linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-50836 | — | >= 5.1.0, < 5.4.229 | 5.4.229 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will | ||
| CVE-2022-50835 | — | >= 5.10.0, < 5.10.150 | 5.10.150 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: jbd2: add miss release buffer head in fc_do_one_pass() In fc_do_one_pass() miss release buffer head after use which will lead to reference count leak. | ||
| CVE-2022-50834 | — | >= 3.13.0, < 4.14.303 | 4.14.303 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfc_get_device() take reference for the device, add missing nfc_put_device() to release it when not need anymore. Also fix the style warnning by use error EOPNOTSUPP instead of | ||
| CVE-2022-50833 | — | < 5.19.15 | 5.19.15 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [ | ||
| CVE-2022-50832 | — | >= 4.2.0, < 5.4.235 | 5.4.235 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() The wilc_mac_xmit() returns NETDEV_TX_OK without freeing skb, add dev_kfree_skb() to fix it. Compile tested only. | ||
| CVE-2022-50830 | — | >= 5.11.0, < 5.15.100 | 5.15.100 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() hd44780_probe() allocates a memory chunk for hd with kzalloc() and makes "lcd->drvdata->hd44780" point to it. When we call hd44780_remove(), we | ||
| CVE-2022-50829 | — | >= 3.0.0, < 4.9.337 | 4.9.337 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() It is possible that skb is freed in ath9k_htc_rx_msg(), then usb_submit_urb() fails and we try to free skb again. It causes use-after-free b | ||
| CVE-2022-50828 | — | >= 5.2.0, < 5.4.220 | 5.4.220 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string | ||
| CVE-2022-50827 | — | >= 5.14.0, < 5.15.76 | 5.15.76 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the | ||
| CVE-2022-50826 | — | >= 5.14.0, < 5.15.87 | 5.15.87 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose() with a subdev state of NULL leads to a NULL pointer dereference. This | ||
| CVE-2022-50825 | — | >= 5.18.0, < 6.0.16 | 6.0.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe() I got the following report while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 4, of_node_get()/of_no | ||
| CVE-2022-50824 | — | >= 4.13.0, < 4.14.303 | 4.14.303 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak In check_acpi_tpm2(), we get the TPM2 table just to make sure the table is there, not used after the init, so the acpi_put_table() should be adde | ||
| CVE-2022-50823 | — | >= 3.10.0, < 4.9.331 | 4.9.331 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() | ||
| CVE-2022-50822 | — | >= 5.10.0, < 5.15.86 | 5.15.86 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The MR restrack also needs to be released when delete it, otherwise it cause memory leak as the task struct won't be released. | ||
| CVE-2022-50821 | — | >= 3.10.0, < 4.19.270 | 4.19.270 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails | ||
| CVE-2022-50820 | — | >= 5.11.0, < 5.15.86 | 5.15.86 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init() dmc620_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuh | ||
| CVE-2022-50819 | — | >= 5.6.0, < 5.10.150 | 5.10.150 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf->sg = NULL if the creation of sg table fails When userspace tries to map the dmabuf and if for some reason (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be set to NULL. Othe | ||
| CVE-2022-50818 | — | >= 5.18.0, < 5.19.17 | 5.19.17 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@(none)$ more /sys/class/sas_phy/phy-0:0:8/target_port_protocols sata root@(none)$ echo 0 > | ||
| CVE-2022-50817 | — | >= 3.17.0, < 5.10.152 | 5.10.152 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to cal | ||
| CVE-2022-50816 | — | >= 3.7.0, < 4.14.305 | 4.14.305 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints at a bug in ip6_gre tunnel (dev:ip6gretap0) Since ipv6 mcast code makes sure to read dev->mtu once and applies a sanit |
- CVE-2022-50836Dec 30, 2025affected >= 5.1.0, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will
- CVE-2022-50835Dec 30, 2025affected >= 5.10.0, < 5.10.150fixed 5.10.150
In the Linux kernel, the following vulnerability has been resolved: jbd2: add miss release buffer head in fc_do_one_pass() In fc_do_one_pass() miss release buffer head after use which will lead to reference count leak.
