Linux Kernel vulnerabilities

CVE-2023-53514 [MEDIUM] CWE-401 CVE-2023-53514: In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0. As comment of device_add() say

CVE-2022-50434 [MEDIUM] CWE-401 CVE-2022-50434: In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak wh In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 (size 512): comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 f4

CVE-2022-50436 [MEDIUM] CVE-2022-50436: In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption k In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") extended the scope of the transaction in ext4_unlink() too far, making it include the call to ext4_find_entry(). However, ext4_find_entry() can deadlock when

CVE-2025-39928 [MEDIUM] CWE-191 CVE-2025-39928: In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data lengt In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not supported by the hardware and causes unintended or

CVE-2023-53511 [MEDIUM] CWE-401 CVE-2023-53511: In the Linux kernel, the following vulnerability has been resolved: io_uring: fix fget leak when fs In the Linux kernel, the following vulnerability has been resolved: io_uring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using io_uring doing link-cp on ocfs2. [1] Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile /mnt/ocfs2/ ./link-cp /mnt/ocfs2/testfile /mnt/oc

CVE-2023-53509 [MEDIUM] CVE-2023-53509: In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qed_mcp_tra In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qed_mcp_trace_dump() By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop that can run 500K times, so calls to qed_mcp_nvm_rd_cmd() may block the current thread for over 5s. We observed thread scheduling delays over 700ms in production, with stacktraces

CVE-2022-50439 [MEDIUM] CVE-2022-50439: In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ before we are ready to handle it. [ 2.334737] Unable to handle kernel read from unreadable memory at virtual address 00000000000001e4 [ 2.522601] Call trace: [

CVE-2025-39904 [MEDIUM] CWE-908 CVE-2025-39904: In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexec_ In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexec_buf struct in load_other_segments() Patch series "kexec: Fix invalid field access". The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is a

CVE-2022-50425 [MEDIUM] CWE-476 CVE-2022-50425: In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copy_xstate_to_uab In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from init_fpstate via copy_feature(). But, dynamic states are not present in init_fpstate because of all-zeros init

CVE-2025-39926 [MEDIUM] CVE-2025-39926: In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genl_bind() invo In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genl_bind() invoking bind() after -EPERM Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners. However, in genl_bind() the bind() callback was invoked ev

CVE-2023-53532 [MEDIUM] CWE-908 CVE-2023-53532: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitializat In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11k_ahb_fw_resources_init(), iommu domain mapping is done only for the chipsets having fixed firmware memory. Also, for such chipsets, mapping is done only if it does not have TrustZone support. During dein

CVE-2022-50430 [MEDIUM] CVE-2022-50430: In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do n In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [] sdio

CVE-2025-39892 [MEDIUM] CWE-476 CVE-2025-39892: In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirve In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked() soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver->name, then snd_soc_lookup_component_nolocked() will be NULL pointer access er

CVE-2025-39912 [MEDIUM] CVE-2025-39912: In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds befo In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsd_file immediately, it can trigger the BUG_ON(cred == current->cred) in __put_cred() when it puts the nfsd_file->nf_file->f-cred.

CVE-2023-53490 [MEDIUM] CWE-362 CVE-2023-53490: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b ("mptcp: fix possible divide by zero in recvmsg()"), the mptcp protocol is still prone to a race between disconnect() (or shutdown) and accept. The root cause is that the mentioned commit checks the msk-level flag,

CVE-2022-50463 [MEDIUM] CWE-401 CVE-2022-50463: In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fix a resource le In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fix a resource leak in an error handling path The error handling path of mpc52xx_lpbfifo_probe() has a request_irq() that is not balanced by a corresponding free_irq(). Add the missing call, as already done in the remove function.

CVE-2023-53483 [MEDIUM] CWE-476 CVE-2023-53483: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() devm_kzalloc() may fail, clk_data->name might be NULL and will cause a NULL pointer dereference later. [ rjw: Subject and changelog edits ]

CVE-2023-53489 [MEDIUM] CWE-401 CVE-2023-53489: In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported [0] memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socket(AF_INET, SOCK_DGRAM, 0) sk.setsockopt(SOL_SOCKET, SO_TIMESTAMPING, SOF_TIMESTAMP

CVE-2025-39907 [MEDIUM] CVE-2025-39907: In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: stm32_fmc2: avoid In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Avoid below overlapping mappings by using a contiguous non-cacheable buffer. [ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNI

CVE-2025-39900 [MEDIUM] CVE-2025-39900: In the Linux kernel, the following vulnerability has been resolved: net_sched: gen_estimator: fix e In the Linux kernel, the following vulnerability has been resolved: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y syzbot reported a WARNING in est_timer() [1] Problem here is that with CONFIG_PREEMPT_RT=y, timer callbacks can be preempted. Adopt preempt_disable_nested()/preempt_enable_nested() to fix this. [1] WARNING: CPU: 0 PID: 16