CVE-2022-49102 habanalabs: fix possible memory leak in MMU DR fini

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix possible memory leak in MMU DR fini This patch fixes what seems to be copy paste error. We will have a memory leak if the host-resident shadow is NULL which will likely happen as the DR and HR are not dependent...

CVE-2022-49097

CVE-2022-49097 relates to the Linux kernel NFS writeback path. In low-memory conditions, the NFS writeback code could enter infinite loops in mempool_alloc, risking a writeback stall. The issue is resolved in the kernel by allowing the writeback path to fail gracefully instead of deadlocking. The...

CVE-2022-49092

CVE-2022-49092 concerns a Linux kernel net/ipv4 routing issue where deleting a route that points to a nexthop ID (without nhid) triggers a warning in fib_nh_match when a nexthop object is present. The root cause is a match operation on a fib_info with a nexthop object; the fix is to skip such mat...

CVE-2022-49079 btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunkmutex in btrfscanactivatezone btrfscanactivatezone can be called with the devicelistmutex already held, which will lead to a deadlock: insertdevextents // Takes devicelistmutex -...

CVE-2022-49075

CVE-2022-49075 : In the Linux kernel, a qgroup reserve overflow in btrfs can occur when fallocate spans more than 4 GiB. The root cause is that extent_changeset->bytes_changed is stored as an unsigned int, causing overflow and potentially breaking the qgroup limit. The advisory notes that regu...

CVE-2022-49075 btrfs: fix qgroup reserve overflow the qgroup limit

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve overflow the qgroup limit We use extentchangeset-byteschanged in qgroupreservedata to record how many bytes we set for EXTENTQGROUPRESERVED state. Currently the byteschanged is set as "unsigned int", and...

CVE-2022-49069 drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30internalvalidatebw Why Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is...

CVE-2022-49067 powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit

In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...

CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

CVE-2022-49053 scsi: target: tcmu: Fix possible page UAF

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmutrygetdatapage looks up pages under cmdrlock, but it does not take refcount properly and just returns page pointer. When tcmutrygetdatapage returns, the returned page may have been...

CVE-2021-47642

CVE-2021-47642: in the Linux kernel’s video fbdev/nvidiafb path, a fixed-size buffer overrun could occur by copying a channel name with strcpy into chan->adapter.name. The defect arises from copying into a 48-char buffer without length checks; fix is to use strscpy() to prevent overflows. The ...

CVE-2021-47639 KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not clearing all roots when unmapping gfn ranges in the TDP MMU...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from out-of-bounds access in the aqc111rxfixup function...

USN-7234-5: Linux kernel vulnerabilities

Ye Zhang and Nicolas Wu discovered that the iouring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

Siemens SIMATIC Devices Linux Kernel Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-3545)

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a...

LSN-0109-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mm: migrate: fix getting incorrect page mapping during page migration CVE-2023-52490 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...