CVE-2023-54023

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465 ------------ cut here ------------...

CVE-2023-54021

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

CVE-2023-54018

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue as it may return NULL pointer and cause NULL pointer dereference in hdmihdcp.c and hdmihpd.c. Patchwork:...

CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

CVE-2023-54017

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname called in deviceadd is leaked. As comment of deviceadd says, it shoul...

CVE-2023-54016

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak in rxdesc and txdesc Currently when ath12kdpccdescinit is called we allocate memory to rxdescs and txdescs. In ath12kdpcccleanup, during descriptor cleanup rxdescs and txdescs memory is not freed. Th...

CVE-2023-54015

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5devcomregisterdevice In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to...

CVE-2023-54014

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fcbsgtorport Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fcbsgtorport could be NULL and dereferenced. Check valid rport returned b...

CVE-2023-54013

In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where iccbwset can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. Introduce a new iccbwlock...

CVE-2023-54011

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix an issue found by KASAN Write only correct size 32 instead of 64 bytes...

CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54010

In the Linux kernel, the following vulnerability has been resolved: ACPICA: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbdisplayobjects ACPICA commit 0d5f467d6a0ba852ea3aad68663cbcbd43300fd4 ACPIALLOCATEZEROED may fails, objectinfo might be null and will cause null pointer dereference...

CVE-2023-54009

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...

CVE-2023-54007

In the Linux kernel, the following vulnerability has been resolved: vmcihost: fix a race condition in vmcihostpoll causing GPF During fuzzing, a general protection fault is observed in vmcihostpoll. general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 1 PREEMPT SM...

CVE-2023-54008

In the Linux kernel, the following vulnerability has been resolved: virtiovdpa: build affinity masks conditionally We try to build affinity mask via createaffinitymasks unconditionally which may lead several issues: - the affinity mask is not used for parent without affinity support only VDUSE...

CVE-2023-54006

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-race around unixtotinflight. unixtotinflight is changed under spinlockunixgclock, but unixreleasesock reads it locklessly. Let's use READONCE for unixtotinflight. Note that the writer side was marked by commit...

CVE-2023-54005

In the Linux kernel, the following vulnerability has been resolved: binder: fix memory leak in binderinit In binderinit, the destruction of binderallocshrinkerinit is not performed in the wrong path, which will cause memory leaks. So this commit introduces binderallocshrinkerexit and calls it in...

CVE-2023-54004

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in skmemraiseallocated. syzbot reported 0 a null-ptr-deref in skgetrmem0 while using IPPROTOUDPLITE 0x88: 14:25:52 executing program 1: r0 = socket$inet60xa, 0x80002, 0x88 We had a similar...

CVE-2023-54003

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when createah fails If AH create request fails, release sgidattr to avoid GID entry referrence leak reported while releasing GID table...

CVE-2023-54002

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion of exclop condition when starting balance Balance as exclusive state is compatible with paused balance and device add, which makes some things more complicated. The assertion of valid states when starting fro...

CVE-2023-54001

In the Linux kernel, the following vulnerability has been resolved: staging: r8712: Fix memory leak in r8712initxmitpriv In the above mentioned routine, memory is allocated in several places. If the first succeeds and a later one fails, the routine will leak memory. This patch fixes commit...

CVE-2023-54000

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and reset are executed together, a deadlock may occur: 3147.217009 INFO: task kworker/u321:0:7 blocked for more than 120 seconds...

CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

CVE-2023-53998

In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on dataavail and actual data The virtio rng device kicks off a new entropy request whenever the data available reaches zero. When a new request occurs at the end of a read operation, that is, when the...

CVE-2023-53997

In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 "thermal/core: Alloc-copy-free the thermal zone parameters structure", thermalzonedeviceregister allocates a copy of the tzp argument and frees it when...

CVE-2023-53996

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marke...

CVE-2023-53994

In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARNON to prevent paniconwarn Remove unnecessary early code development check and the WARNON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have stuck around so long...

CVE-2023-53995

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in inetdelifa I got the below warning when do fuzzing test: unregisternetdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w...

CVE-2023-53993

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIGDEBUGOBJECTS=y After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak with CONFIGDEBUGOBJECTS=y...

CVE-2023-53992

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check...

CVE-2023-53991

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system because they are typically not represented in dpumdsscfg ^1, the resources in...

CVE-2023-53990

In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...

CVE-2023-53989

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both createmappingnoalloc and updatemappingprot sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears to be a historical accident...

CVE-2023-53987

In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 "ping: convert to RCU lookups, get rid of rwlock", we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to avoid a potential NULL...

CVE-2023-53988

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...

CVE-2023-53986

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...

CVE-2023-53867

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session-scaplock' is released in cephiteratesessioncaps the cap maybe removed by another thread, and when using the stale cap...

CVE-2022-50711

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible memory leak in mtkprobe If mtkwedaddhw has been called, mtkwedexit needs be called in error path or removing module to free the memory allocated in mtkwedaddhw...

CVE-2022-50709

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at ath9khtcrxmsg 1, for ioctlUSBRAWIOCTLEPWRITE can call ath9khifusbrxstream with pktlen = 0 but ath9khifusbrxstream uses devallocskbpktlen +...

CVE-2022-50710

In the Linux kernel, the following vulnerability has been resolved: ice: set txtstamps when creating new Tx rings via ethtool When the user changes the number of queues via ethtool, the driver allocates new rings. This allocation did not initialize txtstamps. This results in the txtstamps field...

CVE-2022-50708

In the Linux kernel, the following vulnerability has been resolved: HSI: ssiprotocol: fix potential resource leak in ssippnopen ssippnopen claims the HSI client's port with hsiclaimport. When hsiregisterportevent gets some error and returns a negetive value, the HSI client's port should be releas...

CVE-2022-50707

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case. Otherwise there is a...

CVE-2022-50705

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...

CVE-2022-50706

In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized rawsendmsg syzbot is hitting skbassertlen warning at devqueuexmit 1, for PFIEEE802154 socket's zero-sized rawsendmsg request is hitting devqueuexmit with skb-len == 0. Since PFIEEE802154...

CVE-2022-50704

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the -pullup callback, or the hardware encounters a low probability fault...

CVE-2022-50703

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcomsmsmprobe There are two refcount leak bugs in qcomsmsmprobe: 1 The 'localnode' is escaped out from foreachchildofnode as the break of iteration, we should call ofnodeput for it in...

CVE-2022-50701

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level...

CVE-2022-50702

In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix possible memory leak in vdpasimnetinit and vdpasimblkinit Inject fault while probing module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, but the refcount of kobject is not decreased to 0, the name...

CVE-2022-50700

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a copy complete interrupt to the host driver while still processing the buffer that the driver has...