CVE-2023-53601

In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...

CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to initialise areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will...

CVE-2023-53600

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ipcomputecsum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by...

CVE-2023-53598

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...

CVE-2023-53597

In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection. But we do not return the mi...

CVE-2023-53595

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred. This patch fixes those crashes by using correct order of teardown 3324.4069...

CVE-2023-53596

In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devresreleaseall only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices...

CVE-2023-53594

In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will call cleanupgluedir to free resource. But in kobjectadd, dev-kobj.parent has been set to NULL. This will cause resource leak. The...

CVE-2023-53592

In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifivegpioprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2023-53593

In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is called, the call contract is that the callee should unlock the page. This is documented in the readfolio section of...

CVE-2023-53591

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

CVE-2023-53589

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be, we might copy far too much uninitialized memory and even crash if t...

CVE-2023-53590

In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctpstreampriorities to avoid a nested loop With this refcnt added in sctpstreampriorities, we don't need to traverse all streams to check if the prio is used by other streams when freeing one stream's prio ...

CVE-2023-53588

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't eve...

CVE-2023-53587

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible maybe not in a real system, but it did happen in ARCH=um with time-travel to destroy the...

CVE-2023-53586

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 "target: Delete tmr from list before...

CVE-2023-53585

In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. The function therefore needs to make...

CVE-2023-53584

In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifsreleasepage: Remove ubifsassert0 to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifsreleasepage which means there exist...

CVE-2023-53583

In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERFHESSTOPPED flag checking in riscvpmustart Since commit 096b52fd2bb4 "perf: RISC-V: throttle perf events" the perfsampleeventtook function was added to report time spent in overflow interrupts. If the...

CVE-2023-53582

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...

CVE-2023-53580

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...

CVE-2023-53581

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOTREADY flag state after locking Currently the check for NOTREADY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from...

CVE-2022-50508

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0phygettargetpower After 'commit ba45841ca5eb "wifi: mt76: mt76x02: simplify struct mt76x02ratepower"', mt76x02 relies on ht0-7 ratepower data for vht mcs0,7, while it uses vth0-1...

CVE-2022-50507

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...

CVE-2022-50505

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling...

CVE-2022-50506

In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb drbd: set -bibdev in drbdreqnew moved a biosetdev call which has since been removed to "earlier", from drbdrequestprepare to drbdreqnew. The problem is that th...

CVE-2022-50504

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtasosterm It's unsafe to use rtasbusydelay to handle a busy status from the ibm,os-term RTAS function in rtasosterm: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG:...

CVE-2022-50503

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrange invoked, if platformgetresource returns NULL...

CVE-2022-50502

Removed by vendor...

CVE-2022-50501

In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcodairamalloc As the codairamalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others...

CVE-2022-50499

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, dvb-entity is allocated and initialized. If the initialization fails, it frees the dvb-entity, a...

CVE-2022-50500

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed If some items in nsimdevresourcesregister fail, memory leak will occur. The following is the memory leak information. unreferenced object...

CVE-2022-50498

In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnllock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c 2891 RIP: 0010:netifsetrealnumtxqueues+0x1ac/0x1c0 Call Trace: alxopen+0x230/0x570 alx...

CVE-2022-50497

In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: fix shift-out-of-bounds in checkspecialflags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: dumpstack lib/dumpstack.c:88 inline...

CVE-2022-50496

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...

CVE-2022-50495

Removed by vendor...

CVE-2022-50494

In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offline and intelpowerclamp is used to inject idle, it generates kernel BUG: BUG: using smpprocessorid in preemptible 00000000 code:...

CVE-2022-50492

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down e.g. after a second late...

CVE-2022-50493

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...

CVE-2022-50491

In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in ctidisablehw ctienablehw and ctidisablehw are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852...

CVE-2022-50490

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In htabmaplookupanddeletebatch if htablockbucket returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but...

CVE-2022-50489

In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipidsihostunregister loops over every device currently found on that bus and will unregister it. However, it doesn't...

CVE-2022-50488

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

CVE-2023-53579

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action...

CVE-2023-53578

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...

CVE-2023-53577

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ------------ cut here ------------ WARNING: CPU: 4 PID: ...

CVE-2023-53576

In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in the nullvalidateconf and return error for NULLQRQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is...

CVE-2023-53575

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...

CVE-2023-53574

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtwcoredeinit', shrink critical section in the latter by freeing...

CVE-2023-53572

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use listforeachentrysafe. Otherwise it dereferences a freed variable to get the next item on the loop...