AZL-75104 CVE-2023-53491 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...

CVE-2023-53468

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in allocwbufs kmemleak reported a sequence of memory leaks, and show them as following: unreferenced object 0xffff8881575f8400 size 1024: comm "mount", pid 19625, jiffies 4297119604 age 20.383s hex dump fir...

CVE-2023-53452

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...

CVE-2022-50468

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosusbpdnotify: Fix error handling in crosusbpdnotifyinit The following WARNING message was given when rmmod crosusbpdnotify: Unexpected driver unregister! WARNING: CPU: 0 PID: 253 at drivers/base/driver.c:270...

AZL-74655 CVE-2022-50467 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

UBUNTU-CVE-2022-50467

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

UBUNTU-CVE-2023-53523

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect and then the struct...

UBUNTU-CVE-2023-53499

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...

CVE-2023-53523

Technical details for CVE-2023-53523 are not publicly provided in the connected documents; no specific affected products, versions, risks, or fixes are listed beyond the initial description. Monitor for updates.

CVE-2023-53523 can: gs_usb: fix time stamp counter initialization

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect and then the struct...

CVE-2023-53523 can: gs_usb: fix time stamp counter initialization

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect and then the struct...

CVE-2023-53499 virtio_net: Fix error unwinding of XDP initialization

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...

CVE-2023-53499

In CVE-2023-53499, the Linux kernel virtio_net component fixes an error unwind in XDP initialization during virtnet_open(). If an XDP init step fails, previously initialized rqs and enabled NAPI could leak; the patch rolls back earlier rq initialization to prevent leaks in the error unwinding pat...

CVE-2023-53491 start_kernel: Add __no_stack_protector function attribute

In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...

CVE-2022-50469 staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential memory leak in rtwinitdrvsw In rtwinitdrvsw, there are various init functions are called to populate the padapter structure and some checks for their return value. However, except for the first o...

CVE-2022-50467

CVE-2022-50467 affects the Linux kernel LPFC SCSI driver (lpfc). The vulnerability arises in lpfc_cmpl_ct_cmd_gft_id() where an abnormal exit path could call lpfc_nlp_put() with a null pointer to a nodelist structure, risking a null dereference. The changelog indicates the root cause was a missin...

CVE-2022-50468

CVE-2022-50468 affects the Linux kernel, specifically the Cros USB PD notifier driver (platform/chrome: cros_usbpd_notify). The issue arises because cros_usbpd_notify_init() does not check the return value of platform_driver_register(), allowing cros_usbpd_notify to install even if registration f...

CVE-2022-50464

In the Linux kernel, mt76 MT7915 PCI path had a refcount leak in mt7915_pci_init_hif2(); the issue stems from pci_get_device() returning a device with increased refcount and not balancing with pci_dev_put(). The fix saves the returned pci_device and ensures a pci_dev_put() is called to decrease t...

CVE-2022-50464 mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915pciinithif2 As comment of pcigetdevice says, it returns a pcidevice with its refcount increased. We need to call pcidevput to decrease the refcount. Save the return value of...

CVE-2022-50452 net: sched: cake: fix null pointer access issue when cake_init() fails

In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...