kernel: NVMe: info leak due to out-of-bounds read in nvmet_ctrl_find_get

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

kernel: RDMA/srpt: Add a check for valid 'mad_agent' pointer

A flaw was addressed in the Linux kernel’s RDMA SRPT SCSI RDMA Protocol Target subsystem. When unregistering a MAD Management Datagram agent, the SRPT module previously performed a non-NULL check on the madagent pointer before invoking ibunregistermadagent. Under rare timing...

kernel: scsi: target: Fix multiple LUN_RESET handling

A race condition flaw was found in the Linux kernel SCSI target subsystem's LUNRESET handling. When multiple remote initiator sessions send concurrent LUNRESET commands, one session's reset can incorrectly drain commands from another session, causing the second session to receive a successful res...

kernel: use-after-free in read in vt_do_kdgkb_ioctl

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality...

kernel: Linux kernel (soundwire): Memory corruption due to incorrect device enumeration completion

A flaw was found in the Linux kernel's soundwire subsystem. The code responsible for managing device enumeration completion, which allows drivers to synchronize with soundwire devices, contains a defect. This issue can lead to memory corruption if drivers are still waiting for completion, as the...

DEBIAN-CVE-2021-47480

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is...

USN-6775-2 linux-aws, linux-aws-5.15, linux-gke vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

USN-6777-3: Linux kernel (GCP) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

USN-6777-3 linux-gcp vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

DEBIAN-CVE-2023-52783

In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...

CVE-2023-52771

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

CVE-2023-52771

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

UBUNTU-CVE-2023-52771

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

CVE-2023-52783 net: wangxun: fix kernel panic due to null pointer

In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...

CVE-2023-52783 net: wangxun: fix kernel panic due to null pointer

In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of 'wx-mactable' is allocated. The null pointer will causes the kernel panic...

CVE-2023-52771

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

CVE-2023-52771

CVE-2023-52771 affects the Linux kernel CXL stack. The issue is a race between delete_endpoint() teardown and parent unregistration, which can impact the cxl_mem/cxl_port topology during port removal. The provided description states two fixes: (1) acquire a reference on the parent to prevent use‑...

CVE-2023-52771 cxl/port: Fix delete_endpoint() vs parent unregistration race

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

CVE-2023-52771 cxl/port: Fix delete_endpoint() vs parent unregistration race

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...