SUSE CVE-2022-50516

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

SUSE CVE-2022-50517

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: do not clobber swpentryt during THP split The following has been observed when running stressng mmap since commit b653db77350c "mm: Clear page-private when splitting or migrating a page" watchdog: BUG: soft lockup ...

SUSE CVE-2022-50520

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeonatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...

SUSE CVE-2022-50521

In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...

SUSE CVE-2022-50522

In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...

SUSE CVE-2022-50523

In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchipclkregisterpll If clkregister fails, @pll-ratetable may have allocated memory by kmemdup, so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it...

SUSE CVE-2022-50524

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check return value after calling platformgetresource platformgetresource may return NULL pointer, we need check its return value to avoid null-ptr-deref in resourcesize...

SUSE CVE-2022-50525

In the Linux kernel, the following vulnerability has been resolved: iommu/fslpamu: Fix resource leak in fslpamuprobe The fslpamuprobe returns directly when createcsd failed, leaving irq and memories unreleased. Fix by jumping to error if createcsd returns error...

SUSE CVE-2022-50526

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...

SUSE CVE-2022-50527

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains v4 Fix amdgpubovalidatesize to check whether the TTM domain manager for the requested memory exists, else we get a kernel oops when dereferencing "man". v2: Make the patch...

SUSE CVE-2022-50529

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fix memory leak in testfirmwareinit When miscregister failed in testfirmwareinit, the memory pointed by testfwconfig-name is not released. The memory leak information is as follows: unreferenced object...

SUSE CVE-2022-50532

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd, if sasrphyadd returns error, sasrphyfree needs be called to free the resource allocated in sasenddevicealloc. Otherwise a kernel...

SUSE CVE-2022-50533

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either apmldaddr or link 0 BSS is valid, since we clear sdata-vif.validlink...

SUSE CVE-2022-50535

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dmresume Why Fixing smatch error: dmresume error: we previously assumed 'aconnector-dclink' could be null How Check if dclink null at the beginning of the loop, so further checks can b...

SUSE CVE-2022-50537

In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpifirmwareprobe In rpifirmwareprobe, if mboxrequestchannel fails, the 'fw' will not be freed through rpifirmwaredelete, fix this leak by calling kfree in the error path...

SUSE CVE-2022-50538

In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it's ignored, which can cause unregistering vmeroot fail when exit. general protection fault, probably for non-canonical address...

SUSE CVE-2022-50539

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4sraminit, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

SUSE CVE-2022-50540

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig Fix broken slaveconfig function that uncorrectly compare the peripheralsize with the size of the config pointer instead of the size of the config struct. This cause the...

SUSE CVE-2022-50543

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr-map double free rxemrcleanup which tries to free mr-map again will be called when rxemrinituser fails: CPU: 0 PID: 4917 Comm: rdmaflushserv Kdump: loaded Not tainted 6.1.0-rc1-roce-flush+ 25 Hardware name: QEMU...

SUSE CVE-2022-50545

In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 size 2048: comm "modprobe", pid 817, jiffies 4294759745 age 76.502s hex dump first 32 bytes: 00 c4 0a 04...

SUSE CVE-2022-50546

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value in ext4evictinode+0xdd/0x26b0 fs/ext4/inode.c:180...

SUSE CVE-2022-50547

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solosysfsinit If deviceregister returns error in solosysfsinit, the name allocated by devsetname need be freed. As comment of deviceregister says, it should use putdevice to give up th...

SUSE CVE-2022-50551

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmffwallocrequest This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BITchiprev when a 'chiprev' provided by the device is too large. It should also not be equ...

SUSE CVE-2022-50552

In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...

SUSE CVE-2022-50553

In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event with many params and then create a trace action for it 1, kernel panic happened 2. It is because that in traceactioncreate...

SUSE CVE-2022-50555

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipctopsrvaccept syzbot found a crash in tipctopsrvaccept: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f Workqueue: tipcrcv tipctopsrvaccept RIP: 0010:kernelaccept+0x22d/0x350...

SUSE CVE-2023-53618

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...

SUSE CVE-2023-53619

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nfcthelperhash uses after free If nfconntrackinitstart fails for example due to a registernfconntrackbpf failure, the nfconntrackhelperfini clean-up path frees the nfcthelperhash map. When built with...

SUSE CVE-2023-53622

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct gfs2tune are accessed without holding the lock gtspin in gfs2showoptions: val = sdp-sdtune.gtlogdsecs; if val != 30 seqprintfs,...

SUSE CVE-2023-53625

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when destroying vgpu, e.g in remove case drm minor's debugfs root might already be destroyed, which led to kernel oops like below. Console:...

SUSE CVE-2023-53626

In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory...

SUSE CVE-2023-53627

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

SUSE CVE-2023-53629

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the following KASAN use-after-free warning: 151.760477...

SUSE CVE-2023-53630

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batchlastindex should use 'startindex' since at input to this function the batch is either empty or it has already been adjusted to...

SUSE CVE-2023-53631

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to dispose it accordingly. Use kobjectput to dispose the...

SUSE CVE-2023-53634

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPFTRAMPFCALLORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the...

SUSE CVE-2023-53635

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...

SUSE CVE-2023-53637

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov772x: Fix memleak in ov772xprobe A memory leak was reported when testing ov772x with bpf mock device: AssertionError: unreferenced object 0xffff888109afa7a8 size 8: comm "python3", pid 279, jiffies 4294805921 age...

SUSE CVE-2023-53639

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

SUSE CVE-2023-53640

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN useafterfree out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcacheflatread" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bound...

SUSE CVE-2023-53642

In the Linux kernel, the following vulnerability has been resolved: x86: fix clearuserrepgood exception handling annotation This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 "x86: don't use REPGOOD or ERMS for user memory clearing" upstream. However, rather tha...

SUSE CVE-2023-53644

In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------ cut here ------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 3271 at...

SUSE CVE-2023-53645

In the Linux kernel, the following vulnerability has been resolved: bpf: Make bpfrefcountacquire fallible for non-owning refs This patch fixes an incorrect assumption made in the original bpfrefcount series 0, specifically that the BPF program calling bpfrefcountacquire on some node can always...

SUSE CVE-2023-53646

In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: add sentinel to xehpoabcounters Arrays passed to reginrangetable should end with empty record. The patch solves KASAN detected bug with signature: BUG: KASAN: global-out-of-bounds in...

SUSE CVE-2023-53647

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root obje...

SUSE CVE-2023-53648

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error: sound/pci/ac97/ac97codec.c:2354 sndac97mixer error: we previously assumed 'rac97' could be null see line 2072 remove redundant assignment, return error if...

SUSE CVE-2023-53649

In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel-priv area In 3cb4d5e00e037c70 "perf trace: Free syscall tp fields in evsel-priv" it only was freeing if strcmpevsel-tpformat-system, "syscalls" returned zero, while the corresponding initializati...

SUSE CVE-2023-53651

In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops...

SUSE CVE-2023-53652

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr point...

SUSE CVE-2023-53653

In the Linux kernel, the following vulnerability has been resolved: media: amphion: fix REVERSEINULL issues reported by coverity null-checking of a pointor is suggested before dereferencing it...