SUSE CVE-2023-54017

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname called in deviceadd is leaked. As comment of deviceadd says, it shoul...

SUSE CVE-2023-54018

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue as it may return NULL pointer and cause NULL pointer dereference in hdmihdcp.c and hdmihpd.c. Patchwork:...

SUSE CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

SUSE CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

SUSE CVE-2023-54021

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

SUSE CVE-2023-54022

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at allocmidiurbs that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking...

SUSE CVE-2023-54023

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465 ------------ cut here ------------...

SUSE CVE-2023-54024

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev does not destroy the targ...

SUSE CVE-2023-54025

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled In case WoWlan was never configured during the operation of the system, the hw-wiphy-wowlanconfig will be NULL. rsiconfigwowlan checks whether wowlanconfig is...

SUSE CVE-2023-54026

In the Linux kernel, the following vulnerability has been resolved: opp: Fix use-after-free in lazyopptables after probe deferral When devpmoppoffindiccpaths in allocateopptable returns -EPROBEDEFER, the opptable is freed again, to wait until all the interconnect paths are available. However, if...

SUSE CVE-2023-54027

In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent Commit 813665564b3d "iio: core: Convert to use firmware node handle instead of OF node" switched the kind of nodes to use for label retrieval in device registration...

SUSE CVE-2023-54028

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxecleanuptask" In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like rxeinittask are not setup until rxeqpinitreq. If an error...

SUSE CVE-2023-54029

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-54030

In the Linux kernel, the following vulnerability has been resolved: iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task...

SUSE CVE-2023-54031

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr...

SUSE CVE-2023-54032

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it, which is struct...

SUSE CVE-2023-54033

In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element on update before locking the target hash table bucket. Right after that the maps try to lock the bucket. If this fails,...

SUSE CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

SUSE CVE-2023-54035

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...

SUSE CVE-2023-54036

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory especially? when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H ca...

SUSE CVE-2023-54037

In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and config. Set...

SUSE CVE-2023-54038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

SUSE CVE-2023-54039

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...

SUSE CVE-2023-54040

In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if icevcfdirsetirqctx returns failure, the inserted fdir entry will not be removed and if icevcfdirwritefltr returns failure, the fdir context info for irq handler...

SUSE CVE-2023-54041

In the Linux kernel, the following vulnerability has been resolved: iouring: fix memory leak when removing provided buffers When removing provided buffers, iobuffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in...

SUSE CVE-2023-54042

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached...

SUSE CVE-2023-54043

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice The hwpt is added to the hwptlist only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the...

SUSE CVE-2023-54044

In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observ...

SUSE CVE-2023-54045

In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in auditinodechild Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIGKASAN=y && CONFIGPREEMPTION=n 2. auditc...

SUSE CVE-2023-54046

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify...

SUSE CVE-2023-54047

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...

SUSE CVE-2023-54048

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since...

SUSE CVE-2023-54049

In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup and return the error if it fails in order to avoid NULL pointer dereference...

SUSE CVE-2023-54050

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insertoldidx failed Following process will cause a memleak for copied up znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return ERRPTRerr; // No one...

SUSE CVE-2023-54051

In the Linux kernel, the following vulnerability has been resolved: net: do not allow gsosize to be set to GSOBYFRAGS One missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1 Do not allow gsosize to be set to GSOBYFRAGS 0xffff, because this magic value is used by the kernel....

SUSE CVE-2023-54052

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the probl...

SUSE CVE-2023-54053

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...

SUSE CVE-2023-54054

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-54055

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC objects. PBLEs objects...

SUSE CVE-2023-54056

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...

SUSE CVE-2023-54057

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

SUSE CVE-2023-54058

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Check if ffadriver remove is present before executing Currently ffadrv-remove is called unconditionally from ffadeviceremove. Since the driver registration doesn't check for it and allows it to be registered...

SUSE CVE-2023-54059

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset like when is booted via kexec, the peripheral might triger an IRQ before the data structures are initialised. 0.227710 Unable to handle kernel NU...

SUSE CVE-2023-54060

In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufdioas.mockdomain.accessdomaindestory would blow up rarely. end should be...

SUSE CVE-2023-54061

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-54062

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...

SUSE CVE-2023-54063

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task...

SUSE CVE-2023-54064

In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssifinfofind sets info-adaptername if the adapter info came from SMBIOS, as it's not set in that case. However, this function can be called more than once...

SUSE CVE-2023-54065

In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv-chipdata to void priv + sizeofpriv with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chipdata spac...

SUSE CVE-2023-54066

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...