5.5
CVE-2022-50172 - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine.
5.5
CVE-2022-50167 - bpf: fix potential 32-bit overflow when accessing ARRAY map element
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit mulβ¦
5.5
CVE-2022-50133 - usb: xhci_plat_remove: avoid NULL dereference
In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no ports") xhci->shared_hcd can be NULL, which causes the followinβ¦
5.5
CVE-2022-50132 - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enabβ¦
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic.β¦
5.5
CVE-2022-50121 - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. When breaking early from a for_each_available_child_of_node(β¦
7.8
CVE-2022-50163 - ax25: fix incorrect dev_tracker usage
In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect dev_tracker usage While investigating a separate rose issue [1], and enabling CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2] An ax25_dev can be used by one (or many) struct ax2β¦
7.8
CVE-2022-50051 - ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unβ¦
4.7
CVE-2025-38028 - NFS/localio: Fix a race in nfs_local_open_fh()
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the struct nfsd_file that was just added. To prevent that from happening, take the RCU read lock beforβ¦
5.5
CVE-2025-38021 - drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe") that addresses a null pointer derefβ¦
5.5
CVE-2022-49965 - drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced.