linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54170 | — | >= 5.3.0, < 5.4.253 | 5.4.253 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS query inside the kernel using dns_query(), the request code can in rare cases end up creating a duplicate index key in the assoc_ar | ||
| CVE-2023-54169 | — | >= 5.11.0, < 5.15.121 | 5.15.121 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the arr | ||
| CVE-2023-54168 | — | >= 2.6.24, < 4.19.283 | 4.19.283 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was don | ||
| CVE-2023-54167 | — | >= 5.17.0, < 6.1.20 | 6.1.20 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phys_to_virt handling after paging_init() When booting with an initial ramdisk on platforms where physical memory does not start at address zero (e.g. on Amiga): initrd: 0ef0602c - 0f | ||
| CVE-2023-54166 | — | < 5.15.124 | 5.15.124 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndo_tx_timeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening d | ||
| CVE-2023-54165 | — | >= 6.2.0, < 6.3.5 | 6.3.5 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zs_map_object() to zs_malloc() Under memory pressure, we sometimes observe the following crash: [ 5694.832838] ------------[ cut here ]------------ [ 5694.842093] list_del corrup | ||
| CVE-2023-54164 | — | < 6.1.42 | 6.1.42 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operations that check/update sk_state and access conn should hold lock_sock, otherwise | ||
| CVE-2022-50889 | — | >= 4.12.0, < 5.4.229 | 5.4.229 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dm_integrity_dtr() Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in dm_integrity_dtr(). | ||
| CVE-2022-50888 | — | >= 5.13.0, < 5.15.86 | 5.15.86 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() q6v5_wcss_init_mmio() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use res->start as | ||
| CVE-2022-50887 | — | >= 3.3.0, < 4.9.337 | 4.9.337 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - | ||
| CVE-2022-50886 | — | >= 3.19.0, < 4.9.337 | 4.9.337 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash | ||
| CVE-2022-50885 | — | >= 4.8.0, < 4.14.303 | 4.14.303 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Rea | ||
| CVE-2022-50884 | — | >= 2.6.16, < 4.9.331 | 4.9.331 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERS | ||
| CVE-2022-50883 | — | >= 5.16.0, < 6.0.16 | 6.0.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent decl_tag from being referenced in func_proto arg Syzkaller managed to hit another decl_tag issue: btf_func_proto_check kernel/bpf/btf.c:4506 [inline] btf_check_all_types kernel/bpf/btf.c:4734 | ||
| CVE-2022-50882 | — | >= 5.12.0, < 5.15.75 | 5.15.75 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvc_gpio_parse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer afte | ||
| CVE-2022-50881 | — | >= 5.8.0, < 5.10.173 | 5.10.173 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that ha | ||
| CVE-2022-50880 | — | >= 4.8.0, < 4.9.331 | 4.9.331 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdev_id and ad | ||
| CVE-2022-50879 | — | >= 4.17.0, < 5.4.229 | 5.4.229 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference. | ||
| CVE-2022-50878 | — | >= 5.10.0, < 5.10.150 | 5.10.150 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() A NULL check for bridge->encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 i | ||
| CVE-2022-50877 | — | >= 5.12.0, < 5.15.77 | 5.15.77 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908_enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a |
- CVE-2023-54170Dec 30, 2025affected >= 5.3.0, < 5.4.253fixed 5.4.253
In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS query inside the kernel using dns_query(), the request code can in rare cases end up creating a duplicate index key in the assoc_ar
- CVE-2023-54169Dec 30, 2025affected >= 5.11.0, < 5.15.121fixed 5.15.121
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the arr
- CVE-2023-54168Dec 30, 2025affected >= 2.6.24, < 4.19.283fixed 4.19.283
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was don
- CVE-2023-54167Dec 30, 2025affected >= 5.17.0, < 6.1.20fixed 6.1.20
In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phys_to_virt handling after paging_init() When booting with an initial ramdisk on platforms where physical memory does not start at address zero (e.g. on Amiga): initrd: 0ef0602c - 0f
- CVE-2023-54166Dec 30, 2025affected < 5.15.124fixed 5.15.124
In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndo_tx_timeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening d
- CVE-2023-54165Dec 30, 2025affected >= 6.2.0, < 6.3.5fixed 6.3.5
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zs_map_object() to zs_malloc() Under memory pressure, we sometimes observe the following crash: [ 5694.832838] ------------[ cut here ]------------ [ 5694.842093] list_del corrup
- CVE-2023-54164Dec 30, 2025affected < 6.1.42fixed 6.1.42
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operations that check/update sk_state and access conn should hold lock_sock, otherwise
- CVE-2022-50889Dec 30, 2025affected >= 4.12.0, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dm_integrity_dtr() Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in dm_integrity_dtr().
- CVE-2022-50888Dec 30, 2025affected >= 5.13.0, < 5.15.86fixed 5.15.86
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() q6v5_wcss_init_mmio() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use res->start as
- CVE-2022-50887Dec 30, 2025affected >= 3.3.0, < 4.9.337fixed 4.9.337
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced -
- CVE-2022-50886Dec 30, 2025affected >= 3.19.0, < 4.9.337fixed 4.9.337
In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash
- CVE-2022-50885Dec 30, 2025affected >= 4.8.0, < 4.14.303fixed 4.14.303
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Rea
- CVE-2022-50884Dec 30, 2025affected >= 2.6.16, < 4.9.331fixed 4.9.331
In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERS
- CVE-2022-50883Dec 30, 2025affected >= 5.16.0, < 6.0.16fixed 6.0.16
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent decl_tag from being referenced in func_proto arg Syzkaller managed to hit another decl_tag issue: btf_func_proto_check kernel/bpf/btf.c:4506 [inline] btf_check_all_types kernel/bpf/btf.c:4734
- CVE-2022-50882Dec 30, 2025affected >= 5.12.0, < 5.15.75fixed 5.15.75
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvc_gpio_parse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer afte
- CVE-2022-50881Dec 30, 2025affected >= 5.8.0, < 5.10.173fixed 5.10.173
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that ha
- CVE-2022-50880Dec 30, 2025affected >= 4.8.0, < 4.9.331fixed 4.9.331
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdev_id and ad
- CVE-2022-50879Dec 30, 2025affected >= 4.17.0, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference.
- CVE-2022-50878Dec 30, 2025affected >= 5.10.0, < 5.10.150fixed 5.10.150
In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() A NULL check for bridge->encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 i
- CVE-2022-50877Dec 30, 2025affected >= 5.12.0, < 5.15.77fixed 5.15.77
In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908_enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a
Page 29 of 88