CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

CVE-2023-54305

In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access sroot while it is already set as NULL when umount is triggered. Refuse this request to avoid panic...

CVE-2023-54304

In the Linux kernel, the following vulnerability has been resolved: firmware: mesonsm: fix to avoid potential NULL pointer dereference ofmatchdevice may fail and returns a NULL pointer. Fix this by checking the return value of ofmatchdevice...

CVE-2023-54302

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...

CVE-2023-54303

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpfperfeventoutput The nesting protection in bpfperfeventoutput relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However bpfperfeventoutput can be also called from uprobes...

CVE-2023-54301

In the Linux kernel, the following vulnerability has been resolved: serial: 8250bcm7271: fix leak in brcmuartprobe Smatch reports: drivers/tty/serial/8250/8250bcm7271.c:1120 brcmuartprobe warn: 'baudmuxclk' from clkprepareenable not released on lines: 1032. The issue is fixed by using a managed...

CVE-2023-54299

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the...

CVE-2023-54300

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

CVE-2023-54298

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just return. Trying to free "socdts" will lead to an Oops...

CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

CVE-2023-54297

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix memory leak after finding block group with super blocks At excludesuperstripes, if we happen to find a block group that has super blocks mapped to it and we are on a zoned filesystem, we error out as this is not...

CVE-2023-54295

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-boun...

CVE-2023-54293

In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btreecachewait list damage We get a kernel crash about "listadd corruption. next-prev should be prev ffff9c801bc01210, but was ffff9c77b688237c. next=ffffae586d8afe68." crash struct listhead 0xffff9c801bc01210 struc...

CVE-2023-54294

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

CVE-2023-54292

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqpop while being updated in irdmacqpcehandler. Annotate lockless intent...

CVE-2023-54290

Removed by vendor...

CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54289

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedfmain.c:3056 qedfallocglobalqueues warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return...

CVE-2023-54287

In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uartaddoneport has not executed, so there will be kernel panic: 0.795668 Unable to handle kernel NULL...

CVE-2023-54288

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211txdequeue there is a particular locking sequence: begin: spinlock&local-queuestopreasonlock; qstopped = local-queuestopreasonsq;...

CVE-2023-54286

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the...

CVE-2023-54284

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...

CVE-2023-54285

In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomapwritedelallocscan folionextindex returns an unsigned long value which left shifted by PAGESHIFT could possibly cause an overflow on 32-bit system. Instead use folioposfolio +...

CVE-2023-54283

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...

CVE-2023-54282

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350...

CVE-2023-54281

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfsiget to get an inode reference while we are holding on a root's btree. If btrfsiget needs to lookup the...

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2022-50882

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvcgpioparse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer after the IRQ to avoid it...

CVE-2022-50883

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent decltag from being referenced in funcproto arg Syzkaller managed to hit another decltag issue: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline btfparsetypesec+0x1175/0x198...

CVE-2022-50881

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9khifusbdisconnect This patch fixes a use-after-free in ath9k that occurs in ath9khifusbdisconnect when ath9kdestroywmi is trying to access 'drvpriv' that has already been freed by...

CVE-2022-50880

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdevid and address, it has only one...

CVE-2022-50878

In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611connectorinit A NULL check for bridge-encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 if !bridge-encoder...

CVE-2022-50879

In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT findinsn will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference...

CVE-2022-50877

In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a possible race and NU...

CVE-2022-50875

In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in finddupcsetnodeentry and finddupcsetprop When kmalloc fail to allocate memory in kasprintf, fn1 or fn2 will be NULL, and strcmp will cause null pointer dereference...

CVE-2022-50876

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musbgadget.c rxstate overflow bug The usb function device call musbgadgetqueue adds the passed request to musbep::reqlist,If the request-length musbep-packetsz and isbuffermappedreq return false,the rxstate will co...

CVE-2022-50874

In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Fix refcount leak in erdmammap rdmausermmapentryget take reference, we should release it when not need anymore, add the missing rdmausermmapentryput in the error path to fix it...

CVE-2023-54279

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

CVE-2023-54277

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from...

CVE-2023-54276

In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...

CVE-2023-54275

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11kpeerrxfragsetup cryptoallocshash allocates resources, which should be released by cryptofreeshash. When ath11kpeerfind fails, there has memory leak. Add missing cryptofreeshash to fix this...

CVE-2023-54274

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'madagent' pointer When unregistering MAD agent, srpt module has a non-null check for 'madagent' pointer before invoking ibunregistermadagent. This check can pass if 'madagent' variable holds an...

CVE-2023-54272

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in niclear In a previous commit c1006bd13146, ni-mi.mrec in niwriteinode could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni-mi.mr...

CVE-2023-54273

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

CVE-2023-54271

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

CVE-2023-54269

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprtctxt while still in use When an RPC request is deferred, the rqxprtctxt pointer is moved out of the svcrqst into the svcdeferredreq. When the deferred request is revisited, the pointer is copied into the n...

CVE-2023-54270

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by dosubmiturb. One of the KASan reports is shown below: 36.403605 BUG: KASAN: use-after-free in workerthread+0x4a2/0x890 36.406105 Read o...

CVE-2023-54268

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

CVE-2023-54267

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppacasharedproc to avoid DEBUGPREEMPT lppacasharedproc takes a pointer to the lppaca which is typically accessed through getlppaca. With DEBUGPREEMPT enabled, this leads to checking if preemption is...