6095 matches found
Spoofing
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
CVE-2023-52578 net: bridge: use DEV_STATS_INC()
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC syzbot/KCSAN reported data-races in brhandleframefinish 1 This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEVSTATSINC to update dev-stats fields. Handles updates to...
CVE-2023-52576 x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
In the Linux kernel, the following vulnerability has been resolved: x86/mm, kexec, ima: Use memblockfreelate from imafreekexecbuffer The code calling imafreekexecbuffer runs long after the memblock allocator has already been torn down, potentially resulting in a use after free in...
CVE-2023-52576
In the Linux kernel, the following vulnerability has been resolved: x86/mm, kexec, ima: Use memblockfreelate from imafreekexecbuffer The code calling imafreekexecbuffer runs long after the memblock allocator has already been torn down, potentially resulting in a use after free in...
CVE-2023-52575
Removed by vendor...
CVE-2023-52573
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rdsrdmacmeventhandlercmn check, if conn pointer exists before dereferencing it as rdmasetservicetype argument Found by Linux Verification Center linuxtesting.org with SVACE...
CVE-2023-52570
In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdevunregisterparent Inject fault while probing mdpy.ko, if kstrdup of createdir fails in kobjectaddinternal in kobjectinitandadd in mdevtypeadd in parentcreatesysfsfiles, it will return 0...
CVE-2023-52566
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfsgccachesubmitreaddata In nilfsgccachesubmitreaddata, brelsebh is called to drop the reference count of bh when the call to nilfsdattranslate fails. If the reference count hits 0 and it...
CVE-2023-52563 drm/meson: fix memory leak on ->hpd_notify callback
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on -hpdnotify callback The EDID returned by drmbridgegetedid needs to be freed...
CVE-2023-52518 Bluetooth: hci_codec: Fix leaking content of local_codecs
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicodec: Fix leaking content of localcodecs The following memory leak can be observed when the controller supports codecs which are stored in localcodecs list but the elements are never freed: unreferenced object...
CVE-2023-52532 net: mana: Fix TX CQE error handling
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2023-52523 bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject skmsg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an skmsg program user can steer messages sent from one TCP socket s1 to actually egress from another TCP socket s2: tcpbpfsendmsgs1 //...
CVE-2023-52524
In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered...
CVE-2023-52515
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...
CVE-2023-52513 RDMA/siw: Fix connection failure handling
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the co...
CVE-2023-52505 phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers
In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent physetmodeext calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD implemented by the driver, as well as others, control protocol converters from multiple...
CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash
In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...
CVE-2023-52499
In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...
CVE-2022-48628
In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...
CVE-2024-26621 mm: huge_memory: don't force huge page alignment on 32 bit
In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 "mm: align larger anonymous mappings on THP boundaries" caused two issues 1 2 reported on 32 bit system or compat userspace. It doesn't make too much...