Linux Kernel vulnerabilities

CVE-2023-53266 [MEDIUM] CWE-401 CVE-2023-53266: In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memor In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version and conduit checks fail and -EOPNOTSUPP is returned without freeing the allocated memory. Fix the same by moving the allocation after the SMCCC version and conduit

CVE-2025-39820 [MEDIUM] CWE-476 CVE-2025-39820: In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add a null ptr che In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add a null ptr check for dpu_encoder_needs_modeset The drm_atomic_get_new_connector_state() can return NULL if the connector is not part of the atomic state. Add a check to prevent a NULL pointer dereference. This follows the same pattern used in dpu_encoder_update_t

CVE-2023-53306 [MEDIUM] CVE-2023-53306: In the Linux kernel, the following vulnerability has been resolved: fsdax: force clear dirty mark i In the Linux kernel, the following vulnerability has been resolved: fsdax: force clear dirty mark if CoW XFS allows CoW on non-shared extents to combat fragmentation[1]. The old non-shared extent could be mwrited before, its dax entry is marked dirty. This results in a WARNing: [ 28.512349] ------------[ cut here ]------------ [ 28.512622] WARNING: CPU:

CVE-2025-39834 [MEDIUM] CWE-401 CVE-2025-39834: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow When an invalid stc_type is provided, the function allocates memory for shared_stc but jumps to unlock_and_out without freeing it, causing a memory leak. Fix by jumping to free_shared_stc label instead to e

CVE-2023-53310 [MEDIUM] CWE-362 CVE-2023-53310: In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gaug In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_su

CVE-2022-50347 [MEDIUM] CWE-476 CVE-2022-50347: In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So f

CVE-2023-53264 [MEDIUM] CWE-401 CVE-2023-53264: In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix me In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc() will leak, but using devm_kzalloc() instead will automatically free t

CVE-2023-53323 [MEDIUM] CWE-617 CVE-2023-53323: In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2_setsize when In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2_setsize when len is page aligned PAGE_ALIGN(x) macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in dax_zero_range() function, that means the length gets passed as 0

CVE-2025-39814 [MEDIUM] CWE-476 CVE-2025-39814: In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereferen In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA's non-existent auxbus device: echo 1 > /sys/class/net//device/reset BUG: kernel NULL pointer de

CVE-2023-53280 [MEDIUM] CWE-476 CVE-2023-53280: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nv In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up gets called for uninitialized wait queue sp->nvme_ls_waitq. qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0 qla2

CVE-2023-53295 [MEDIUM] CVE-2023-53295: In the Linux kernel, the following vulnerability has been resolved: udf: Do not update file length In the Linux kernel, the following vulnerability has been resolved: udf: Do not update file length for failed writes to inline files When write to inline file fails (or happens only partly), we still updated length of inline data as if the whole write succeeded. Fix the update of length of inline data to happen only if the write succeeds.

CVE-2025-39812 [MEDIUM] CWE-908 CVE-2025-39812: In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctp_v6_cmp_addr

CVE-2025-39830 [MEDIUM] CWE-401 CVE-2025-39830: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path In the error path of hws_pool_buddy_init(), the buddy allocator cleanup doesn't free the allocator structure itself, causing a memory leak. Add the missing kfree() to properly release all allocated memory.

CVE-2022-50341 [MEDIUM] CVE-2022-50341: In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryptio In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, F

CVE-2022-50344 [MEDIUM] CWE-476 CVE-2022-50344: In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dqu

CVE-2023-53330 [MEDIUM] CWE-401 CVE-2023-53330: In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrl In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrl_linkup_request() When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path.

CVE-2025-39822 [MEDIUM] CVE-2025-39822: In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness i In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: fix signedness in this_len calculation When importing and using buffers, buf->len is considered unsigned. However, buf->len is converted to signed int when committing. This can lead to unexpected behavior if the buffer is large enough to be interpreted as a negative value.

CVE-2023-53298 [MEDIUM] CWE-401 CVE-2023-53298: In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io c In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and supposed to be eventually freed in se_io_cb callback function. However, there are several error paths

CVE-2023-53288 [MEDIUM] CWE-401 CVE-2023-53288: In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_modeset_probe When a new mode is set to modeset->mode, the previous mode should be freed. This fixes the following kmemleak report: drm_mode_duplicate+0x45/0x220 [drm] drm_client_modeset_probe+0x944/0xf50 [drm] __drm_fb_helper_initial_conf

CVE-2023-53326 [MEDIUM] CWE-476 CVE-2023-53326: In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly done for other archs. This is fine, except when PF_IO_WORKER's have been created and the task does