6095 matches found
CVE-2023-53477
In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6nlmsgsize, the length of nexthop is calculated by multipling the nexthop length of fib6info and the number of siblings. However if the fib6info h...
CVE-2023-53466
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix memory leak in mt7915mcuexit Always purge mcu skb queues in mt7915mcuexit routine even if mt7915firmwarestate fails...
CVE-2023-53464
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...
CVE-2023-53462
In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fillframeinfo Syzbot reports the following uninit-value access problem. ===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:601 inli...
CVE-2023-53461
In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by ioringexitwork. That function is invoked by kworker, which doesn't...
CVE-2023-53460
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtwusbprobe drivers/net/wireless/realtek/rtw88/usb.c:876 rtwusbprobe warn: 'hw' from ieee80211allochw not released on lines: 811 Fix this by modifying return to a goto statement...
CVE-2023-53459
In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might kick in the devm free code path and thus have unavailable struct mcp2221 while in delayed wor...
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam and each of them directly converts the nlattr to...
CVE-2023-53450
In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUGON in ext4mbreleasegrouppa If a malicious fuzzer overwrites the ext4 superblock while it is mounted such that the sfirstdatablock is set to a very large number, the calculation of the block group can underflow,...
CVE-2022-50442
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
CVE-2022-50438
In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix memory leak when reading function table When the input parameter idx meets the expected case option in hinicdbggetfunctable, readdata is not released. Fix it...
CVE-2022-50437
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...
CVE-2022-50436
In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 "ext4: fixup ext4fctrack functions' signature" extended the scope of the transaction in ext4unlink too far, making it include the call to ext4findentry...
CVE-2022-50434
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 size 512: comm "insmod", pid 308021, jiffies 4324277909 age 509.733s hex dump...
CVE-2022-50433
In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc "efi: avoid efivars layer when loading SSDTs from variables". The problem appears t...
CVE-2022-50431
In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev devsetname in soundbusaddone allocates memory for name, it need be freed when ofdeviceregister fails, call soundbusdevput to give up the reference that hold in...
CVE-2022-50429
In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in oflpddr3getddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...
CVE-2022-50425
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...
CVE-2022-50422
In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...
CVE-2022-50420
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In hpreremove, when the disable operation of qm sriov failed, the following logic should continue to be executed to release the remaining resources that have been...