SUSE CVE-2022-50497

In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: fix shift-out-of-bounds in checkspecialflags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: dumpstack lib/dumpstack.c:88 inline...

SUSE CVE-2022-50498

In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnllock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c 2891 RIP: 0010:netifsetrealnumtxqueues+0x1ac/0x1c0 Call Trace: alxopen+0x230/0x570 alx...

SUSE CVE-2022-50499

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, dvb-entity is allocated and initialized. If the initialization fails, it frees the dvb-entity, a...

SUSE CVE-2022-50500

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed If some items in nsimdevresourcesregister fail, memory leak will occur. The following is the memory leak information. unreferenced object...

SUSE CVE-2022-50501

In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcodairamalloc As the codairamalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others...

SUSE CVE-2022-50502

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50506

In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb drbd: set -bibdev in drbdreqnew moved a biosetdev call which has since been removed to "earlier", from drbdrequestprepare to drbdreqnew. The problem is that th...

SUSE CVE-2022-50508

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0phygettargetpower After 'commit ba45841ca5eb "wifi: mt76: mt76x02: simplify struct mt76x02ratepower"', mt76x02 relies on ht0-7 ratepower data for vht mcs0,7, while it uses vth0-1...

SUSE CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

SUSE CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

SUSE CVE-2023-53533

In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpitsprobe rpifirmwareget take reference, we need to release it in error paths as well. Use devmrpifirmwareget helper to handling the resources. Also remove the existing rpifirmwareput...

SUSE CVE-2023-53534

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtkdrmcrtc: Add checks for devmkcalloc As the devmkcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference...

SUSE CVE-2023-53535

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid...

SUSE CVE-2023-53536

In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blkcryptoevictkey more robust If blkcryptoevictkey sees that the key is still in-use due to a bug or that -keyslotevict failed, it currently just returns while leaving the key linked into the keyslot management...

SUSE CVE-2023-53537

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folioendwriteback+0x8a/0x90 Call Trace: endpagewriteback+0x1c/0x60 f2fswriteendio+0x199/0x420...

SUSE CVE-2023-53538

In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in pushnodeleft There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following trace: 530.569 BTRFS critical device sda3: unable to find...

SUSE CVE-2023-53539

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxerequester If a send packet is dropped by the IP layer in rxerequester the call to rxexmitpacket can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state...

SUSE CVE-2023-53540

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later...

SUSE CVE-2023-53541

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length is not in multiple of words, the oob write function does out-of-bounds read on the oob source buffer at the last iteration. Fix th...

SUSE CVE-2023-53542

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver adding support for Exynos5420 MIPI phy back in 2016 wasn't used on Exynos5420, which caused a kernel panic. Add the proper compatible...

SUSE CVE-2023-53543

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointe...

SUSE CVE-2023-53544

In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufrequnregisterdriver. If one of the cpufreq callbacks is called just before cpufrequnregisterdriver is run, the freed clks...

SUSE CVE-2023-53545

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csava properly Root PD BO should be reserved before unmap and remove a bova from VM otherwise lockdep will complain. v2: check fpriv-csava is not NULL instead of amdgpumcbp christian 14616.936827...

SUSE CVE-2023-53547

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini error Fix sdma v4 sw fini error for sdma 4.2.2 to solve the following general protection fault +0.108196 general protection fault, probably for non-canonical address 0xd5e5a4ae79d24a32: 0000 1...

SUSE CVE-2023-53548

In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504...

SUSE CVE-2023-53549

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of time and can result in soft lockup errors. The patch...

SUSE CVE-2023-53550

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec "cpufreq: amd-pstate: move to use busgetdevroot" the "amdpstate" attributes where moved from a dedicated kobject to the cpu root kobject. While the...

SUSE CVE-2023-53551

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Add null pointer check in gserialresume Consider a case where gserialdisconnect has already cleared gser-ioport. And if a wakeup interrupt triggers afterwards, gserialresume gets called, which will lead to...

SUSE CVE-2023-53552

In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across different proceses. To counter-act t...

SUSE CVE-2023-53554

In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...

SUSE CVE-2023-53555

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damofilter-list from damosnewfilter damosnewfilter is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calli...

SUSE CVE-2023-53558

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid prinfo with spin lock in cblistinitgeneric prinfo is called with rtp-cbsgbllock spin lock locked. Because prinfo calls printk that might sleep, this will result in BUG like below: 0.206455 cblistinitgeneric:...

SUSE CVE-2023-53559

In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...

SUSE CVE-2023-53560

In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables are added for trigg...

SUSE CVE-2023-53562

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind errors Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Patchwork: https://patchwork.freedesktop.org/patch/525094/...

SUSE CVE-2023-53563

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amdpstateutcheckperf and amdpstateutcheckfreq use cpufreqcpuget to get the policy of the CPU and mark it as busy. In these...

SUSE CVE-2023-53564

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2ioctlmoveextents ocfs2moveextents ocfs2defragextent ocfs2moveextent + ocfs2journalaccessdi + ocfs2splitextent //sub-paths call jbd2journalrestart + ocfs2journaldirty...

SUSE CVE-2023-53565

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe id argument being NULL The probe id argument may be NULL in 2 scenarios: 1. brcmfpciepmleaveD3 calling brcmfpcieprobe to reprobe the device. 2. If a user tries to manually bind the driver from sysf...

SUSE CVE-2023-53566

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix null deref on element insertion There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEM...

SUSE CVE-2023-53567

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...

SUSE CVE-2023-53568

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if devsetname fails When devsetname fails, zcdncreate doesn't free the newly allocated resources. Do it...

SUSE CVE-2023-53570

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211parsembssidelems nl80211parsembssidelems uses a u8 variable numelems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an integer overflo...

SUSE CVE-2023-53572

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use listforeachentrysafe. Otherwise it dereferences a freed variable to get the next item on the loop...

SUSE CVE-2023-53574

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtwcoredeinit', shrink critical section in the latter by freeing...

SUSE CVE-2023-53575

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...

SUSE CVE-2023-53576

In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in the nullvalidateconf and return error for NULLQRQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is...

SUSE CVE-2023-53577

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ------------ cut here ------------ WARNING: CPU: 4 PID: ...

SUSE CVE-2023-53578

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...

SUSE CVE-2023-53580

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...

SUSE CVE-2023-53582

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...