59514 matches found
CVE-2023-53687
In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fix a memory leak in s3c24xxserialgetclk when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a...
CVE-2023-53685
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2023-53686
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
CVE-2023-53684
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...
CVE-2023-53682
In the Linux kernel, the following vulnerability has been resolved: hwmon: xgene Fix ioremap and memremap leak Smatch reports: drivers/hwmon/xgene-hwmon.c:757 xgenehwmonprobe warn: 'ctx-pcccommaddr' from ioremap not released on line: 757. This is because in drivers/hwmon/xgene-hwmon.c:701...
CVE-2023-53683
In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARNON from hfspluscatread,writeinode syzbot is hitting WARNON in hfspluscatread,writeinode, for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel ...
CVE-2023-53681
In the Linux kernel, the following vulnerability has been resolved: bcache: Fix bchbtreenodealloc to make the failure behavior consistent In some specific situations, the return value of bchbtreenodealloc may be NULL. This may lead to a potential NULL pointer dereference in caller function like a...
CVE-2023-53680
In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL OPDESC simply indexes into nfsd4ops by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds...
CVE-2023-53678
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platforms without display - suspending fbdev should be skipped during system suspend, fix this up. While at...
CVE-2023-53679
In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...
CVE-2023-53677
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix memory leaks in i915 selftests This patch fixes memory leaks on error escapes in function fakegetpages cherry picked from commit 8bfbdadce85c4c51689da10f39c805a7106d4567...
CVE-2023-53676
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function liotargetnaclinfoshow uses sprintf in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With...
CVE-2023-53675
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds accesses in sesenclosuredataprocess...
CVE-2023-53674
In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devmclknotifierregister devmclknotifierregister allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocat...
CVE-2023-53673
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: call disconnect callback before deleting conn In hcicsdisconnect, we do hciconndel even if disconnection failed. ISO, L2CAP and SCO connections refer to the hciconn without hciconnget, so disconncfm must be...
CVE-2023-53671
In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCUSIZESMALL Commit 994f706872e6 "srcu: Make Tree SRCU able to operate without snpnode array" assumes that cpu 0 is always online. However, there really are situations when some other...
CVE-2023-53672
In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several warning triggered inside lookupinlineextentbackref. CAUSE As usual, the reproducer doesn't reliably trigger locally here, but at...
CVE-2023-53670
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...
CVE-2023-53669
In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...
CVE-2023-53668
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading tracepipe Soft lockup occurs when reading file 'tracepipe': watchdog: BUG: soft lockup - CPU6 stuck for 22s! cat:4488 ... RIP: 0010:ringbufferemptycpu+0xed/0x170 RSP: 0018:ffff88810dd6fc...
CVE-2023-53667
In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This is then use...
CVE-2023-53666
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix missing mbhc init error handling MBHC initialisation can fail so add the missing error handling to avoid dereferencing an error pointer when later configuring the jack: Unable to handle kernel paging...
CVE-2023-53664
In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...
CVE-2023-53665
In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after exportrdev Except for initial reference, mddev-kobject is referenced by rdev-kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be use...
CVE-2023-53663
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSRAMD64TSCRATIO has diverged from KVM's...
CVE-2023-53662
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4fnamesetupfilename,preparelookup If the filename casefolding fails, we'll be leaking memory from the fscryptname struct, namely from the 'cryptobuf.name' member. Make sure we free it in the error pat...
CVE-2023-53661
In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxtgetnvramdirectory The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplicati...
CVE-2023-53660
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptrring The following warning was reported when running xdpredirectcpu with both skb-mode and stress-mode enabled: ------------ cut here ------------ Incorrect XDP memory type...
CVE-2023-53659
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavfremove, and waiting reset done would be timeout, then returned with error but changed numactivequeues directly, that will lead to OOB...
CVE-2023-53658
In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hifmspi nor mspi is available If neither a "hifmspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything...
CVE-2023-53657
In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that iceeswitchportstartxmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if...
CVE-2023-53656
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown The driver needs to migrate the perf context if the current using CPU going to teardown. By the time calling the cpuhp::teardown callback the cpuonlinemask hasn'...
CVE-2022-50555
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipctopsrvaccept syzbot found a crash in tipctopsrvaccept: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f Workqueue: tipcrcv tipctopsrvaccept RIP: 0010:kernelaccept+0x22d/0x350...
CVE-2023-53655
In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on rcuirqenterchecktick can cause kernel stack overflow as shown below. This issue can be reproduced by enabling CONFIGNOHZFULL and bootin...
CVE-2022-50554
In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...
CVE-2022-50552
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...
CVE-2022-50553
In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event with many params and then create a trace action for it 1, kernel panic happened 2. It is because that in traceactioncreate...
CVE-2022-50551
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmffwallocrequest This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BITchiprev when a 'chiprev' provided by the device is too large. It should also not be equ...
CVE-2022-50549
In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent processes: P1drop cache P2kworker dropcachessysctlhandler dropslab shrinkslab downread&shrinkerrwsem - LOCK A doshrinkslab supercachescan...
CVE-2022-50550
In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of minor device numbers specified, blkcginitdisk is called during init...
CVE-2022-50548
In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846parsedt If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by...
CVE-2022-50547
In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solosysfsinit If deviceregister returns error in solosysfsinit, the name allocated by devsetname need be freed. As comment of deviceregister says, it should use putdevice to give up th...
CVE-2022-50545
In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 size 2048: comm "modprobe", pid 817, jiffies 4294759745 age 76.502s hex dump first 32 bytes: 00 c4 0a 04...
CVE-2022-50546
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value in ext4evictinode+0xdd/0x26b0 fs/ext4/inode.c:180...
CVE-2022-50544
In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with xhciallocstreamctx. When some error occurs, streaminfo-streamctxarray is not...
CVE-2022-50543
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr-map double free rxemrcleanup which tries to free mr-map again will be called when rxemrinituser fails: CPU: 0 PID: 4917 Comm: rdmaflushserv Kdump: loaded Not tainted 6.1.0-rc1-roce-flush+ 25 Hardware name: QEMU...
CVE-2022-50542
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported use-after-free in si470xintincallback 1. This indicates that urb-context, which contains struct si470xdevice object, is freed when si470xintincallback is...
CVE-2022-50541
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...
CVE-2022-50539
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4sraminit, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...
CVE-2022-50540
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig Fix broken slaveconfig function that uncorrectly compare the peripheralsize with the size of the config pointer instead of the size of the config struct. This cause the...