- CVE-2022-50834Dec 30, 2025affected >= 3.13.0, < 4.14.303fixed 4.14.303
In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfc_get_device() take reference for the device, add missing nfc_put_device() to release it when not need anymore. Also fix the style warnning by use error EOPNOTSUPP instead of
- CVE-2022-50833Dec 30, 2025affected < 5.19.15fixed 5.19.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [
- CVE-2022-50832Dec 30, 2025affected >= 4.2.0, < 5.4.235fixed 5.4.235
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() The wilc_mac_xmit() returns NETDEV_TX_OK without freeing skb, add dev_kfree_skb() to fix it. Compile tested only.
- CVE-2022-50830Dec 30, 2025affected >= 5.11.0, < 5.15.100fixed 5.15.100
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() hd44780_probe() allocates a memory chunk for hd with kzalloc() and makes "lcd->drvdata->hd44780" point to it. When we call hd44780_remove(), we
- CVE-2022-50829Dec 30, 2025affected >= 3.0.0, < 4.9.337fixed 4.9.337
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() It is possible that skb is freed in ath9k_htc_rx_msg(), then usb_submit_urb() fails and we try to free skb again. It causes use-after-free b
- CVE-2022-50828Dec 30, 2025affected >= 5.2.0, < 5.4.220fixed 5.4.220
In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string
- CVE-2022-50827Dec 30, 2025affected >= 5.14.0, < 5.15.76fixed 5.15.76
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the
- CVE-2022-50826Dec 30, 2025affected >= 5.14.0, < 5.15.87fixed 5.15.87
In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose() with a subdev state of NULL leads to a NULL pointer dereference. This
- CVE-2022-50825Dec 30, 2025affected >= 5.18.0, < 6.0.16fixed 6.0.16
In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe() I got the following report while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 4, of_node_get()/of_no
- CVE-2022-50824Dec 30, 2025affected >= 4.13.0, < 4.14.303fixed 4.14.303
In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak In check_acpi_tpm2(), we get the TPM2 table just to make sure the table is there, not used after the init, so the acpi_put_table() should be adde
- CVE-2022-50823Dec 30, 2025affected >= 3.10.0, < 4.9.331fixed 4.9.331
In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put()
- CVE-2022-50822Dec 30, 2025affected >= 5.10.0, < 5.15.86fixed 5.15.86
In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The MR restrack also needs to be released when delete it, otherwise it cause memory leak as the task struct won't be released.
- CVE-2022-50821Dec 30, 2025affected >= 3.10.0, < 4.19.270fixed 4.19.270
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
- CVE-2022-50820Dec 30, 2025affected >= 5.11.0, < 5.15.86fixed 5.15.86
In the Linux kernel, the following vulnerability has been resolved: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init() dmc620_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuh
- CVE-2022-50819Dec 30, 2025affected >= 5.6.0, < 5.10.150fixed 5.10.150
In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf->sg = NULL if the creation of sg table fails When userspace tries to map the dmabuf and if for some reason (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be set to NULL. Othe
- CVE-2022-50818Dec 30, 2025affected >= 5.18.0, < 5.19.17fixed 5.19.17
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@(none)$ more /sys/class/sas_phy/phy-0:0:8/target_port_protocols sata root@(none)$ echo 0 >
- CVE-2022-50817Dec 30, 2025affected >= 3.17.0, < 5.10.152fixed 5.10.152
In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to cal
- CVE-2022-50816Dec 30, 2025affected >= 3.7.0, < 4.14.305fixed 4.14.305
In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints at a bug in ip6_gre tunnel (dev:ip6gretap0) Since ipv6 mcast code makes sure to read dev->mtu once and applies a sanit
Page 32 of 88