5.5
CVE-2022-50486 - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure thβ¦
5.5
CVE-2022-50484 - ALSA: usb-audio: Fix potential memory leaks
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at tβ¦
7.8
CVE-2025-39951 - um: virtio_uml: Fix use-after-free after put_device in probe
In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_probe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead toβ¦
7.8
CVE-2025-39945 - cnic: Fix use-after-free bugs in cnic_delete_task
In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already ruβ¦
5.5
CVE-2025-39934 - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpc_client device, β¦
5.5
CVE-2025-39949 - qed: Don't collect too many protection override GRC elements
In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previously-kmalloc'ed dumpβ¦
7.0
CVE-2022-50487 - kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2025-39936 - crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked()
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() When 9770b428b1a2 ("crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown") moved the error messages dumping so that they don'β¦
7.1
CVE-2022-50478 - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remainiβ¦
5.5
CVE-2025-39947 - net/mlx5e: Harden uplink netdev access against device unbind
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5_uplink_netdev_get() gets the uplink netdevice pointer from mdev->mlx5e_res.uplink_netdev. However, the netdevice can be removed and its pointer cleareβ¦