CVE-2023-53650

In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcdmipid: Fix an error handling path in mipidspiprobe If 'mipiddetect' fails, we must free 'md' to avoid a memory leak...

CVE-2023-53651

In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops...

CVE-2023-53649

In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel-priv area In 3cb4d5e00e037c70 "perf trace: Free syscall tp fields in evsel-priv" it only was freeing if strcmpevsel-tpformat-system, "syscalls" returned zero, while the corresponding initializati...

CVE-2023-53647

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root obje...

CVE-2023-53648

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error: sound/pci/ac97/ac97codec.c:2354 sndac97mixer error: we previously assumed 'rac97' could be null see line 2072 remove redundant assignment, return error if...

CVE-2023-53646

In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: add sentinel to xehpoabcounters Arrays passed to reginrangetable should end with empty record. The patch solves KASAN detected bug with signature: BUG: KASAN: global-out-of-bounds in...

CVE-2023-53644

In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------ cut here ------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 3271 at...

CVE-2023-53645

In the Linux kernel, the following vulnerability has been resolved: bpf: Make bpfrefcountacquire fallible for non-owning refs This patch fixes an incorrect assumption made in the original bpfrefcount series 0, specifically that the BPF program calling bpfrefcountacquire on some node can always...

CVE-2023-53643

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname...

CVE-2023-53641

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of remainskbs hifdev-remainskb is allocated and used exclusively in ath9khifusbrxstream. It is implied that an allocated remainskb is processed and subsequently freed in error paths only durin...

CVE-2023-53642

In the Linux kernel, the following vulnerability has been resolved: x86: fix clearuserrepgood exception handling annotation This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 "x86: don't use REPGOOD or ERMS for user memory clearing" upstream. However, rather tha...

CVE-2023-53640

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN useafterfree out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcacheflatread" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bound...

CVE-2023-53639

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

CVE-2023-53637

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov772x: Fix memleak in ov772xprobe A memory leak was reported when testing ov772x with bpf mock device: AssertionError: unreferenced object 0xffff888109afa7a8 size 8: comm "python3", pid 279, jiffies 4294805921 age...

CVE-2023-53638

In the Linux kernel, the following vulnerability has been resolved: octeonep: cancel queued works in probe error path If it fails to get the devices's MAC address, octepprobe exits while leaving the delayed work intrpolltask queued. When the work later runs, it's a use after free. Move the...

CVE-2023-53636

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab "peci: cpu: Fix use-after-free in adevrelease", the auxiliary device is not torn down in the correct order. If auxiliarydeviceadd fails,...

CVE-2023-53634

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPFTRAMPFCALLORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the...

CVE-2023-53635

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...

CVE-2023-53633

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in mapuserpages If getuserpagesfast allocates some pages but not as many as we wanted, then the current code leaks those pages. Call putpage on the pages before returning...

CVE-2023-53631

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to dispose it accordingly. Use kobjectput to dispose the...

CVE-2023-53632

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdpsetfeatures Hold RTNL lock when calling xdpsetfeatures with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep ...

CVE-2023-53630

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batchlastindex should use 'startindex' since at input to this function the batch is either empty or it has already been adjusted to...

CVE-2023-53628

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfxv110cpeccerrorirqfuncs The gfx.cpeccerrorirq is retired in gfx11. In gfxv110hwfini still use amdgpuirqput to disable this interrupt, which caused the call trace in this function. 102.873958 Call Trace:...

CVE-2023-53629

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the following KASAN use-after-free warning: 151.760477...

CVE-2023-53627

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

CVE-2023-53626

In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory...

CVE-2023-53625

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when destroying vgpu, e.g in remove case drm minor's debugfs root might already be destroyed, which led to kernel oops like below. Console:...

CVE-2023-53624

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of "credit" if schfq is configured with "initial quantum" having values greater than INTMAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this...

CVE-2023-53623

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available list, which can lead to memory...

CVE-2023-53622

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct gfs2tune are accessed without holding the lock gtspin in gfs2showoptions: val = sdp-sdtune.gtlogdsecs; if val != 30 seqprintfs,...

CVE-2023-53621

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, ther...

CVE-2023-53620

In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in statusresync statusresync will calculate 'currresync - recoveryactive' to show user a progress bar like following: ============........ resync = 61.4% 'currresync' and 'recoveryactive' is updated in mddosyn...

CVE-2023-53619

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nfcthelperhash uses after free If nfconntrackinitstart fails for example due to a registernfconntrackbpf failure, the nfconntrackhelperfini clean-up path frees the nfcthelperhash map. When built with...

CVE-2023-53618

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...

CVE-2023-53617

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree in the later error handling in order to avoid memory leak...

CVE-2022-50533

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either apmldaddr or link 0 BSS is valid, since we clear sdata-vif.validlink...

CVE-2022-50534

In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's pmd-root when commit failed Recently we found a softlock up problem in dm thin pool btree lookup code due to corrupted metadata: Kernel panic - not syncing: softlockup: hung tasks CPU: 7 PID: 26692...

CVE-2022-50532

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd, if sasrphyadd returns error, sasrphyfree needs be called to free the resource allocated in sasenddevicealloc. Otherwise a kernel...

CVE-2022-50531

In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipctopsrvkernsubscr Use a 8-byte write to initialize sub.usrhandle in tipctopsrvkernsubscr, otherwise four bytes remain uninitialized when issuing setsockopt..., SOLTIPC, .... This resulted in an...

CVE-2022-50530

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...

CVE-2022-50529

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fix memory leak in testfirmwareinit When miscregister failed in testfirmwareinit, the memory pointed by testfwconfig-name is not released. The memory leak information is as follows: unreferenced object...

CVE-2022-50527

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains v4 Fix amdgpubovalidatesize to check whether the TTM domain manager for the requested memory exists, else we get a kernel oops when dereferencing "man". v2: Make the patch...

CVE-2022-50528

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in gpuvmimportdmabuf function...

CVE-2022-50526

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...

CVE-2022-50525

In the Linux kernel, the following vulnerability has been resolved: iommu/fslpamu: Fix resource leak in fslpamuprobe The fslpamuprobe returns directly when createcsd failed, leaving irq and memories unreleased. Fix by jumping to error if createcsd returns error...

CVE-2022-50524

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check return value after calling platformgetresource platformgetresource may return NULL pointer, we need check its return value to avoid null-ptr-deref in resourcesize...

CVE-2022-50523

In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchipclkregisterpll If clkregister fails, @pll-ratetable may have allocated memory by kmemdup, so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it...

CVE-2022-50521

In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...

CVE-2022-50522

In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...

CVE-2022-50520

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeonatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...