Linux Kernel vulnerabilities

CVE-2022-50266 [MEDIUM] CWE-476 CVE-2022-50266: In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe en In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in kill_kprobe() In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be called always fails. This is because before that we set the KPROBE_FLAG_GONE flag for kprobe so that "!kprobe_disabled(p)" is always false. The disarm_kpro

CVE-2022-50312 [MEDIUM] CWE-401 CVE-2022-50312: In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just returning directly.

CVE-2023-53224 [MEDIUM] CWE-401 CVE-2023-53224: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mi In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4_feat_ktype With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If

CVE-2023-53191 [MEDIUM] CVE-2023-53191: In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcoun In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak.

CVE-2022-50299 [MEDIUM] CVE-2022-50299: In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnpr In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 –

CVE-2022-50304 [MEDIUM] CWE-401 CVE-2022-50304: In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resourc In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: dump_stack_lvl+0x67/0x83 sysfs_warn_dup+0x60/0x70 sysfs_create_dir_ns+0x109/0x120 kobject

CVE-2022-50294 [MEDIUM] CWE-401 CVE-2022-50294: In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released. Add free memory to processing error path.

CVE-2022-50302 [MEDIUM] CVE-2022-50302: In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field is NULL.

CVE-2023-53226 [MEDIUM] CWE-191 CVE-2023-53226: In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and inte In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet not out-of-bounds access the skb->data buffer.

CVE-2023-53177 [MEDIUM] CVE-2023-53177: In the Linux kernel, the following vulnerability has been resolved: media: hi846: fix usage of pm_r In the Linux kernel, the following vulnerability has been resolved: media: hi846: fix usage of pm_runtime_get_if_in_use() pm_runtime_get_if_in_use() does not only return nonzero values when the device is in use, it can return a negative errno too. And especially during resuming from system suspend, when runtime pm is not yet up again, -EAGAIN is being re

CVE-2022-50288 [MEDIUM] CWE-416 CVE-2022-50288: In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the

CVE-2022-50292 [MEDIUM] CVE-2022-50292: In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the a

CVE-2023-53175 [MEDIUM] CVE-2023-53175: In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix a crash in hv_pci_ In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation When a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI device driver is not loaded yet (i.e. MSI-X/MSI is not enabled on the device yet), doing a VM hibernation triggers a panic in hv_pci_restore_msi_msg(

CVE-2023-53180 [MEDIUM] CWE-476 CVE-2023-53180: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointe In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup Currently 'ar' reference is not added in skb_cb. Though this is generally not used during transmit completion callbacks, on interface removal the remaining idr cleanup callback uses the ar pointer from skb_

CVE-2023-53243 [MEDIUM] CVE-2023-53243: In the Linux kernel, the following vulnerability has been resolved: btrfs: add handling for RAID1C2 In the Linux kernel, the following vulnerability has been resolved: btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile Callers of `btrfs_reduce_alloc_profile` expect it to return exactly one allocation profile flag, and failing to do so may ultimately result in a WARN_ON and remount-ro when allocating new blocks, like the below transaction

CVE-2022-50244 [MEDIUM] CWE-476 CVE-2022-50244: In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-dere In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As

CVE-2023-53231 [MEDIUM] CVE-2023-53231: In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as z_erofs_decompressqueue_endio can be called under rcu lock from blk_mq_flush_plug_list(). See the stacktrace [1] In such case we should hand off the decompression work for async processing rather

CVE-2025-39800 [MEDIUM] CVE-2025-39800: In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on une In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected

CVE-2022-50295 [MEDIUM] CWE-476 CVE-2022-50295: In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: Fix NULL poi In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() Syzkaller produced the below call trace: BUG: KASAN: null-ptr-deref in io_msg_ring+0x3cb/0x9f0 Write of size 8 at addr 0000000000000070 by task repro/16399 CPU: 0 PID: 16399 Comm: repro Not tainted 6.1.0-rc1 #28

CVE-2023-53207 [MEDIUM] CVE-2023-53207: In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be triggered.