59855 matches found
SUSE CVE-2023-54030
In the Linux kernel, the following vulnerability has been resolved: iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task...
SUSE CVE-2023-54031
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr...
SUSE CVE-2023-54032
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it, which is struct...
SUSE CVE-2023-54033
In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element on update before locking the target hash table bucket. Right after that the maps try to lock the bucket. If this fails,...
SUSE CVE-2023-54034
In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...
SUSE CVE-2023-54035
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...
SUSE CVE-2023-54036
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory especially? when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H ca...
SUSE CVE-2023-54037
In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and config. Set...
SUSE CVE-2023-54038
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...
SUSE CVE-2023-54039
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...
SUSE CVE-2023-54040
In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if icevcfdirsetirqctx returns failure, the inserted fdir entry will not be removed and if icevcfdirwritefltr returns failure, the fdir context info for irq handler...
SUSE CVE-2023-54041
In the Linux kernel, the following vulnerability has been resolved: iouring: fix memory leak when removing provided buffers When removing provided buffers, iobuffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in...
SUSE CVE-2023-54042
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached...
SUSE CVE-2023-54043
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice The hwpt is added to the hwptlist only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the...
SUSE CVE-2023-54044
In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observ...
SUSE CVE-2023-54045
In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in auditinodechild Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIGKASAN=y && CONFIGPREEMPTION=n 2. auditc...
SUSE CVE-2023-54046
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify...
SUSE CVE-2023-54047
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...
SUSE CVE-2023-54048
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since...
SUSE CVE-2023-54049
In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup and return the error if it fails in order to avoid NULL pointer dereference...
SUSE CVE-2023-54050
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insertoldidx failed Following process will cause a memleak for copied up znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return ERRPTRerr; // No one...
SUSE CVE-2023-54051
In the Linux kernel, the following vulnerability has been resolved: net: do not allow gsosize to be set to GSOBYFRAGS One missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1 Do not allow gsosize to be set to GSOBYFRAGS 0xffff, because this magic value is used by the kernel....
SUSE CVE-2023-54052
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the probl...
SUSE CVE-2023-54053
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...
SUSE CVE-2023-54054
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
SUSE CVE-2023-54055
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC objects. PBLEs objects...
SUSE CVE-2023-54056
In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...
SUSE CVE-2023-54057
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...
SUSE CVE-2023-54058
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Check if ffadriver remove is present before executing Currently ffadrv-remove is called unconditionally from ffadeviceremove. Since the driver registration doesn't check for it and allows it to be registered...
SUSE CVE-2023-54059
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset like when is booted via kexec, the peripheral might triger an IRQ before the data structures are initialised. 0.227710 Unable to handle kernel NU...
SUSE CVE-2023-54060
In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufdioas.mockdomain.accessdomaindestory would blow up rarely. end should be...
SUSE CVE-2023-54061
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
SUSE CVE-2023-54062
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...
SUSE CVE-2023-54063
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task...
SUSE CVE-2023-54064
In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssifinfofind sets info-adaptername if the adapter info came from SMBIOS, as it's not set in that case. However, this function can be called more than once...
SUSE CVE-2023-54065
In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv-chipdata to void priv + sizeofpriv with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chipdata spac...
SUSE CVE-2023-54066
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...
SUSE CVE-2023-54067
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it,...
SUSE CVE-2023-54068
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwritebackstruct folio folio...
SUSE CVE-2023-54069
In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4mbnewinodepa due to overflow When we calculate the end position of ext4freeextent, this position may be exactly where ext4lblkt i.e. uint overflows. For example, if acgex.felogical is 4294965248 and...
SUSE CVE-2023-54070
In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...
SUSE CVE-2023-54071
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use work to update rate to avoid RCU warning The ieee80211ops::starcupdate must be atomic, because ieee80211chanbwchange holds rcuread lock while calling drvstarcupdate, so create a work to do original things...
SUSE CVE-2023-54072
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocati...
SUSE CVE-2023-54073
In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 kernel BUG...
SUSE CVE-2023-54074
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use correct encap attribute during invalidation With introduction of post action infrastructure most of the users of encap attribute had been modified in order to obtain the correct attribute by calling...
SUSE CVE-2023-54075
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: common: Fix refcount leak in parsedailinkinfo Add missing ofnodeputs before the returns to balance ofnodegets and ofnodeputs, which may get unbalanced in case the for loop 'foreachavailablechildofnode' returns ear...
SUSE CVE-2023-54076
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifssmbsesincrefcount helper to get an active reference of @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses of being put in the next call to cifsputsmbses and thus...
SUSE CVE-2023-54077
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...
SUSE CVE-2023-54078
In the Linux kernel, the following vulnerability has been resolved: media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path. Fix it...
SUSE CVE-2023-54079
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix pollinterval handling and races on remove Before this patch bq27xxxbatteryteardown was setting pollinterval = 0 to avoid bq27xxxbatteryupdate requeuing the delayedwork item. There are 2 problems with...