Red Hat Security Advisory: kernel security, bug fix, and enhancement update

CVE-2021-26341 — hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch CVE-2021-33631 — kernel: ext4: kernel bug in ext4_write_inline_data_end() CVE-2021-33655 — kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory CVE-2021-47393 — kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs CVE-2021-47441 — kernel: mlxsw: thermal: Fix out-of-bounds memory accesses CVE-2021-47560 — kernel: mlxsw: spectrum: Protect driver from buggy firmware CVE-2021-47592 — kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering CVE-2021-47671 — kernel: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path CVE-2022-1462 — kernel: possible race condition in drivers/tty/tty_buffers.c CVE-2022-1789 — kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva CVE-2022-1882 — kernel: use-after-free in free_pipe_info() could lead to privilege escalation CVE-2022-2196 — kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks CVE-2022-2663 — kernel: netfilter: nf_conntrack_irc message handling issue CVE-2022-3028 — kernel: race condition in xfrm_probe_algs can lead to OOB read/write CVE-2022-3435 — kernel: out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c CVE-2022-3522 — kernel: race condition in hugetlb_no_page() in mm/hugetlb.c CVE-2022-3524 — kernel: memory leak in ipv6_renew_options() CVE-2022-3566 — kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt CVE-2022-3567 — kernel: data races around sk->sk_prot CVE-2022-3619 — kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c CVE-2022-3623 — kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry CVE-2022-3625 — kernel: use-after-free after failed devlink reload in devlink_param_get CVE-2022-3628 — kernel: USB-accessible buffer overflow in brcmfmac CVE-2022-3640 — kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c CVE-2022-3707 — kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed CVE-2022-4128 — kernel: mptcp: NULL pointer dereference in subflow traversal at disconnect time CVE-2022-4129 — kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference CVE-2022-4662 — kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock CVE-2022-20141 — kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets CVE-2022-21505 — kernel: lockdown bypass using IMA CVE-2022-28388 — kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c CVE-2022-33743 — kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405) CVE-2022-36280 — kernel: vmwgfx: out-of-bounds write in vmw_kms_cursor_snoop CVE-2022-36879 — kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice CVE-2022-39188 — kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry CVE-2022-39189 — kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning CVE-2022-41674 — kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() CVE-2022-42703 — kernel: use-after-free related to leaf anon_vma double reuse CVE-2022-42720 — kernel: use-after-free in bss_ref_get in net/wireless/scan.c CVE-2022-42721 — kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c CVE-2022-42722 — kernel: Denial of service in beacon protection for P2P-device CVE-2022-42896 — kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c CVE-2022-43750 — kernel: memory corruption in usbmon driver CVE-2022-47929 — kernel: NULL pointer dereference in traffic control subsystem CVE-2022-48695 — kernel: scsi: mpt3sas: Fix use-after-free warning CVE-2022-48696 — kernel: regmap: spi: Reserve space for register address/padding CVE-2022-48701 — kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug CVE-2022-48883 — kernel: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent CVE-2022-48884 — kernel: net/mlx5: Fix command stats access after free CVE-2022-48885 — kernel: ice: Fix potential memory leak in ice_gnss_tty_write() CVE-2022-48915 — kernel: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference CVE-2022-48934 — kernel: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() CVE-2022-48939 — kernel: bpf: Add schedule points in batch ops CVE-2022-48942 — kernel: hwmon: Handle failure to register sensor with thermal zone correctly CVE-2022-48974 — kernel: netfilter: conntrack: fix using __this_cpu_add in preemptible CVE-2022-48976 — kernel: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible CVE-2022-48978 — kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event CVE-2022-48992 — kernel: ASoC: soc-pcm: Add NULL check in BE reparenting CVE-2022-49010 — kernel: hwmon: (coretemp) Check for null before removing sysfs attrs CVE-2022-49022 — kernel: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration CVE-2022-49049 — kernel: mm/secretmem: fix panic when growing a memfd_secret CVE-2022-49058 — kernel: cifs: potential buffer overflow in handling symlinks CVE-2022-49070 — kernel: fbdev: Fix unregistering of framebuffers without device CVE-2022-49072 — kernel: gpio: Restrict usage of GPIO chip irq members before initialization CVE-2022-49080 — kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace CVE-2022-49081 — kernel: highmem: fix checks in _kmap_local_sched{in,out} CVE-2022-49087 — kernel: rxrpc: fix a race in rxrpc_exit_net() CVE-2022-49097 — kernel: NFS: Avoid writeback threads getting stuck in mempool_alloc() CVE-2022-49111 — kernel: Bluetooth: Fix use after free in hci_send_acl CVE-2022-49114 — kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp() CVE-2022-49116 — kernel: Bluetooth: use memset avoid memory leaks CVE-2022-49136 — kernel: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set CVE-2022-49204 — kernel: bpf, sockmap: Fix more uncharged while msg has more_data CVE-2022-49205 — kernel: bpf, sockmap: Fix double uncharge the mem of sk_msg CVE-2022-49207 — kernel: bpf, sockmap: Fix memleak in sk_psock_queue_msg CVE-2022-49214 — kernel: powerpc/64s: Don't use DSISR for SLB faults CVE-2022-49223 — kernel: cxl/port: Hold port reference until decoder release CVE-2022-49236 — kernel: bpf: Fix UAF due to race between btf_try_get_module and load_module CVE-2022-49275 — kernel: can: m_can: m_can_tx_handler(): fix use after free of skb CVE-2022-49283 — kernel: firmware: sysfb: fix platform-device leak in error path CVE-2022-49294 — kernel: drm/amd/display: Check if modulo is 0 before dividing. CVE-2022-49319 — kernel: iommu/arm-smmu-v3: check return value after calling platform_get_resource() CVE-2022-49323 — kernel: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() CVE-2022-49328 — kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49333 — kernel: net/mlx5: E-Switch, pair only capable devices CVE-2022-49345 — kernel: net: xfrm: unexport __init-annotated xfrm4_protocol_init() CVE-2022-49356 — kernel: SUNRPC: Trap RDMA segment overflows CVE-2022-49362 — kernel: NFSD: Fix potential use-after-free in nfsd_file_put() CVE-2022-49365 — kernel: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() CVE-2022-49371 — kernel: driver core: fix deadlock in __device_attach CVE-2022-49372 — kernel: tcp: tcp_rtx_synack() can be called from process context CVE-2022-49376 — kernel: scsi: sd: Fix potential NULL pointer dereference CVE-2022-49379 — kernel: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction CVE-2022-49401 — kernel: mm/page_owner: use strscpy() instead of strlcpy() CVE-2022-49416 — kernel: wifi: mac80211: fix use-after-free in chanctx code CVE-2022-49429 — kernel: RDMA/hfi1: Prevent panic when SDMA is disabled CVE-2022-49434 — kernel: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() CVE-2022-49442 — kernel: drivers/base/node.c: fix compaction sysfs file leak CVE-2022-49451 — kernel: firmware: arm_scmi: Fix list protocols enumeration in the base protocol CVE-2022-49471 — kernel: rtw89: cfo: check mac_id to avoid out-of-bounds CVE-2022-49492 — kernel: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags CVE-2022-49511 — kernel: fbdev: defio: fix the pagelist corruption CVE-2022-49513 — kernel: cpufreq: governor: Use kobject release() method to free dbs_data CVE-2022-49519 — kernel: Linux kernel (ath10k): Double free vulnerability during suspend/resume CVE-2022-49520 — kernel: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall CVE-2022-49539 — kernel: rtw89: ser: fix CAM leaks occurring in L2 reset CVE-2022-49541 — kernel: cifs: fix potential double free during failed mount CVE-2022-49548 — kernel: bpf: Fix potential array overflow in bpf_trampoline_get_progs() CVE-2022-49552 — kernel: bpf: Fix combination of jit blinding and pointers to bpf subprogs. CVE-2022-49562 — kernel: KVM: x86: Use _try_cmpxchg_user() to update guest PTE A/D bits CVE-2022-49565 — kernel: perf/x86/intel/lbr: Fix unchecked MSR access error on HSW CVE-2022-49572 — kernel: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. CVE-2022-49573 — kernel: tcp: Fix a data-race around sysctl_tcp_early_retrans. CVE-2022-49574 — kernel: tcp: Fix data-races around sysctl_tcp_recovery. CVE-2022-49575 — kernel: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. CVE-2022-49577 — kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept. CVE-2022-49578 — kernel: ip: Fix data-races around sysctl_ip_prot_sock. CVE-2022-49579 — kernel: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. CVE-2022-49580 — kernel: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. CVE-2022-49583 — kernel: iavf: Fix handling of dummy receive descriptors CVE-2022-49585 — kernel: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. CVE-2022-49586 — kernel: tcp: Fix data-races around sysctl_tcp_fastopen. CVE-2022-49587 — kernel: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. CVE-2022-49588 — kernel: tcp: Fix data-races around sysctl_tcp_migrate_req. CVE-2022-49589 — kernel: igmp: Fix data-races around sysctl_igmp_qrv. CVE-2022-49590 — kernel: igmp: Fix data-races around sysctl_igmp_llm_reports. CVE-2022-49592 — kernel: net: stmmac: fix dma queue left shift overflow issue CVE-2022-49593 — kernel: tcp: Fix a data-race around sysctl_tcp_probe_interval. CVE-2022-49594 — kernel: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. CVE-2022-49595 — kernel: tcp: Fix a data-race around sysctl_tcp_probe_threshold. CVE-2022-49596 — kernel: tcp: Fix data-races around sysctl_tcp_min_snd_mss. CVE-2022-49598 — kernel: tcp: Fix data-races around sysctl_tcp_mtu_probing. CVE-2022-49599 — kernel: tcp: Fix data-races around sysctl_tcp_l3mdev_accept. CVE-2022-49600 — kernel: ip: Fix a data-race around sysctl_ip_autobind_reuse. CVE-2022-49601 — kernel: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. CVE-2022-49602 — kernel: ip: Fix a data-race around sysctl_fwmark_reflect. CVE-2022-49603 — kernel: ip: Fix data-races around sysctl_ip_fwd_update_priority. CVE-2022-49604 — kernel: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. CVE-2022-49612 — kernel: power: supply: core: Fix boundary conditions in interpolation CVE-2022-49629 — kernel: nexthop: Fix data-races around nexthop_compat_mode. CVE-2022-49630 — kernel: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. CVE-2022-49631 — kernel: raw: Fix a data-race around sysctl_raw_l3mdev_accept. CVE-2022-49632 — kernel: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. CVE-2022-49634 — kernel: sysctl: Fix data-races in proc_dou8vec_minmax(). CVE-2022-49636 — kernel: vlan: fix memory leak in vlan_newlink() CVE-2022-49637 — kernel: ipv4: Fix a data-race around sysctl_fib_sync_mem. CVE-2022-49638 — kernel: icmp: Fix data-races around sysctl. CVE-2022-49639 — kernel: cipso: Fix data-races around sysctl. CVE-2022-49641 — kernel: sysctl: Fix data races in proc_douintvec(). CVE-2022-49642 — kernel: net: stmmac: dwc-qos: Disable split header for Tegra194 CVE-2022-49644 — kernel: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() CVE-2022-49646 — kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces CVE-2022-49647 — kernel: cgroup: Use separate src/dst nodes when preloading css_sets for migration CVE-2022-49651 — kernel: srcu: Tighten cleanup_srcu_struct() GP checks CVE-2022-49655 — kernel: fscache: Fix invalidation/lookup race CVE-2022-49659 — kernel: can: m_can: m_can{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits CVE-2022-49666 — kernel: powerpc/memhotplug: Add add_pages override for PPC CVE-2022-49688 — kernel: afs: Fix dynamic root getattr CVE-2022-49700 — kernel: mm/slub: add missing TID updates on slab deactivation CVE-2022-49723 — kernel: drm/i915/reset: Fix error_state_read ptr + offset use CVE-2022-49726 — kernel: clocksource: hyper-v: unexport _init-annotated hv_init_clocksource() CVE-2022-49739 — kernel: gfs2: Always check inode size of inline inodes CVE-2022-49753 — kernel: dmaengine: Fix double increment of client_count in dma_chan_get() CVE-2022-49848 — kernel: phy: qcom-qmp-combo: fix NULL-deref on runtime resume CVE-2022-49853 — kernel: net: macvlan: fix memory leaks of macvlan_common_newlink CVE-2022-49862 — kernel: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header CVE-2022-49872 — kernel: net: gso: fix panic on frag_list with mixed head alloc types CVE-2022-49902 — kernel: block: Fix possible memory leak for rq_wb on add_disk failure CVE-2022-49903 — kernel: ipv6: fix WARNING in ip6_route_net_exit_late() CVE-2022-49908 — kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write CVE-2022-49911 — kernel: netfilter: ipset: enforce documented limit to prevent allocating huge memory CVE-2022-49920 — kernel: netfilter: nf_tables: netlink notifier might race to release objects CVE-2022-49925 — kernel: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() CVE-2022-49934 — kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx() CVE-2022-49935 — kernel: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49936 — kernel: USB: core: Prevent nested device-reset calls CVE-2022-49942 — kernel: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected CVE-2022-49943 — kernel: USB: gadget: Fix obscure lockdep violation for udc_mutex CVE-2022-49944 — kernel: Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" CVE-2022-49951 — kernel: firmware_loader: Fix use-after-free during unregister CVE-2022-49958 — kernel: net/sched: fix netdevice reference leaks in attach_default_qdiscs() CVE-2022-49959 — kernel: openvswitch: fix memory leak at failed datapath creation CVE-2022-49960 — kernel: drm/i915: fix null pointer dereference CVE-2022-49961 — kernel: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO CVE-2022-49962 — kernel: xhci: Fix null pointer dereference in remove if xHC has only one roothub CVE-2022-49964 — kernel: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level CVE-2022-49965 — kernel: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics CVE-2022-49966 — kernel: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid CVE-2022-49967 — kernel: bpf: Fix a data-race around bpf_jit_limit. CVE-2022-49969 — kernel: drm/amd/display: clear optc underflow before turn off odm clock CVE-2022-49970 — kernel: bpf, cgroup: Fix kernel BUG in purge_effective_progs CVE-2022-49971 — kernel: drm/amd/pm: Fix a potential gpu_metrics_table memory leak CVE-2022-49973 — kernel: skmsg: Fix wrong last sg check in sk_msg_recvmsg() CVE-2022-49974 — kernel: HID: nintendo: fix rumble worker null pointer deref CVE-2022-49979 — kernel: net: fix refcount bug in sk_psock_get (2) CVE-2022-49980 — kernel: USB: gadget: Fix use-after-free Read in usb_udc_uevent() CVE-2022-49981 — kernel: HID: hidraw: fix memory leak in hidraw_release() CVE-2022-49982 — kernel: media: pvrusb2: fix memory leak in pvr_probe CVE-2022-49983 — kernel: udmabuf: Set the DMA mask for the udmabuf device (v2) CVE-2022-49984 — kernel: HID: steam: Prevent NULL pointer dereference in steam{recv,send}_report CVE-2022-49985 — kernel: bpf: Don't use tnum_range on array range checking for poke descriptors CVE-2022-49986 — kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq CVE-2022-49990 — kernel: s390: fix double free of GS and RI CBs on fork() failure CVE-2022-49991 — kernel: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte CVE-2022-49992 — kernel: mm/mprotect: only reference swap pfn page if type match CVE-2022-49993 — kernel: loop: Check for overflow while configuring loop CVE-2022-49994 — kernel: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem CVE-2022-49995 — kernel: writeback: avoid use-after-free after removing device CVE-2022-49998 — kernel: rxrpc: Fix locking in rxrpc's sendmsg CVE-2022-50002 — kernel: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY CVE-2022-50003 — kernel: ice: xsk: prohibit usage of non-balanced queue id CVE-2022-50006 — kernel: NFSv4.2 fix problems with __nfs42_ssc_open CVE-2022-50007 — kernel: xfrm: fix refcount leak in __xfrm_policy_check() CVE-2022-50014 — kernel: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW CVE-2022-50015 — kernel: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot CVE-2022-50016 — kernel: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot CVE-2022-50020 — kernel: ext4: avoid resizing to a partial cluster size CVE-2022-50021 — kernel: ext4: block range must be validated before use in ext4_mb_clear_bb() CVE-2022-50022 — kernel: drivers:md:fix a potential use-after-free bug CVE-2022-50028 — kernel: gadgetfs: ep_io - wait until IRQ finishes CVE-2022-50029 — kernel: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src CVE-2022-50032 — kernel: usb: renesas: Fix refcount leak bug CVE-2022-50033 — kernel: usb: host: ohci-ppc-of: Fix refcount leak bug CVE-2022-50034 — kernel: usb: cdns3 fix use-after-free at workaround 2 CVE-2022-50035 — kernel: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex CVE-2022-50037 — kernel: drm/i915/ttm: don't leak the ccs state CVE-2022-50039 — kernel: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() CVE-2022-50041 — kernel: ice: Fix call trace with null VSI during VF reset CVE-2022-50044 — kernel: net: qrtr: start MHI channel after endpoit creation CVE-2022-50046 — kernel: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() CVE-2022-50049 — kernel: ASoC: DPCM: Don't pick up BE without substream CVE-2022-50050 — kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() CVE-2022-50051 — kernel: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() CVE-2022-50052 — kernel: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() CVE-2022-50053 — kernel: iavf: Fix reset error handling CVE-2022-50054 — kernel: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings CVE-2022-50055 — kernel: iavf: Fix adminq error handling CVE-2022-50058 — kernel: vdpa_sim_blk: set number of address spaces and virtqueue groups CVE-2022-50068 — kernel: drm/ttm: Fix dummy res NULL ptr deref bug CVE-2022-50069 — kernel: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() CVE-2022-50070 — kernel: mptcp: do not queue data on closed subflows CVE-2022-50079 — kernel: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 CVE-2022-50081 — kernel: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM CVE-2022-50083 — kernel: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h CVE-2022-50086 — kernel: block: don't allow the same type rq_qos add more than once CVE-2022-50088 — kernel: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() CVE-2022-50093 — kernel: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) CVE-2022-50100 — kernel: sched/core: Do not requeue task on CPU excluded from cpus_mask CVE-2022-50111 — kernel: ASoC: mt6359: Fix refcount leak bug CVE-2022-50113 — kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() CVE-2022-50120 — kernel: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init CVE-2022-50122 — kernel: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe CVE-2022-50123 — kernel: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe CVE-2022-50124 — kernel: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe CVE-2022-50125 — kernel: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe CVE-2022-50126 — kernel: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted CVE-2022-50129 — kernel: RDMA/srpt: Fix a use-after-free CVE-2022-50131 — kernel: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() CVE-2022-50132 — kernel: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() CVE-2022-50133 — kernel: usb: xhci_plat_remove: avoid NULL dereference CVE-2022-50136 — kernel: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event CVE-2022-50137 — kernel: RDMA/irdma: Fix a window for use-after-free CVE-2022-50138 — kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() CVE-2022-50139 — kernel: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() CVE-2022-50146 — kernel: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors CVE-2022-50147 — kernel: mm/mempolicy: fix get_nodes out of bound access CVE-2022-50148 — kernel: kernfs: fix potential NULL dereference in __kernfs_remove CVE-2022-50149 — kernel: driver core: fix potential deadlock in __driver_attach CVE-2022-50151 — kernel: usb: cdns3: fix random warning message when driver load CVE-2022-50152 — kernel: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe CVE-2022-50153 — kernel: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe CVE-2022-50154 — kernel: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() CVE-2022-50156 — kernel: HID: cp2112: prevent a buffer overflow in cp2112_xfer() CVE-2022-50157 — kernel: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() CVE-2022-50164 — kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue CVE-2022-50166 — kernel: Bluetooth: When HCI work queue is drained, only queue chained work CVE-2022-50168 — kernel: bpf, x86: fix freeing of not-finalized bpf_prog_pack CVE-2022-50172 — kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg CVE-2022-50181 — kernel: virtio-gpu: fix a missing check to avoid NULL dereference CVE-2022-50185 — kernel: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() CVE-2022-50189 — kernel: tools/power turbostat: Fix file pointer leak CVE-2022-50190 — kernel: spi: Fix simplification of devm_spi_register_controller CVE-2022-50194 — kernel: soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register CVE-2022-50196 — kernel: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem CVE-2022-50206 — kernel: arm64: fix oops in concurrently setting insn_emulation sysctls CVE-2022-50211 — kernel: md-raid10: fix KASAN warning CVE-2022-50215 — kernel: scsi: sg: Allow waiting for commands to complete on removed device CVE-2022-50219 — kernel: bpf: Fix KASAN use-after-free Read in compute_effective_progs CVE-2022-50221 — kernel: drm/fb-helper: Fix out-of-bounds access CVE-2022-50224 — kernel: Linux kernel KVM: Denial of Service via incorrect NX bit handling in NPT CVE-2022-50226 — kernel: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak CVE-2022-50227 — kernel: KVM: x86/xen: Initialize Xen timer only once CVE-2022-50228 — kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 CVE-2022-50229 — kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing CVE-2022-50235 