SUSE CVE-2023-53792

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...

SUSE CVE-2023-53793

In the Linux kernel, the following vulnerability has been resolved: perf tool x86: Fix perfenv memory leak Found by leak sanitizer: ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 bytes in 1 objects allocated from: 0 0x7f2953a7077b in interceptorstrdup...

SUSE CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

SUSE CVE-2023-53795

In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increase the refcount syzkaller found a race where IOMMUFDDESTROY increments the refcount: obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj;...

SUSE CVE-2023-53796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by...

SUSE CVE-2023-53797

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: Use ktimet rather than int when dealing with timestamps Code which interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not offer enough space to store these...

SUSE CVE-2023-53798

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

SUSE CVE-2023-53799

In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the...

SUSE CVE-2023-53800

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubiebacopytable+0x11f/0x1c...

SUSE CVE-2023-53801

In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed...

SUSE CVE-2023-53802

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback function. However, the skb is not freed in...

SUSE CVE-2023-53803

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN: slab-out-of-bounds in sesenclosuredataprocess+0x949/0xe30 ses Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after a...

SUSE CVE-2023-53804

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2, nothing holds nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since nilfsevictinode uses...

SUSE CVE-2023-53805

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-53806

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe Why System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. How When the driver populates...

SUSE CVE-2023-53807

In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clkwzrdregisterdivider Smatch detected this potential error pointer dereference clkwzrdregisterdivider. If devmclkhwregister fails then it sets "hw" to an error pointer and then dereferences it o...

SUSE CVE-2023-53808

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from 'mwifiexhistogramread'...

SUSE CVE-2023-53809

In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tptunnelregister. This situation is reproduced b...

SUSE CVE-2023-53810

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

SUSE CVE-2023-53811

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a warning...

SUSE CVE-2023-53812

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pmruntimedisable when the architecture support sub device for 'dev-pm.dev' is NUll, or will get below crash log. 10.771551 pc : rawspinlockirq+0x4c/0xa0 10.771556 l...

SUSE CVE-2023-53813

In the Linux kernel, the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4mbusepreallocated During allocations, while looking for preallocationsPA in the per inode rbtree, we can't do a direct traversal of the tree because ext4mbdiscardgrouppreallocation can...

SUSE CVE-2023-53814

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: 1 new suspected memory leaks see /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 size 64: comm...

SUSE CVE-2023-53815

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers...

SUSE CVE-2023-53816

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...

SUSE CVE-2023-53817

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn...

SUSE CVE-2023-53818

In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynqearlyslcrinit offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on error path. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2023-53819

In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in amdgpuvmupdaterange when offsetinbo+mapsize overflows. v2: keep the validations in amdgpuvmbomap v3: add the validations to...

SUSE CVE-2023-53820

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

SUSE CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

SUSE CVE-2023-53822

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...

SUSE CVE-2023-53823

In the Linux kernel, the following vulnerability has been resolved: block/rqqos: protect rqqos apis with a new lock commit 50e34d78815e "block: disable the elevator int delgendisk" move rqqosexit from diskrelease to delgendisk, this will introduce some problems: 1 If rqqosadd is triggered by...

SUSE CVE-2023-53824

In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race in netlinkrecvmsg 1 Indeed, netlinkrecvmsg can be run concurrently, and netlinkdump also needs protection. 1 BUG: KCSAN: data-race ...

SUSE CVE-2023-53825

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...

SUSE CVE-2023-53826

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblkcountseqshow Wear-leveling entry could be freed in error path, which may be accessed again in eraseblkcountseqshow, for example: eraseworker eraseblkcountseqshow wl =...

SUSE CVE-2023-53827

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...

SUSE CVE-2023-53828

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports use-after-free in hciaddadvmonitor. While adding an adv monitor, hciaddadvmonitor calls - msftaddmonitorpattern calls - msftaddmonitorsync calls -...

SUSE CVE-2023-53829

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2fs f2fsabortatomicwrite+0xc4/0xf0...

SUSE CVE-2023-53830

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...

SUSE CVE-2023-53831

In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...

SUSE CVE-2023-53832

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10syncrequest initresync inits mempool and sets conf-havereplacemnt at the beginning of sync, closesync frees the mempool when sync is completed. After 1 recovery might be skipped and initresy...

SUSE CVE-2023-53833

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL ptr deref by checking newcrtcstate intelatomicgetnewcrtcstate can return NULL, unless crtc state wasn't obtained previously with intelatomicgetcrtcstate, so we must check it for NULLness here, just as in many...

SUSE CVE-2023-53834

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings:...

SUSE CVE-2023-53835

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-53836

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the skpsockbacklog can be referenced after userspace side has already skbconsumed the skbuff and its refcnt dropped to zer0 causing use afte...

SUSE CVE-2023-53837

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on snapshot tear down In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Patchwork:...

SUSE CVE-2023-53838

In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inode to be re-usable thoroughout the whole atomic file inode lifetime...

SUSE CVE-2023-53839

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

SUSE CVE-2023-53840

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbcbulkwrite fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbctrace is called. Reserve an extra byte,...

SUSE CVE-2023-53841

In the Linux kernel, the following vulnerability has been resolved: devlink: report devlinkporttypewarn source device devlinkporttypewarn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device driver has no devlink port...