CVE-2023-53729

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

CVE-2023-53728

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID...

CVE-2023-53727

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer is currently using too much time as syzbot reported. Add logic to yield the cpu every 2048 flows less than 150 usec on...

CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

CVE-2023-53726

In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c "arm64: csum: Fix pathological zero-length calls" added an early return for zero-length input, syzkaller has popped up with an...

CVE-2023-53724

In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633adcasyncread req is allocated in pcf50633adcasyncread, but adcenqueuerequest could fail to insert the req into queue. We need to check the return value and free it in the case o...

CVE-2023-53723

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdmav40ip is shared on a few asics, but in sdmav40hwfini, driver unconditionally disables eccirq which is only enabled on those asics enabling sdma ecc. Th...

CVE-2023-53722

In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1removedisk If rddev-raiddisk is greater than mddev-raiddisks, there will be an out-of-bounds in raid1removedisk. We have already found similar reports as follows: 1 commit d17f744e883b...

CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

CVE-2023-53721

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

CVE-2023-53719

In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports: drivers/tty/serial/arcuart.c:631 arcserialprobe warn: 'port-membase' from ofiomap not released on lines: 631. In arcserialprobe, if uartaddoneport fails,...

CVE-2023-53718

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpubuffer during resize process When ringbufferswapcpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in the wrong state will...

CVE-2023-53717

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

CVE-2023-53716

In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in skbtstamptx Commit 50749f2dd685 "tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp." added a call to skborphanfragsrx to fix leaks with zerocopy skbs. But it ended up adding a leak of its own...

CVE-2023-53715

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...

CVE-2023-53714

In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdccrtcsetcrcsource, struct drmcrtc was dereferenced in a containerof before the pointer check. This could cause a kernel panic. Fix this smatch warning: drivers/gpu/drm/stm/ltdc.c:11...

CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

CVE-2023-53713

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

CVE-2023-53711

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

CVE-2023-53709

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rbmovetail and rbcheckpages It seems a data race between ringbuffer writing and integrity check. That is, RBFLAG of headpage is been updating, while at same time RBFLAG was cleared when doing...

CVE-2023-53710

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix error code of return in mt7921acpiread Kernel NULL pointer dereference when ACPI SAR table isn't implemented well. Fix the error code of return to mark the ACPI SAR table as invalid. 5.077128 mt7921e...

CVE-2023-53708

In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPITYPEPACKAGE objects If a badly constructed firmware includes multiple ACPITYPEPACKAGE objects while evaluating the AMD LPS0 DSM, there will be a memory leak. Explicitly guard against this...

CVE-2023-53707

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix integer overflow in amdgpucspass1 The type of size is unsigned int, if size is 0x40000000, there will be an integer overflow, size will be zero after size = sizeofuint32t, will cause uninitialized memory to be...

CVE-2023-53706

In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...

CVE-2023-53704

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

CVE-2023-53705

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6findtlv optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center...

CVE-2023-53703

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... 6.120512 UBSAN: shift-out-of-bounds in...

CVE-2023-53702

In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 "crypto: s390 - add crypto library interface for ChaCha20" added a library interface to the s390 specific ChaCha20 implementation. However no...

CVE-2023-53701

Removed by vendor...

CVE-2023-53700

In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286v4l2register There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks see /sys/kernel/debug/kmemleak unreferenced object...

CVE-2023-53699

In the Linux kernel, the following vulnerability has been resolved: riscv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from kernel image mapping. The regions arrays need to "reallocated" from memblock and accessed through linear mapping to cove...

CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2023-53696

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

CVE-2023-53697

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

CVE-2023-53695

In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kerne...

CVE-2023-53693

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in rawgadget driver Currently, increasing rawdev-count happens before invoke the rawqueueevent, if the rawqueueevent return error, invoke rawrelease will not trigger the devfree to be called...

CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

CVE-2022-50582

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is not integer timeremaining underflows and does not exit the loop as expected. As delay could be derived from DT and pollenabledtime is...

CVE-2023-53692

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...

CVE-2022-50581

In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in hfsbrecfind Syzbot reported a OOB read bug: ================================================================== BUG: KASAN: slab-out-of-bounds in hfsstrcmp+0x117/0x190 fs/hfs/string.c:84 Read of size 1 at addr...

CVE-2022-50580

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...

CVE-2022-50579

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module PLTs was broken by commit: a6253579977e4c6f "arm64: ftrace: consistently handle PLTs." When a module PLTs are used and a module is...

CVE-2022-50578

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...

CVE-2022-50577

In the Linux kernel, the following vulnerability has been resolved: ima: Fix memory leak in imainodehash Commit f3cc6b25dcc5 "ima: always measure and audit files in policy" lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint-imahash could have been...

CVE-2022-50576

In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it returns a pcidevice with its refcount increased. The caller must decrement the reference count by calling pcidevput. Since 'dmadev' is...

CVE-2022-50574

In the Linux kernel, the following vulnerability has been resolved: drm/omap: dss: Fix refcount leak bugs In dssinitports and dssuninitports, we should call ofnodeput for the reference returned by ofgraphgetportbyid in fail path or when it is not used anymore...

CVE-2022-50575

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than= MAXORDER, then kcalloc will fail, it creates a stack trace and messes up dmesg...

CVE-2022-50573

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix mt7915ratetxpowerget resource leaks Coverity message: variable "buf" going out of scope leaks the storage. Addresses-Coverity-ID: 1527799 "Resource leaks"...

CVE-2022-50572

In the Linux kernel, the following vulnerability has been resolved: ASoC: audio-graph-card: fix refcount leak of cpuep in graphforeachlink The ofgetnextchild returns a node with refcount incremented, and decrements the refcount of prev. So in the error path of the while loop, ofnodeput needs be...

CVE-2022-50571

In the Linux kernel, the following vulnerability has been resolved: btrfs: call btrfsremovefreespacecachelocked on cache load failure Now that lockdep is staying enabled through our entire CI runs I started seeing the following stack in generic/475 ------------ cut here ------------ WARNING: CPU:...