UBUNTU-CVE-2022-50844

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odneditdpmtable callback With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sur...

CVE-2023-54305

CVE-2023-54305 is a Linux kernel/ext4 vulnerability where the ea block expansion could access s_root while it is NULL during unmount, risking a kernel panic. Public descriptions across NVD/Red Hat/SUSE/osv entries confirm the issue and its resolution in the kernel, not in user space. The fix prev...

CVE-2023-54305 ext4: refuse to create ea block when umounted

In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access sroot while it is already set as NULL when umount is triggered. Refuse this request to avoid panic...

CVE-2023-54287 tty: serial: imx: disable Ageing Timer interrupt request irq

In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uartaddoneport has not executed, so there will be kernel panic: 0.795668 Unable to handle kernel NULL...

CVE-2023-54256

...

CVE-2023-54255

CVE-2023-54255 affects the Linux kernel with SH3/SH4/SH4A DMAC implementations. The vulnerability arises from incorrect DMA channel offset calculations when multiple DMA channels are distributed across up to two DMAC modules, which can trigger kernel panics. The described fix rewrites dma_base_ad...

CVE-2023-54253 btrfs: set page extent mapped after read_folio in relocate_one_page

In the Linux kernel, the following vulnerability has been resolved: btrfs: set page extent mapped after readfolio in relocateonepage One of the CI runs triggered the following panic assertion failed: PagePrivatepage && page-private, in fs/btrfs/subpage.c:229 ------------ cut here ------------...

CVE-2022-50786

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic...

CVE-2022-50870 powerpc/rtas: avoid device tree lookups in rtas_os_term()

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...

CVE-2022-50870 powerpc/rtas: avoid device tree lookups in rtas_os_term()

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...

CVE-2022-50870

CVE-2022-50870: In the Linux kernel (powerpc RTAS), rtas_os_term() could hang during panic due to risky device-tree traversal when devtree_lock is held. The fix caches relevant RTAS/DT characteristics at boot and changes the ibm,extended-os-term lookup to a boolean property via of_property_read_b...

CVE-2022-50864 nilfs2: fix shift-out-of-bounds due to too large exponent of block size

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field slogblocksize of superblock data is corrupted and too large, initnilfs and loadnilfs still can trigger a shift-out-of-bounds warning followed by a...

CVE-2022-50864 nilfs2: fix shift-out-of-bounds due to too large exponent of block size

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field slogblocksize of superblock data is corrupted and too large, initnilfs and loadnilfs still can trigger a shift-out-of-bounds warning followed by a...

CVE-2022-50864

CVE-2022-50864 affects the Linux kernel nilfs2 where a corrupted s_log_block_size in the superblock could trigger a shift-out-of-bounds warning and kernel panic during init_nilfs() or load_nilfs(), due to a too-large exponent for a 32-bit int (exponent 38973). The issue has been resolved by addin...

CVE-2022-50786

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic...

UBUNTU-CVE-2022-50786

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic...

CVE-2023-54237

CVE-2023-54237 affects the Linux kernel net/smc component. The root cause described across connected documents is that smc_llc_srv_add_link() could be invoked without proper protection, potentially allowing a second link to be added to a link group and thereby breaking the security environment pr...

CVE-2023-54237 net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

CVE-2023-54237

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

CVE-2023-54199

CVE-2023-54199 affects Linux kernel DRM/Adreno code. The issue is a null pointer dereference in adreno_gpu_cleanup() during driver bind/init (a6xx_gpu_init/adreno_bind path), leading to kernel Oops and a kernel panic. Public advisories confirm a fix has been applied in the kernel stack (adreno_gp...