SUSE CVE-2023-54265

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in ip6makeskb Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in archatomic64inc arch/x86/include/asm/atomic6464.h:88 inli...

SUSE CVE-2023-54266

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920xi2cxfer 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920xread call fail...

SUSE CVE-2023-54267

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppacasharedproc to avoid DEBUGPREEMPT lppacasharedproc takes a pointer to the lppaca which is typically accessed through getlppaca. With DEBUGPREEMPT enabled, this leads to checking if preemption is...

SUSE CVE-2023-54268

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

SUSE CVE-2023-54269

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprtctxt while still in use When an RPC request is deferred, the rqxprtctxt pointer is moved out of the svcrqst into the svcdeferredreq. When the deferred request is revisited, the pointer is copied into the n...

SUSE CVE-2023-54270

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by dosubmiturb. One of the KASan reports is shown below: 36.403605 BUG: KASAN: use-after-free in workerthread+0x4a2/0x890 36.406105 Read o...

SUSE CVE-2023-54271

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

SUSE CVE-2023-54272

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in niclear In a previous commit c1006bd13146, ni-mi.mrec in niwriteinode could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni-mi.mr...

SUSE CVE-2023-54273

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

SUSE CVE-2023-54274

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'madagent' pointer When unregistering MAD agent, srpt module has a non-null check for 'madagent' pointer before invoking ibunregistermadagent. This check can pass if 'madagent' variable holds an...

SUSE CVE-2023-54275

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11kpeerrxfragsetup cryptoallocshash allocates resources, which should be released by cryptofreeshash. When ath11kpeerfind fails, there has memory leak. Add missing cryptofreeshash to fix this...

SUSE CVE-2023-54276

In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...

SUSE CVE-2023-54277

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from...

SUSE CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

SUSE CVE-2023-54279

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

SUSE CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

SUSE CVE-2023-54281

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfsiget to get an inode reference while we are holding on a root's btree. If btrfsiget needs to lookup the...

SUSE CVE-2023-54282

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350...

SUSE CVE-2023-54283

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...

SUSE CVE-2023-54284

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...

SUSE CVE-2023-54285

In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomapwritedelallocscan folionextindex returns an unsigned long value which left shifted by PAGESHIFT could possibly cause an overflow on 32-bit system. Instead use folioposfolio +...

SUSE CVE-2023-54286

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the...

SUSE CVE-2023-54287

In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uartaddoneport has not executed, so there will be kernel panic: 0.795668 Unable to handle kernel NULL...

SUSE CVE-2023-54288

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211txdequeue there is a particular locking sequence: begin: spinlock&local-queuestopreasonlock; qstopped = local-queuestopreasonsq;...

SUSE CVE-2023-54289

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedfmain.c:3056 qedfallocglobalqueues warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return...

SUSE CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

SUSE CVE-2023-54292

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqpop while being updated in irdmacqpcehandler. Annotate lockless intent...

SUSE CVE-2023-54293

In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btreecachewait list damage We get a kernel crash about "listadd corruption. next-prev should be prev ffff9c801bc01210, but was ffff9c77b688237c. next=ffffae586d8afe68." crash struct listhead 0xffff9c801bc01210 struc...

SUSE CVE-2023-54294

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

SUSE CVE-2023-54295

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-boun...

SUSE CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

SUSE CVE-2023-54297

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix memory leak after finding block group with super blocks At excludesuperstripes, if we happen to find a block group that has super blocks mapped to it and we are on a zoned filesystem, we error out as this is not...

SUSE CVE-2023-54298

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just return. Trying to free "socdts" will lead to an Oops...

SUSE CVE-2023-54299

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the...

SUSE CVE-2023-54300

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

SUSE CVE-2023-54301

In the Linux kernel, the following vulnerability has been resolved: serial: 8250bcm7271: fix leak in brcmuartprobe Smatch reports: drivers/tty/serial/8250/8250bcm7271.c:1120 brcmuartprobe warn: 'baudmuxclk' from clkprepareenable not released on lines: 1032. The issue is fixed by using a managed...

SUSE CVE-2023-54302

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...

SUSE CVE-2023-54303

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpfperfeventoutput The nesting protection in bpfperfeventoutput relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However bpfperfeventoutput can be also called from uprobes...

SUSE CVE-2023-54304

In the Linux kernel, the following vulnerability has been resolved: firmware: mesonsm: fix to avoid potential NULL pointer dereference ofmatchdevice may fail and returns a NULL pointer. Fix this by checking the return value of ofmatchdevice...

SUSE CVE-2023-54305

In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access sroot while it is already set as NULL when umount is triggered. Refuse this request to avoid panic...

SUSE CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

SUSE CVE-2023-54307

In the Linux kernel, the following vulnerability has been resolved: ptpqoriq: fix memory leak in probe Smatch complains that: drivers/ptp/ptpqoriq.c ptpqoriqprobe warn: 'base' from ioremap not released. Fix this by revising the parameter from 'ptpqoriq-base' to 'base'. This is only a bug if...

SUSE CVE-2023-54308

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...

SUSE CVE-2023-54309

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueu...

SUSE CVE-2023-54310

In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlanremove due to race condition mptlanprobe calls mptregisterlandevice which initializes the &priv-postbucketstask workqueue. A call to mptlanwakepostbucketstask will subsequent...

SUSE CVE-2023-54311

In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock when converting an inline directory in nojournal mode In no journal mode, ext4finishconvertinlinedir can self-deadlock by calling ext4handledirtydirblock when it already has taken the directory lock. There is a...

SUSE CVE-2023-54312

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...

SUSE CVE-2023-54313

In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlgetaclrcu Following process: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck checkacl getcachedaclrcu ovlgetinodeacl realinode =...

SUSE CVE-2023-54314

In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach af9005i2cxfer. If...

SUSE CVE-2023-54315

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/sriov: perform null check on iov before dereferencing iov Currently pointer iov is being dereferenced before the null check of iov which can lead to null pointer dereference errors. Fix this by moving the iov null...