SUSE CVE-2023-54162

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible memory leak in smb2lock argv needs to be free when setupasyncwork fails or when the current process is woken up...

SUSE CVE-2023-54164

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix isoconn related locking and validity issues sk-skstate indicates whether isopisk-conn is valid. Operations that check/update skstate and access conn should hold locksock, otherwise they can race. The order of...

SUSE CVE-2023-54165

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

SUSE CVE-2023-54166

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

SUSE CVE-2023-54167

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

SUSE CVE-2023-54168

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using checkshloverflow in the same way that it was done in commit 515f60004ed9 "RDMA/hn...

SUSE CVE-2023-54169

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5eptpopen When kvzallocnode or kvzalloc failed in mlx5eptpopen, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the array in the error path...

SUSE CVE-2023-54170

In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assocarray When making a DNS query inside the kernel using dnsquery, the request code can in rare cases end up creating a duplicate index key in the assocarray of the destination...

SUSE CVE-2023-54171

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter-temp when reading tracepipe kmemleak reports: unreferenced object 0xffff88814d14e200 size 256: comm "cat", pid 336, jiffies 4294871818 age 779.490s hex dump first 32 bytes: 04 00 01 03 00 00 00 00...

SUSE CVE-2023-54172

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current versions of Hyper-...

SUSE CVE-2023-54173

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpfeventoutput We received report 1 of kernel crash, which is caused by using nesting protection without disabled preemption. The bpfeventoutput can be called by programs executed by bpfprogrunarraycg...

SUSE CVE-2023-54174

In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group-iommufd group-iommufd is not initialized for the iommufdctxput 20018.331541 BUG: kernel NULL pointer dereference, address: 0000000000000000 20018.377508 RIP:...

SUSE CVE-2023-54175

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path wher...

SUSE CVE-2023-54176

In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect // incoming reset + fastclose // the mptcp worker is...

SUSE CVE-2023-54177

In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquotdisable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted...

SUSE CVE-2023-54178

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix null pointer dereferencing in ofunittestfindnodebyname when kmalloc fail to allocate memory in kasprintf, name or fullname will be NULL, strcmp will cause null pointer dereference...

SUSE CVE-2023-54179

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 may use index values 16..19. Use snprintf instead of sprintf...

SUSE CVE-2023-54180

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...

SUSE CVE-2023-54181

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allowptrleaks After we converted the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. Because it failed the bpf verifier, a...

SUSE CVE-2023-54182

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check readonly condition correctly With below case, it can mount multi-device image w/ rw option, however one of secondary device is set as ro, later update will cause panic, so let's introduce f2fsdevisreadonly, and...

SUSE CVE-2023-54183

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...

SUSE CVE-2023-54184

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for...

SUSE CVE-2023-54185

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUGON's in addnewfreespace At addnewfreespace we have these BUGON's that are there to deal with any failure to add free space to the in memory free space cache. Such failures are mostly -ENOMEM that should be very...

SUSE CVE-2023-54186

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pinassignmentshow This patch fixes negative indexing of buf array in pinassignmentshow when getcurrentpinassignments returns 0 i.e. no compatible pin assignments are found. BUG: KASAN:...

SUSE CVE-2023-54187

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential corruption when moving a directory F2FS has the same issue in ext4rename causing crash revealed by xfstests/generic/707. See also commit 0813299c586b "ext4: Fix possible corruption when moving a directory"...

SUSE CVE-2023-54188

In the Linux kernel, the following vulnerability has been resolved: dmaengine: apple-admac: Fix 'currenttx' not getting freed In terminateall we should queue up all submitted descriptors to be freed. We do that for the content of the 'issued' and 'submitted' lists, but the 'currenttx' descriptor...

SUSE CVE-2023-54189

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Add check for kstrdup Add check for the return value of kstrdup and return the error if it fails in order to avoid NULL pointer dereference...

SUSE CVE-2023-54190

In the Linux kernel, the following vulnerability has been resolved: leds: led-core: Fix refcount leak in ofledget classfinddevicebyofnode calls classfinddevice, it will take the reference, use the putdevice to drop the reference when not need anymore...

SUSE CVE-2023-54191

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix memory leak in mt7996mcuexit Always purge mcu skb queues in mt7996mcuexit routine even if mt7996firmwarestate fails...

SUSE CVE-2023-54192

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null pointer panic in tracepoint in replaceatomicwriteblock We got a kernel panic if oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: kernel NULL pointer dereference, address: 0000000000000000 Cal...

SUSE CVE-2023-54193

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...

SUSE CVE-2023-54194

In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmallocarray/kvfree instead of kmallocarray/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmallocarray due to system memory fragmentation, while t...

SUSE CVE-2023-54195

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

SUSE CVE-2023-54196

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL pointer dereference in 'niwriteinode' Syzbot found the following issue: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000016 Mem abort info: ESR = 0x0000000096000006 EC = 0x25:...

SUSE CVE-2023-54197

In the Linux kernel, the following vulnerability has been resolved: Revert "Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work" This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f. This patch introduces a possible null-ptr-def problem. Revert it. And the fix...

SUSE CVE-2023-54198

In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in ttydriverlookuptty When specifying an invalid console= device like console=tty3270, ttydriverlookuptty returns the tty struct without checking whether index is a valid number. To reproduce:...

SUSE CVE-2023-54199

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix null ptr access in adrenogpucleanup Fix the below kernel panic due to null pointer access: 18.504431 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 18.513464 Mem abort inf...

SUSE CVE-2023-54200

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: always release netdev hooks from notifier This reverts "netfilter: nftables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will...

SUSE CVE-2023-54201

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

SUSE CVE-2023-54202

In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915perfaddconfigioctl Userspace can guess the id value and try to race oaconfig object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking t...

SUSE CVE-2023-54203

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...

SUSE CVE-2023-54204

In the Linux kernel, the following vulnerability has been resolved: mmc: sunplus: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, 1. the memory allocated in mmcallochost will be leaked 2. null-ptr-deref will happen when calling mmcremovehost in...

SUSE CVE-2023-54205

In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: Fix refcount leak in stm32pctrlgetirqdomain ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2023-54206

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr initialization too early in flchange which allows concurrent users to access the filter that is still being initialized and is in inconsistent state,...

SUSE CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

SUSE CVE-2023-54208

In the Linux kernel, the following vulnerability has been resolved: media: ov5675: Fix memleak in ov5675initcontrols There is a kmemleak when testing the media/i2c/ov5675.c with bpf mock device: AssertionError: unreferenced object 0xffff888107362160 size 16: comm "python3", pid 277, jiffies...

SUSE CVE-2023-54209

In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b "block: remove per-disk debugfs files in blkunregisterqueue" moves blktraceshutdown from blkreleasequeue to blkunregisterqueue, this is safe if blktrace is created...

SUSE CVE-2023-54210

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

SUSE CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in tracebufferedeventdisable Warning happened in tracebufferedeventdisable at WARNONONCE!tracebufferedeventref Call Trace: ? warn+0xa5/0x1b0 ? tracebufferedeventdisable+0x189/0x1b0...

SUSE CVE-2023-54213

In the Linux kernel, the following vulnerability has been resolved: USB: sisusbvga: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver: ------------ cut here ------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 26 at...