CVE-2023-54316 refscale: Fix uninitalized use of wait_queue_head_t

In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of waitqueueheadt Running the refscale test occasionally crashes the kernel with the following error: 8569.952896 BUG: unable to handle page fault for address: ffffffffffffffe8 8569.952900 PF:...

CVE-2023-54310

The CVE-2023-54310 issue (Linux kernel, scsi: mptlan) is a use-after-free in mptlan_remove() caused by a race with the post_buckets workqueue started by mptlan_probe(). The probe path initializes priv->post_buckets_task; a wake starts the work. During driver unload, free_netdev()/kfree(dev) ca...

CVE-2023-54302

CVE-2023-54302 pertains to the Linux kernel RDMA/irdma: a data race on CQP completion statistics occurred because the completion counter was read without proper synchronization while updated by a completion thread on another CPU. The fix converts the completion statistics to an atomic variable to...

CVE-2023-54292 RDMA/irdma: Fix data race on CQP request done

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqpop while being updated in irdmacqpcehandler. Annotate lockless intent...

CVE-2023-54292

CVE-2023-54292: In the Linux kernel, a data race was fixed in RDMA/irdma handling of CQP requests. KCSAN showed a race on cqp_request->request_done; the fix annotates lockless access with READ_ONCE/WRITE_ONCE to avoid compiler optimizations and warnings. Public details in the initial descripti...

CVE-2023-54292

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqpop while being updated in irdmacqpcehandler. Annotate lockless intent...

CVE-2023-54242

CVE-2023-54242 affects the Linux kernel in the block bfq I/O elevator. The issue is a division by zero when the weighted sum (wsum) equals zero, causing an invalid calculation of the limit during bfq_limit_depth. The vulnerability could trigger a divide error as observed in a stress-ng stress tes...

CVE-2023-54236

CVE-2023-54236 is a Linux kernel vulnerability related to the net_failover path, where the transmit queue (txq) count could exceed the number of available TX queues, leading to a warning such as “eth0 selects TX queue 18, but real number of TX queues is 16.” The provided documents confirm that th...

CVE-2023-54236 net/net_failover: fix txq exceeding warning

In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...

CVE-2023-54236

In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...

CVE-2023-54236 net/net_failover: fix txq exceeding warning

In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...

CVE-2023-54227 blk-mq: fix tags leak when shrink nr_hw_queues

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...

CVE-2023-54227 blk-mq: fix tags leak when shrink nr_hw_queues

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...

CVE-2023-54223

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...

CVE-2023-54223 net/mlx5e: xsk: Fix invalid buffer access for legacy rq

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...

CVE-2023-54223

CVE-2023-54223: In the Linux kernel mlx5 net/xsk legacy-rq path, a buffer could be released twice (in XDP_REDIRECT and then by the driver) due to switching from a skip-release flag to fragment-counts. The fix adds a guard flag to avoid driver-side release, preventing a use-after-free/general-prot...

CVE-2023-54223 net/mlx5e: xsk: Fix invalid buffer access for legacy rq

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...

CVE-2022-50838

CVE-2022-50838 concerns a Linux kernel issue in net: stream where the socket error queue (sk_error_queue) was not purged on socket close, enabling TCP socket leaks and potential memory exhaustion. The root cause involves TX timestamping and error queue handling: when SOF_TIMESTAMPING_TX_ACK is en...

CVE-2022-50838 net: stream: purge sk_error_queue in sk_stream_kill_queues()

In the Linux kernel, the following vulnerability has been resolved: net: stream: purge skerrorqueue in skstreamkillqueues Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1 SOFTIMESTAMPINGTXACK is enabled on the socket. Each ACK...

CVE-2022-50838 net: stream: purge sk_error_queue in sk_stream_kill_queues()

In the Linux kernel, the following vulnerability has been resolved: net: stream: purge skerrorqueue in skstreamkillqueues Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1 SOFTIMESTAMPINGTXACK is enabled on the socket. Each ACK...