CVE-2023-53573

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume Disabling the cache in commit 2ff4ba9e3702 "clk: rs9: Fix I2C accessors" without removing cache synchronization in resume path results in a kernel panic as map-cacheops is unset, due to REGCACHENONE...

CVE-2023-53571

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intelgetcrtcnewencoder less oopsy The point of the WARN was to print something, not oops straight up. Currently that is precisely what happens if we can't find the connector for the crtc in the atomic state. Get th...

CVE-2023-53570

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211parsembssidelems nl80211parsembssidelems uses a u8 variable numelems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an integer overflo...

CVE-2023-53568

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if devsetname fails When devsetname fails, zcdncreate doesn't free the newly allocated resources. Do it...

CVE-2023-53569

In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior...

CVE-2023-53567

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...

CVE-2023-53566

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix null deref on element insertion There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEM...

CVE-2023-53565

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe id argument being NULL The probe id argument may be NULL in 2 scenarios: 1. brcmfpciepmleaveD3 calling brcmfpcieprobe to reprobe the device. 2. If a user tries to manually bind the driver from sysf...

CVE-2023-53564

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2ioctlmoveextents ocfs2moveextents ocfs2defragextent ocfs2moveextent + ocfs2journalaccessdi + ocfs2splitextent //sub-paths call jbd2journalrestart + ocfs2journaldirty...

CVE-2023-53563

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amdpstateutcheckperf and amdpstateutcheckfreq use cpufreqcpuget to get the policy of the CPU and mark it as busy. In these...

CVE-2023-53562

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind errors Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Patchwork: https://patchwork.freedesktop.org/patch/525094/...

CVE-2023-53561

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipcimemwwanchannelinit fai...

CVE-2023-53560

In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables are added for trigg...

CVE-2023-53559

In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...

CVE-2023-53558

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid prinfo with spin lock in cblistinitgeneric prinfo is called with rtp-cbsgbllock spin lock locked. Because prinfo calls printk that might sleep, this will result in BUG like below: 0.206455 cblistinitgeneric:...

CVE-2023-53557

In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftraceops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 1 PREEMPT SMP...

CVE-2023-53556

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...

CVE-2023-53555

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damofilter-list from damosnewfilter damosnewfilter is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calli...

CVE-2023-53553

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from...

CVE-2023-53554

In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...

CVE-2023-53552

In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across different proceses. To counter-act t...

CVE-2023-53551

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Add null pointer check in gserialresume Consider a case where gserialdisconnect has already cleared gser-ioport. And if a wakeup interrupt triggers afterwards, gserialresume gets called, which will lead to...

CVE-2023-53550

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec "cpufreq: amd-pstate: move to use busgetdevroot" the "amdpstate" attributes where moved from a dedicated kobject to the cpu root kobject. While the...

CVE-2023-53549

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of time and can result in soft lockup errors. The patch...

CVE-2023-53548

In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504...

CVE-2023-53546

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5drcmdcreatereformatctx when mlx5cmdexec failed in mlx5drcmdcreatereformatctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5cmdexec...

CVE-2023-53547

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini error Fix sdma v4 sw fini error for sdma 4.2.2 to solve the following general protection fault +0.108196 general protection fault, probably for non-canonical address 0xd5e5a4ae79d24a32: 0000 1...

CVE-2023-53545

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csava properly Root PD BO should be reserved before unmap and remove a bova from VM otherwise lockdep will complain. v2: check fpriv-csava is not NULL instead of amdgpumcbp christian 14616.936827...

CVE-2023-53543

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointe...

CVE-2023-53544

In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufrequnregisterdriver. If one of the cpufreq callbacks is called just before cpufrequnregisterdriver is run, the freed clks...

CVE-2023-53542

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver adding support for Exynos5420 MIPI phy back in 2016 wasn't used on Exynos5420, which caused a kernel panic. Add the proper compatible...

CVE-2023-53540

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later...

CVE-2023-53541

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length is not in multiple of words, the oob write function does out-of-bounds read on the oob source buffer at the last iteration. Fix th...

CVE-2023-53539

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxerequester If a send packet is dropped by the IP layer in rxerequester the call to rxexmitpacket can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state...

CVE-2023-53538

In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in pushnodeleft There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following trace: 530.569 BTRFS critical device sda3: unable to find...

CVE-2023-53537

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folioendwriteback+0x8a/0x90 Call Trace: endpagewriteback+0x1c/0x60 f2fswriteendio+0x199/0x420...

CVE-2023-53536

In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blkcryptoevictkey more robust If blkcryptoevictkey sees that the key is still in-use due to a bug or that -keyslotevict failed, it currently just returns while leaving the key linked into the keyslot management...

CVE-2023-53535

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid...

CVE-2023-53534

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtkdrmcrtc: Add checks for devmkcalloc As the devmkcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference...

CVE-2023-53533

In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpitsprobe rpifirmwareget take reference, we need to release it in error paths as well. Use devmrpifirmwareget helper to handling the resources. Also remove the existing rpifirmwareput...

CVE-2022-50487

Removed by vendor...

CVE-2022-50485

In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4IGETBAD flag to prevent unexpected bad inode There are many places that will get unhappy and crash when ext4iget returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, becaus...

CVE-2022-50486

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcpndostartxmit With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

CVE-2022-50484

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at th...

CVE-2022-50482

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was seen with a kernel prior to commit ee2653bbe89d "iommu/vt-d: Remove domain and devinfo mempool" when there was a failure in initdmars,...

CVE-2022-50483

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of 2 refcount values on its page. We are the owner of...

CVE-2022-50481

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in cxlregisterafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-dere...

CVE-2022-50479

In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak clksrc when function run into last return NULL. s/free/kfree/ - Alex...

CVE-2022-50480

In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnode needs a corresponding ofnodeput when the reference 'child' is not used anymore. Here we do not need to call ofnodeput in fail path...

CVE-2022-50478

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug...