") the logic for checking the viability of op->max_freq in mchp_coreqspi_setup_clock() was copied in

CVE-2023-53455 [MEDIUM] CVE-2023-53455: In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently hel In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4_hdmi_reset_link() returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks and block until the contended lock becomes available. Cur

CVE-2023-53491 [MEDIUM] CVE-2023-53491: In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_pr In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_protector function attribute Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") we discussed the need for a function attribute to control the omission of stack protectors on a per-function basis; at the time Cl

CVE-2025-39915 [MEDIUM] CWE-667 CVE-2025-39915: In the Linux kernel, the following vulnerability has been resolved: net: phy: transfer phy_config_i In the Linux kernel, the following vulnerability has been resolved: net: phy: transfer phy_config_inband() locking responsibility to phylink Problem description Lockdep reports a possible circular locking dependency (AB/BA) between &pl->state_mutex and &phy->lock, as follows. phylink_resolve() // acquires &pl->state_mutex -> phylink_major_config

CVE-2022-50448 [MEDIUM] CVE-2022-50448: In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PT In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in When PTE_MARKER_UFFD_WP not configured, it's still possible to reach pte marker code and trigger an warning. Add a few CONFIG_PTE_MARKER_UFFD_WP ifdefs to make sure the code won't be reached when not compiled in.

CVE-2022-50443 [MEDIUM] CVE-2022-50443: In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usag In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by replacing it with the newest pm_runtime_resume_and_get to keep usage counter b

CVE-2023-53505 [MEDIUM] CWE-401 CVE-2023-53505: In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix p In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked.

CVE-2025-39902 [MEDIUM] CWE-476 CVE-2025-39902: In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metada In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since

CVE-2023-53529 [MEDIUM] CWE-401 CVE-2023-53529: In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix memory leak in In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix memory leak in rtw88_usb Kmemleak shows the following leak arising from routine in the usb probe routine: unreferenced object 0xffff895cb29bba00 (size 512): comm "(udev-worker)", pid 534, jiffies 4294903932 (age 102751.088s) hex dump (first 32 bytes): 77 30 30 30