SUSE CVE-2023-53456

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam and each of them directly converts the nlattr to...

SUSE CVE-2023-53457

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the...

SUSE CVE-2023-53458

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in bufferprepare and bufferfinish When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in a empty buffer risc-cpu. Later wh...

SUSE CVE-2023-53459

In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might kick in the devm free code path and thus have unavailable struct mcp2221 while in delayed wor...

SUSE CVE-2023-53460

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtwusbprobe drivers/net/wireless/realtek/rtw88/usb.c:876 rtwusbprobe warn: 'hw' from ieee80211allochw not released on lines: 811 Fix this by modifying return to a goto statement...

SUSE CVE-2023-53461

In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by ioringexitwork. That function is invoked by kworker, which doesn't...

SUSE CVE-2023-53462

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fillframeinfo Syzbot reports the following uninit-value access problem. ===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:601 inli...

SUSE CVE-2023-53463

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...

SUSE CVE-2023-53465

In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcomswrmctrl-pconfig' has size of QCOMSDWMAXPORTS 14, however we index it starting from 1, not 0, to match real port numbers. This can lead to writing port config past...

SUSE CVE-2023-53466

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix memory leak in mt7915mcuexit Always purge mcu skb queues in mt7915mcuexit routine even if mt7915firmwarestate fails...

SUSE CVE-2023-53467

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak in rtw89appendprobereqie Do kfreeskbnew before goto out to prevent potential leak...

SUSE CVE-2023-53468

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in allocwbufs kmemleak reported a sequence of memory leaks, and show them as following: unreferenced object 0xffff8881575f8400 size 1024: comm "mount", pid 19625, jiffies 4297119604 age 20.383s hex dump fir...

SUSE CVE-2023-53469

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-53470

In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlinkalloc Add a check for NULL on the alloc return. If devlinkalloc fails and we try to use devlinkpriv on the NULL return, the kernel gets very unhappy and panics. With this fix, the driver load will...

SUSE CVE-2023-53471

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cpeccerrorirq only when enabling legacy gfx ras gfx9 cpeccerrorirq is only enabled when legacy gfx ras is assert. So in gfxv90hwfini, interrupt disablement for cpeccerrorirq should be executed under...

SUSE CVE-2023-53472

In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm-hwpwm value is always 0. O...

SUSE CVE-2023-53473

In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4dirhash The ext4dirhash will almost never fail, especially when the hash tree feature was first introduced. However, with the addition of support of encrypted, casefolded file names, that...

SUSE CVE-2023-53474

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bankmap Thee maximum number of MCA banks is 64 MAXNRBANKS, see a0bc32b3cacf "x86/mce: Increase maximum number of banks to 64". However, the bankmap which contains a bitfield of which banks to initializ...

SUSE CVE-2023-53475

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following splat: 167.057718 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:229 167.057872...

SUSE CVE-2023-53476

In the Linux kernel, the following vulnerability has been resolved: iwcxgb4: Fix potential NULL dereference in c4iwfillrescmidentry This condition needs to match the previous "if epcp-state == LISTEN " exactly to avoid a NULL dereference of either "listenep" or "ep". The problem is that "epcp" ha...

SUSE CVE-2023-53478

In the Linux kernel, the following vulnerability has been resolved: tracing/synthetic: Fix races on freeing lastcmd Currently, the "lastcmd" variable can be accessed by multiple processes asynchronously when multiple users manipulate syntheticevents node at the same time, it could lead to...

SUSE CVE-2023-53479

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

SUSE CVE-2023-53480

In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset-kobj.ktype in ksetregister When I register a kset in the following way: static struct kset mykset; kobjectsetname&mykset.kobj, "mykset"; ret = ksetregister&mykset; A null pointer dereference...

SUSE CVE-2023-53482

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iommugroupalloc If either iommugroupgratefile fails then the iommugroup is leaked. Destroy it on these error paths. Found by kselftest/iommu/iommufdfailnth...

SUSE CVE-2023-53483

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devmkzalloc in fchmiscsetup devmkzalloc may fail, clkdata-name might be NULL and will cause a NULL pointer dereference later. rjw: Subject and changelog edits...

SUSE CVE-2023-53484

In the Linux kernel, the following vulnerability has been resolved: lib: cpurmap: Avoid use after free on rmap-obj array entries When calling irqsetaffinitynotifier with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array entry but will leave the...

SUSE CVE-2023-53485

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...

SUSE CVE-2023-53486

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...

SUSE CVE-2023-53488

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the update counters work might be pending, and may run after memory has been freed. Cancel the update counters work before freeing memory...

SUSE CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

SUSE CVE-2023-53491

In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...

SUSE CVE-2023-53492

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not ignore genmask when looking up chain by id When adding a rule to a chain referring to its ID, if that chain had been deleted on the same batch, the rule might end up referring to a deleted chain. This...

SUSE CVE-2023-53493

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decodemessage Copy the bounds checking from encodemessage to decodemessage. This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we...

SUSE CVE-2023-53494

In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of xts may specify...

SUSE CVE-2023-53495

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2main: fix possible OOB write in mvpp2ethtoolgetrxnfc rules is allocated in ethtoolgetrxnfc and the size is determined by rulecnt from user space. So rulecnt needs to be check before using rules to avoid OOB...

SUSE CVE-2023-53496

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Use alternate source for socket to node data The UV code attempts to build a set of tables to allow it to do bidirectional socketnode lookups. But when nrcpus is set to a smaller number than actually present, the...

SUSE CVE-2023-53497

In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2isstreaming with vb2startstreamingcalled The vsp1 driver uses the vb2isstreaming function in its .bufqueue handler to check if the .startstreaming operation has been called, and decide whether to just add...

SUSE CVE-2023-53498

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null dereference The adev-dm.dc pointer can be NULL and dereferenced in amdgpudmfini without checking. Add a NULL pointer check before calling dcdmubsrvdestroy. Found by Linux Verification Center...

SUSE CVE-2023-53499

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...

SUSE CVE-2023-53500

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decodesession6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when the xfrm device sen...

SUSE CVE-2023-53503

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

SUSE CVE-2023-53504

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Properly order ibdeviceunalloc to avoid UAF ibdeallocdevice should be called only after device cleanup. Fix the dealloc sequence...

SUSE CVE-2023-53505

In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked...

SUSE CVE-2023-53506

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore...

SUSE CVE-2023-53507

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN1. Fix it by unregistering devlink params in that...

SUSE CVE-2023-53508

In the Linux kernel, the following vulnerability has been resolved: ublk: fail to start device if queue setup is interrupted In ublkctrlstartdev, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDSTARTDEV, otherwise kernel...

SUSE CVE-2023-53509

In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qedmcptracedump By default, qedmcpcmdandunion delays 10us at a time in a loop that can run 500K times, so calls to qedmcpnvmrdcmd may block the current thread for over 5s. We observed thread scheduling delays...

SUSE CVE-2023-53510

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp-cmd ufshcdqueuecommand may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the...

SUSE CVE-2023-53511

In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...

SUSE CVE-2023-53512

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree...