linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53823 | — | >= 5.19.0, < 6.4.4 | 6.4.4 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: block/rq_qos: protect rq_qos apis with a new lock commit 50e34d78815e ("block: disable the elevator int del_gendisk") move rq_qos_exit() from disk_release() to del_gendisk(), this will introduce some problems: | ||
| CVE-2023-53822 | — | >= 5.6.0, < 6.1.30 | 6.1.30 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In t | ||
| CVE-2023-53821 | — | >= 3.19.0, < 4.14.324 | 4.14.324 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur w | ||
| CVE-2023-53820 | — | < 4.19.312 | 4.19.312 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the origi | ||
| CVE-2022-50679 | — | >= 5.8.0, < 5.10.152 | 5.10.152 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx | ||
| CVE-2022-50678 | — | >= 4.13.0, < 4.14.296 | 4.14.296 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi->reqs[i]->reqid. | ||
| CVE-2022-50677 | — | < 4.19.270 | 4.19.270 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line. | ||
| CVE-2022-50676 | — | >= 4.8.0, < 4.9.331 | 4.9.331 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code dupli | ||
| CVE-2022-50675 | — | >= 5.14.0, < 5.15.82 | 5.15.82 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored Prior to commit 69e3b846d8a7 ("arm64: mte: Sync tags for pages where PTE is untagged"), mte_sync_tags() was only called for pte_tagged() en | ||
| CVE-2022-50674 | — | >= 5.19.0, < 5.19.17 | 5.19.17 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Testing tools/testing/selftests/timens/vfork_exec.c got below kernel log: [ 6.838454] Unable to handle kernel access to user memory without u | ||
| CVE-2022-50673 | — | >= 4.10.0, < 4.19.270 | 4.19.270 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o | ||
| CVE-2022-50672 | — | >= 5.1.0, < 5.4.229 | 5.4.229 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while device_register() fails If device_register() fails, it has two issues: 1. The name allocated by dev_set_name() is leaked. 2. The parent of device is not NULL, device_ | ||
| CVE-2022-50671 | — | >= 4.8.0, < 4.9.331 | 4.9.331 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized. Because of creation of qp fails | ||
| CVE-2022-50670 | — | >= 2.6.29, < 5.4.229 | 5.4.229 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. | ||
| CVE-2022-50669 | — | >= 5.2.0, < 5.4.229 | 5.4.229 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() | ||
| CVE-2022-50668 | — | >= 4.6.0, < 4.19.270 | 4.19.270 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4_xattr_block_set() where we constantly keep finding xattr block for reuse in mbca | ||
| CVE-2022-50667 | — | >= 5.15.0, < 5.15.75 | 5.15.75 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the description string from userspace fails, then the page for the instance descriptor doesn't get freed before returning -EFAULT, which lea | ||
| CVE-2022-50666 | — | >= 5.3.0, < 5.15.75 | 5.15.75 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will free QP structure after successful return from siw | ||
| CVE-2022-50665 | — | >= 5.18.0, < 5.19.17 | 5.19.17 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected It has a fail log which is ath11k_dbg in ath11k_dp_rx_process_mon_status(), as below, it will not print when debug_mask is not set ATH1 | ||
| CVE-2022-50664 | — | >= 2.6.13, < 4.9.337 | 4.9.337 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw |
- CVE-2023-53823Dec 9, 2025affected >= 5.19.0, < 6.4.4fixed 6.4.4
In the Linux kernel, the following vulnerability has been resolved: block/rq_qos: protect rq_qos apis with a new lock commit 50e34d78815e ("block: disable the elevator int del_gendisk") move rq_qos_exit() from disk_release() to del_gendisk(), this will introduce some problems:
- CVE-2023-53822Dec 9, 2025affected >= 5.6.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In t
- CVE-2023-53821Dec 9, 2025affected >= 3.19.0, < 4.14.324fixed 4.14.324
In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur w
- CVE-2023-53820Dec 9, 2025affected < 4.19.312fixed 4.19.312
In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the origi
- CVE-2022-50679Dec 9, 2025affected >= 5.8.0, < 5.10.152fixed 5.10.152
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx
- CVE-2022-50678Dec 9, 2025affected >= 4.13.0, < 4.14.296fixed 4.14.296
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi->reqs[i]->reqid.
- CVE-2022-50677Dec 9, 2025affected < 4.19.270fixed 4.19.270
In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line.
- CVE-2022-50676Dec 9, 2025affected >= 4.8.0, < 4.9.331fixed 4.9.331
In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code dupli
- CVE-2022-50675Dec 9, 2025affected >= 5.14.0, < 5.15.82fixed 5.15.82
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored Prior to commit 69e3b846d8a7 ("arm64: mte: Sync tags for pages where PTE is untagged"), mte_sync_tags() was only called for pte_tagged() en
- CVE-2022-50674Dec 9, 2025affected >= 5.19.0, < 5.19.17fixed 5.19.17
In the Linux kernel, the following vulnerability has been resolved: riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Testing tools/testing/selftests/timens/vfork_exec.c got below kernel log: [ 6.838454] Unable to handle kernel access to user memory without u
- CVE-2022-50673Dec 9, 2025affected >= 4.10.0, < 4.19.270fixed 4.19.270
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o
- CVE-2022-50672Dec 9, 2025affected >= 5.1.0, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while device_register() fails If device_register() fails, it has two issues: 1. The name allocated by dev_set_name() is leaked. 2. The parent of device is not NULL, device_
- CVE-2022-50671Dec 9, 2025affected >= 4.8.0, < 4.9.331fixed 4.9.331
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized. Because of creation of qp fails
- CVE-2022-50670Dec 9, 2025affected >= 2.6.29, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2.
- CVE-2022-50669Dec 9, 2025affected >= 5.2.0, < 5.4.229fixed 5.4.229
In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register()
- CVE-2022-50668Dec 9, 2025affected >= 4.6.0, < 4.19.270fixed 4.19.270
In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4_xattr_block_set() where we constantly keep finding xattr block for reuse in mbca
- CVE-2022-50667Dec 9, 2025affected >= 5.15.0, < 5.15.75fixed 5.15.75
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the description string from userspace fails, then the page for the instance descriptor doesn't get freed before returning -EFAULT, which lea
- CVE-2022-50666Dec 9, 2025affected >= 5.3.0, < 5.15.75fixed 5.15.75
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will free QP structure after successful return from siw
- CVE-2022-50665Dec 9, 2025affected >= 5.18.0, < 5.19.17fixed 5.19.17
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected It has a fail log which is ath11k_dbg in ath11k_dp_rx_process_mon_status(), as below, it will not print when debug_mask is not set ATH1
- CVE-2022-50664Dec 9, 2025affected >= 2.6.13, < 4.9.337fixed 4.9.337
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw
Page 61 of 88