CVE-2022-50665

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peerid 0 when disconnected It has a fail log which is ath11kdbg in ath11kdprxprocessmonstatus, as below, it will not print when debugmask is not set ATH11KDBGDATA. ath11kdbgab,...

CVE-2022-50664

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw...

CVE-2022-50663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix possible memory leak in stmmacdvrprobe The bitmapfree should be called to free priv-afxdpzcqps when createsinglethreadworkqueue fails, otherwise there will be a memory leak, so we add the err path errorwqinit to...

CVE-2022-50662

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: fix memory leak in hnsroceallocmr When hnsrocemrenable failed in hnsroceallocmr, mrkey is not released. Compiled test only...

CVE-2022-50661

In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to no failure path. Our syzbot instance reported memory leaks in doseccomp 0, similar to the report 1. It shows that we miss freeing struct seccompfilter and some objects included in it. We can reproduce...

CVE-2022-50660

In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipwwdevinit In the error path of ipwwdevinit, exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipwpciprobe. As a result,...

CVE-2022-50659

In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...

CVE-2022-50658

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect, then there is a memory leak in the error path because we never free the speedbin buffer. This commit fixes the error path to always...

CVE-2022-50657

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasaninit Hi Atish, It seems that the panic is due to the missing memcpy during kasaninit. Could you please check whether this patch is helpful? When doing kasanpopulate, the new allocated...

CVE-2023-53820

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

CVE-2013-10031

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

CVE-2023-53819

In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in amdgpuvmupdaterange when offsetinbo+mapsize overflows. v2: keep the validations in amdgpuvmbomap v3: add the validations to...

CVE-2023-53818

In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynqearlyslcrinit offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on error path. Add missing ofnodeput to avoid refcount leak...

CVE-2023-53817

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn...

CVE-2023-53816

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...

CVE-2023-53815

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers...

CVE-2023-53814

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: 1 new suspected memory leaks see /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 size 64: comm...

CVE-2023-53813

In the Linux kernel, the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4mbusepreallocated During allocations, while looking for preallocationsPA in the per inode rbtree, we can't do a direct traversal of the tree because ext4mbdiscardgrouppreallocation can...

CVE-2023-53811

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a warning...

CVE-2023-53812

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pmruntimedisable when the architecture support sub device for 'dev-pm.dev' is NUll, or will get below crash log. 10.771551 pc : rawspinlockirq+0x4c/0xa0 10.771556 l...

CVE-2023-53810

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

CVE-2023-53809

In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tptunnelregister. This situation is reproduced b...

CVE-2023-53808

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from 'mwifiexhistogramread'...

CVE-2023-53807

In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clkwzrdregisterdivider Smatch detected this potential error pointer dereference clkwzrdregisterdivider. If devmclkhwregister fails then it sets "hw" to an error pointer and then dereferences it o...

CVE-2023-53806

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe Why System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. How When the driver populates...

CVE-2023-53805

Removed by vendor...

CVE-2023-53804

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2, nothing holds nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since nilfsevictinode uses...

CVE-2023-53803

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN: slab-out-of-bounds in sesenclosuredataprocess+0x949/0xe30 ses Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after a...

CVE-2023-53802

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback function. However, the skb is not freed in...

CVE-2023-53801

In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed...

CVE-2023-53800

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubiebacopytable+0x11f/0x1c...

CVE-2023-53799

In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the...

CVE-2023-53798

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

CVE-2023-53797

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: Use ktimet rather than int when dealing with timestamps Code which interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not offer enough space to store these...

CVE-2023-53796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by...

CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

CVE-2023-53795

In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increase the refcount syzkaller found a race where IOMMUFDDESTROY increments the refcount: obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj;...

CVE-2023-53793

In the Linux kernel, the following vulnerability has been resolved: perf tool x86: Fix perfenv memory leak Found by leak sanitizer: ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 bytes in 1 objects allocated from: 0 0x7f2953a7077b in interceptorstrdup...

CVE-2023-53792

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...

CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

CVE-2023-53790

In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the freed element in bpf memory allocator may be immediately reused, for htab map the reuse will reinitialize special fields in map value e.g., bpfspinlock...

CVE-2023-53789

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improve page fault error reporting If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer...

CVE-2023-53788

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuningctlset tuningctlset might have buffer overrun at X if it didn't break from loop by matching A. static int tuningctlset... for i = 0; i TUNINGCTLSCOUNT; i++ A if nid ==...

CVE-2023-53787

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: fix null pointer deref with partial DT config When some of the da9063 regulators do not have corresponding DT nodes a null pointer dereference occurs on boot because such regulators have no initdata causing the...

CVE-2023-53786

In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbiobyte 512" Fix the crash by...

CVE-2023-53785

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: don't assume adequate headroom for SDIO headers mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr, both of which blindly assume that adequate headroom will be available in the passed...

CVE-2023-53784

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fix connector access for scdc Commit 5d844091f237 "drm/scdc-helper: Pimp SCDC debugs" changed the scdc interface to pick up an i2c adapter from a connector instead. However, in the case of dw-hdmi, the wrong...

CVE-2023-53783

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: fix divide by 0 error in calclcoefs echo max of u64 to cost.model can cause divide by 0 error. echo 8:0 rbps=18446744073709551615 /sys/fs/cgroup/io.cost.model divide error: 0000 1 PREEMPT SMP RIP:...

CVE-2023-53782

In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...

CVE-2023-53781

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...