kernel: drm/amdkfd: Add missing gfx11 MQD manager callbacks

A NULL pointer dereference was found in the AMD KFD driver for GFX11 GPUs. The mqdstride callback was not assigned for GFX11 hardware, causing crashes when accessing the MQD debugfs interface...

kernel: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check

An out-of-bounds read vulnerability was found in the Linux kernel's vDPA virtio Data Path Acceleration netlink interface. The vdpanlpolicy structure was missing the nlapolicy entry for the queue index attribute. Without proper validation, parsing netlink messages with this attribute could result ...

kernel: net/mlx5e: xsk: Fix crash on regular rq reactivation

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on regular rq reactivation When the regular rq is reactivated after the XSK socket is closed it could be reading stale cqes which eventually corrupts the rq. This leads to no more traffic being received ...

kernel: ice: Block switchdev mode when ADQ is active and vice versa

In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To prevent this, check if ADQ is active when changi...

kernel: blk-mq: release crypto keyslot before reporting I/O complete

A flaw was identified in the block multi-queue blk-mq subsystem of the Linux kernel where the crypto keyslot associated with a block I/O request could be released after upper layers have been notified that the I/O operation completed. Under certain conditions, this could lead to a use-after-free ...

kernel: RDMA/cma: Allow UD qp_type to join multicast only

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qptype to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PSUDP, other port spaces like PSIB is also allowed, as it is UD compatible. In this case qkey also needs t...

kernel: blk-mq: fix IO hang from sbitmap wakeup race

A possible IO hang from sbitmap wakeup race was found in the Linux kernel. This may lead to compromised Availability...

No title provided

REJECTED CVE An issue was identified in the Linux kernel's netfilter subsystem related to nftables. The issue occurs when a positive value, such as NFACCEPT, is provided in the upper 16 bits of NFDROP verdict parameters, which are expected to contain valid errno values e.g., -EPERM. This improper...

kernel: drm/amdgpu: fix memory leak in mes self test

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix memory leak in mes self test The fences associated with mes queue have to be freed up during amdgpuringfini...

kernel: Linux kernel: Denial of Service vulnerability in RDMA/rxe component

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. A local user could trigger a kernel panic by causing an error during the setup of a Queue Pair QP in rxecreateqp. This occurs when the system attempts to clean up resources by...

kernel: Linux kernel: Denial of Service in RDMA/bnxt_re driver due to race condition during QP destruction

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA bnxtre driver. A local user could exploit a race condition that occurs when a Queue Pair QP is destroyed, but completion queue CQ polling continues. This can lead to a kernel panic, resulting in a Denial of Service DoS on the...

kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nvmelswaitq wait queue System crash when qla2x00startspsp returns error code EGAIN and wakeup gets called for uninitialized wait queue sp-nvmelswaitq. qla2xxx 0000:37:00.1-2121:5: Returning existing...

kernel: Linux kernel: Privilege escalation via out-of-bounds write in RDMA/siw

A flaw was identified in the Linux kernel RDMA siw implementation where an undefined opcode value could be used during immediate work request flushing while in an error state. The send queue element opcode was not correctly set, which could lead to an out-of-bounds access when mapping between the...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

kernel: RDMA/irdma: Fix data race on CQP request done

A race condition was identified in the RDMA/irdma subsystem of the Linux kernel affecting how completion queue pair CQP requests are processed. The cqprequest-requestdone memory location is accessed without appropriate synchronization in the irdmahandlecqpop function while it is concurrently...

kernel: refscale: Fix uninitalized use of wait_queue_head_t

A use of uninitialized data was found in the refscale test module. The waitqueueheadt is used before being initialized, causing a race condition that can crash the kernel during testing...

kernel: RDMA/efa: Fix wrong resources deallocation order

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

kernel: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed

A use-after-free vulnerability was found in the Linux kernel's netfilter queue subsystem. When setting up a new network namespace, if ops-init fails during opsinit, the allocated data is freed but the pointer in net-gen remains pointing to the freed memory. When nfqnlnfhookdrop is subsequently...

kernel: Linux kernel: Denial of Service in DRM scheduler due to improper work queue handling

A flaw was found in the Linux kernel's Direct Rendering Manager DRM scheduler. A local attacker with low privileges could exploit this vulnerability by triggering a GPU reset test. This improper handling of the scheduler work queue can lead to a kernel panic, which is a system crash, resulting in...

CVE-2022-48652 ice: Fix crash by keep old cfg when update TCs more than queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...