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READDIR CVE-2022-50241 — kernel: NFSD: fix use-after-free on source server when doing inter-server copy CVE-2022-50243 — kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key CVE-2022-50263 — kernel: vdpasim: fix memory leak when freeing IOTLBs CVE-2022-50271 — kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock CVE-2022-50285 — kernel: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages CVE-2022-50299 — kernel: md: Replace snprintf with scnprintf CVE-2022-50302 — kernel: Linux kernel lockd: Denial of Service via uninitialized file lock field in NFSv3 CVE-2022-50306 — kernel: ext4: fix potential out of bound read in ext4_fc_replay_scan() CVE-2022-50308 — kernel: ASoC: qcom: Add checks for devm_kcalloc CVE-2022-50318 — kernel: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() CVE-2022-50325 — kernel: ASoC: Intel: avs: Fix potential RX buffer overflow CVE-2022-50326 — kernel: media: airspy: fix memory leak in airspy probe CVE-2022-50344 — kernel: ext4: fix null-ptr-deref in ext4_write_info CVE-2022-50348 — kernel: nfsd: Fix a memory leak in an error handling path CVE-2022-50350 — kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread CVE-2022-50363 — kernel: skmsg: pass gfp argument to alloc_sk_msg() CVE-2022-50381 — kernel: md: fix a crash in mempool_free CVE-2022-50385 — kernel: NFS: Fix an Oops in nfs_d_automount() CVE-2022-50388 — kernel: nvme: fix multipath crash caused by flush request when blktrace is enabled CVE-2022-50392 — kernel: Linux kernel: Denial of Service in ASoC Mediatek due to refcount leak CVE-2022-50396 — kernel: net: sched: fix memory leak in tcindex_set_parms CVE-2022-50402 — kernel: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() CVE-2022-50403 — kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values CVE-2022-50405 — kernel: net/tunnel: wait until all sk_user_data reader finish before releasing the sock CVE-2022-50408 — kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() CVE-2022-50410 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50418 — kernel: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() CVE-2022-50425 — kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly CVE-2022-50427 — kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() CVE-2022-50431 — kernel: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() CVE-2022-50436 — kernel: ext4: don't set up encryption key during jbd2 transaction CVE-2022-50439 — kernel: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready CVE-2022-50445 — kernel: xfrm: Reinject transport-mode packets through workqueue CVE-2022-50452 — kernel: net: sched: cake: fix null pointer access issue when cake_init() fails CVE-2022-50459 — kernel: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() CVE-2022-50465 — kernel: Linux kernel ext4: Information Disclosure via uninitialized memory leak in fast-commit journal CVE-2022-50467 — kernel: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID CVE-2022-50484 — kernel: ALSA: usb-audio: Fix potential memory leaks CVE-2022-50487 — kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR CVE-2022-50496 — kernel: dm cache: Fix UAF in destroy() CVE-2022-50506 — kernel: drbd: only clone bio if we have a backing device CVE-2022-50512 — kernel: ext4: fix potential memory leak in ext4_fc_record_regions() CVE-2022-50516 — kernel: fs: dlm: fix invalid derefence of sb_lvbptr CVE-2022-50530 — kernel: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() CVE-2022-50531 — kernel: Linux kernel (TIPC): Information disclosure via uninitialized memory in tipc_topsrv_kern_subscr CVE-2022-50534 — kernel: dm thin: Use last transaction's pmd->root when commit failed CVE-2022-50546 — kernel: ext4: fix uninititialized value in 'ext4_evict_inode' CVE-2022-50549 — kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata CVE-2022-50554 — kernel: blk-mq: avoid double ->queue_rq() because of early timeout CVE-2022-50555 — kernel: tipc: fix a null-ptr-deref in tipc_topsrv_accept CVE-2022-50563 — kernel: dm thin: Fix UAF in run_timer_softirq() CVE-2022-50569 — kernel: xfrm: Update ipcomp_scratches with NULL when freed CVE-2022-50580 — kernel: blk-throttle: prevent overflow while calculating wait time CVE-2022-50583 — kernel: md/raid0, raid10: Don't set discard sectors for request queue CVE-2022-50615 — kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() CVE-2022-50622 — kernel: Linux kernel (ext4): Memory leak due to improper handling of krealloc failure CVE-2022-50635 — kernel: powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() CVE-2022-50668 — kernel: ext4: fix deadlock due to mbcache entry corruption CVE-2022-50678 — kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level CVE-2022-50679 — kernel: i40e: Fix DMA mappings leak CVE-2022-50698 — kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() CVE-2022-50702 — kernel: Linux kernel: Memory leak in vdpa_sim leading to denial of service CVE-2022-50703 — kernel: Kernel: Denial of Service via refcount leak in qcom_smsm_probe() CVE-2022-50714 — kernel: Linux kernel: Denial of Service in mt7921e driver during module unload CVE-2022-50715 — kernel: md/raid1: stop mdx_raid1 thread when raid1 array run failed CVE-2022-50717 — kernel: nvmet-tcp: add bounds check on Transfer Tag CVE-2022-50723 — kernel: Kernel: Denial of Service via memory leak in bnxt_nvm_test() CVE-2022-50726 — kernel: net/mlx5: Fix possible use-after-free in async command interface CVE-2022-50730 — kernel: ext4: silence the warning when evicting inode with dioread_nolock CVE-2022-50738 — kernel: Linux kernel: vhost-vdpa memory leak leading to Denial of Service CVE-2022-50744 — kernel: Linux kernel: Hard lockup in lpfc driver leads to Denial of Service CVE-2022-50752 — kernel: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() CVE-2022-50768 — kernel: scsi: smartpqi: Correct device removal for multi-actuator devices CVE-2022-50773 — kernel: Linux kernel ALSA mts64 module: Denial of Service via null pointer dereference CVE-2022-50778 — kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL CVE-2022-50783 — kernel: mptcp: use proper req destructor for IPv6 CVE-2022-50816 — kernel: ipv6: ensure sane device mtu in tunnels CVE-2022-50833 — kernel: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works CVE-2022-50835 — kernel: jbd2: add miss release buffer head in fc_do_one_pass() CVE-2022-50839 — kernel: jbd2: fix potential buffer head reference count leak CVE-2022-50843 — kernel: dm clone: Fix UAF in clone_dtr() CVE-2022-50855 — kernel: bpf: prevent leak of lsm program after failed attach CVE-2022-50861 — kernel: NFSD: Finish converting the NFSv2 GETACL result encoder CVE-2022-50863 — kernel: Kernel: Denial of Service via memory leak in wifi power saving mode CVE-2022-50866 — kernel: ASoC: pxa: fix null-pointer dereference in filter() CVE-2022-50889 — kernel: dm integrity: Fix UAF in dm_integrity_dtr() CVE-2023-0394 — kernel: NULL pointer dereference in rawv6_push_pending_frames CVE-2023-0461 — kernel: net/ulp: use-after-free in listening ULP sockets CVE-2023-0590 — kernel: use-after-free due to race condition in qdisc_graft() CVE-2023-1195 — kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c CVE-2023-1382 — kernel: denial of service in tipc_conn_close CVE-2023-2177 — Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common CVE-2023-2513 — kernel: ext4: use-after-free in ext4_xattr_set_entry() CVE-2023-22998 — kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init() CVE-2023-52340 — kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU CVE-2023-52905 — kernel: octeontx2-pf: Fix resource leakage in VF driver unbind CVE-2023-53020 — kernel: l2tp: close all race conditions in l2tp_tunnel_register() CVE-2023-53021 — kernel: net/sched: sch_taprio: fix possible use-after-free CVE-2023-53029 — kernel: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt CVE-2023-53030 — kernel: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context CVE-2023-53033 — kernel: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits CVE-2023-53064 — kernel: iavf: fix hang on reboot with ice CVE-2023-53083 — kernel: nfsd: don't replace page in rq_pages if it's a continuation of last page CVE-2023-53273 — kernel: Drivers: vmbus: Check for channel allocation before looking up relids CVE-2023-53381 — kernel: NFSD: fix leaked reference count of nfsd4_ssc_umount_item CVE-2023-53393 — kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device CVE-2023-53552 — kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free CVE-2023-53606 — kernel: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath CVE-2023-53634 — kernel: bpf, arm64: Fixed a BTI error on returning to patched function CVE-2023-53765 — kernel: dm cache: free background tracker's queued work in btracker_destroy CVE-2023-53809 — kernel: Kernel: Denial of Service via recursive deadlock in L2TP tunnel registration CVE-2023-53811 — kernel: RDMA/irdma: Cap MSIX used to online CPUs + 1 CVE-2025-21867 — kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() CVE-2025-38393 — kernel: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN