Linux Kernel vulnerabilities

CVE-2023-53519 [MEDIUM] CWE-667 CVE-2023-53519: In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock t In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready. kworker/u16:3: [name:report

CVE-2022-50424 [MEDIUM] CWE-401 CVE-2022-50424: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: resource le In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability() Fixed coverity issue with resource leaks at variable "fw" going out of scope leaks the storage it points to mt7921_check_offload_capability(). Addresses-Coverity-ID: 1527806 ("Resource leaks")

CVE-2023-53467 [MEDIUM] CWE-401 CVE-2023-53467: In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie() Do `kfree_skb(new)` before `goto out` to prevent potential leak.

CVE-2022-50447 [MEDIUM] CWE-476 CVE-2022-50447: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix crash In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync When attempting to connect multiple ISO sockets without using DEFER_SETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hci_create_cis_sync+0x18b/0x2b0 Read of size 2 at addr 0000000000000036 by task kworker/

CVE-2025-39909 [MEDIUM] CWE-369 CVE-2025-39909: In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which

CVE-2023-53448 [MEDIUM] CWE-617 CVE-2023-53448: In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded release_mem_region Remove unnecessary release_mem_region from the error path to prevent mem region from being released twice, which could avoid resource leak or other unexpected issues.

CVE-2025-39919 [MEDIUM] CVE-2025-39919: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: add missing In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: add missing check for rx wcid entries Non-station wcid entries must not be passed to the rx functions. In case of the global wcid entry, it could even lead to corruption in the wcid array due to pointer being casted to struct mt7996_sta_link using container_of.

CVE-2023-53474 [MEDIUM] CWE-190 CVE-2023-53474: In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for ban In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bank_map Thee maximum number of MCA banks is 64 (MAX_NR_BANKS), see a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64"). However, the bank_map which contains a bitfield of which banks to initialize is of type unsigned int and that overflo

CVE-2022-50449 [MEDIUM] CWE-401 CVE-2022-50449: In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak i In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in _samsung_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it.

CVE-2022-50458 [MEDIUM] CVE-2022-50458: In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak i In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra210_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.

CVE-2023-53451 [MEDIUM] CWE-476 CVE-2023-53451: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NU In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer.

CVE-2022-50465 [MEDIUM] CWE-401 CVE-2022-50465: In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to disk.

CVE-2022-50431 [MEDIUM] CWE-401 CVE-2022-50431: In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be fr

CVE-2023-53501 [MEDIUM] CVE-2023-53501: In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommu_v2: Fix pasid_s In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind When unbinding pasid - a race condition exists vs outstanding page faults. To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * d

CVE-2025-39898 e1000e: fix heap overflow in e1000_set_eeprom e1000e: fix heap overflow in e1000_set_eeprom In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom Fix a possible heap overflow in e1000_set_eeprom function by adding input validation for the requested length of the change in the EEPROM. In addition, change the variable type from int to size_t for better code practices and rearrange declarations to RCT.

CVE-2023-53469 af_unix: Fix null-ptr-deref in unix_stream_sendpage(). af_unix: Fix null-ptr-deref in unix_stream_sendpage(). In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Bing-Jhong Billy Jheng reported null-ptr-deref in unix_stream_sendpage() with detailed analysis and a nice repro. unix_stream_sendpage() tries to add data to the last skb in the peer's recv queue without locking the queue. If the peer's FD is pass

CVE-2022-50455 CVE-2022-50455: In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: pars In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that

CVE-2022-50450 CVE-2022-50450: In the Linux kernel, the following vulnerability has been resolved: libbpf: Use elf_getshdrnum() instead of e_shnum This commit replace e_shnum with t In the Linux kernel, the following vulnerability has been resolved: libbpf: Use elf_getshdrnum() instead of e_shnum This commit replace e_shnum with the elf_getshdrnum() helper to fix two oss-fuzz-reported heap-buffer overflow in __bpf_object__open. Both reports are incorrectly marked as fixed and while still being r

CVE-2025-39889 [MEDIUM] CWE-326 CVE-2025-39889: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encrypt In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encryption Key Size - 128 bit This tests the security key with size from 1 to 15 bytes while the Securit

CVE-2024-58241 [MEDIUM] CVE-2024-58241: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable wo In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable.