UBUNTU-CVE-2023-54072

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocati...

UBUNTU-CVE-2023-54126

In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure we clean up the...

UBUNTU-CVE-2023-54122

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in order to avoid the NULL pointer dereference in drmatomichelpercrtcreset. Patchwork:...

CVE-2023-54137 vfio/type1: fix cap_migration information leak

In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix capmigration information leak Fix an information leak where an uninitialized hole in struct vfioiommutype1infocapmigration on the stack is exposed to userspace. The definition of struct...

CVE-2023-54121 btrfs: fix incorrect splitting in btrfs_drop_extent_map_range

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

CVE-2023-54084

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if initstream failed, but it instead freed dg00x-rxstream and returned success. This potentially leads to a use after free...

CVE-2023-54060 iommufd: Set end correctly when doing batch carry

In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufdioas.mockdomain.accessdomaindestory would blow up rarely. end should be...

CVE-2023-54040

The CVE-2023-54040 issue affects the Linux kernel ice driver’s FDIR path. When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx fails, the inserted entry may not be removed; if ice_vc_fdir_write_fltr fails, the fdir context info for the IRQ handler may not be cleared, causing inconsistent state o...

CVE-2023-54001 staging: r8712: Fix memory leak in _r8712_init_xmit_priv()

In the Linux kernel, the following vulnerability has been resolved: staging: r8712: Fix memory leak in r8712initxmitpriv In the above mentioned routine, memory is allocated in several places. If the first succeeds and a later one fails, the routine will leak memory. This patch fixes commit...

CVE-2023-54001 staging: r8712: Fix memory leak in _r8712_init_xmit_priv()

In the Linux kernel, the following vulnerability has been resolved: staging: r8712: Fix memory leak in r8712initxmitpriv In the above mentioned routine, memory is allocated in several places. If the first succeeds and a later one fails, the routine will leak memory. This patch fixes commit...

CVE-2023-53991 drm/msm/dpu: Disallow unallocated resources to be returned

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system because they are typically not represented in dpumdsscfg ^1, the resources in...

CVE-2023-53989 arm64: mm: fix VA-range sanity check

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both createmappingnoalloc and updatemappingprot sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears to be a historical accident...

CVE-2023-53988

Summary: CVE-2023-53988 describes a slab-out-of-bounds read in ntfs3 within the Linux kernel, triggered by hdr_delete_de() during index header handling. The provided descriptions indicate a read beyond bounds of a size that suggests a corrupted or malicious image reading INDEX_HDR data without va...

CVE-2023-53867 ceph: fix potential use-after-free bug when trimming caps

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session-scaplock' is released in cephiteratesessioncaps the cap maybe removed by another thread, and when using the stale cap...

CVE-2022-50709 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at ath9khtcrxmsg 1, for ioctlUSBRAWIOCTLEPWRITE can call ath9khifusbrxstream with pktlen = 0 but ath9khifusbrxstream uses devallocskbpktlen +...

CVE-2025-68730

In the Linux kernel, the ivpu GPU driver is affected by a page fault in ivpu_bo_unbind_all_bos_from_context. The fix prevents adding a BO to the vdev->bo_list in ivpu_gem_create_object(); when drm_gem_shmem_create() fails, the BO is not fully created and ivpu_gem_bo_free() is not called, leavi...

CVE-2025-68363

CVE-2025-68363 : Linux kernel BPF MTU check bug. The helper bpf_skb_check_mtu used skb->transport_header without guaranteeing that skb_transport_header was set, causing a WARN_ON_ONCE during BPF test_run. The fix adds a guard using skb_transport_header_was_set() and performs the check just bef...

AZL-72995 CVE-2025-68343 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

UBUNTU-CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...

CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...