SUSE CVE-2022-50390

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...

SUSE CVE-2022-50391

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in setmempolicyhomenode system call When encountering any vma in the range with policy other than MPOLBIND or MPOLPREFERREDMANY, an error is returned without issuing a mpolput on the policy just...

SUSE CVE-2022-50392

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183mt6358ts3a227max98357devprobe The node returned by ofparsephandle with refcount incremented, ofnodeput needs be called when finish using it. So add it in the error path in...

SUSE CVE-2022-50393

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: SDMA update use unlocked iterator SDMA update page table may be called from unlocked context, this generate below warning. Use unlocked iterator to handle this case. WARNING: CPU: 0 PID: 1475 at...

SUSE CVE-2022-50394

In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismtaccess When the driver does not check the data from the user, the variable 'data-block0' may be very large to cause an out-of-bounds bug. The following log can reveal it: 33.995542 i2c...

SUSE CVE-2022-50396

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexsetparms Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810c287f00 size 256: comm "syz-executor105", pid 3600,...

SUSE CVE-2022-50397

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50398

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomiccheck to bridge ops DRM committails will disable downstream crtc/encoder/bridge if both disable crtc is required and crtc-active is set before pushing a new frame downstream. There is a rare case that user...

SUSE CVE-2022-50399

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...

SUSE CVE-2022-50400

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audiohelper: remove unused and wrong debugfs usage In the greybus audiohelper code, the debugfs file for the dapm has the potential to be removed and memory will be leaked. There is also the very real potential...

SUSE CVE-2022-50401

In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svcxprtput on rpccreate failure On error situation clp-clcbconn.cbxprt should not be given a reference to the xprt otherwise both client cleanup and the error handling path of the caller call to pu...

SUSE CVE-2022-50402

In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of mdbitmapgetcounter Check the return value of mdbitmapgetcounter in case it returns NULL pointer, which will result in a null pointer dereference. v2: update the check to include oth...

SUSE CVE-2022-50405

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

SUSE CVE-2022-50407

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...

SUSE CVE-2022-50408

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit ret = brcmfprototxqueuedatadrvr, ifp-ifidx, skb; may be schedule, and then complete before the line ndev-stats.txbytes += skb-len; 46.912801...

SUSE CVE-2022-50410

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...

SUSE CVE-2022-50411

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpidscallcontrolmethod A use-after-free in acpipsparseaml after a failing invocaion of acpidscallcontrolmethod is reported by KASAN 1 and code inspection reveals that nextwalkstate pushed to the...

SUSE CVE-2022-50412

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cecunregisteradapter assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the...

SUSE CVE-2022-50413

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assocdata at this point, so need to use another copy of the AP MLD address instead...

SUSE CVE-2022-50414

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls fcoetransportattach&fcoeswtransport, but when fcoeifinit fails, &fcoeswtransport is not detached and leaves freed &fcoeswtransport on fcoetransports...

SUSE CVE-2022-50415

In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: starttask createsinglethreadworkqueue faile...

SUSE CVE-2022-50416

In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450aicofinit If ofiomap failed, 'aic' should be freed before return. Otherwise there is a memory leak...

SUSE CVE-2022-50417

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrostgemcreatewithhandle previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a...

SUSE CVE-2022-50418

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11kmhiregister mhialloccontroller allocates a memory space for mhictrl. When gets some error, mhictrl should be freed with mhifreecontroller. But when ath11kmhireadaddrfromdt...

SUSE CVE-2022-50419

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be called multiple times as stated in its documentation: 'Do not call this routine or deviceregister more than once for any device structure...

SUSE CVE-2023-53153

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext Key information in wext.connect is not reset on reconnect and can hold data from a previous connection. Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP...

SUSE CVE-2023-53163

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: don't hold nilock when calling truncatesetsize syzbot is reporting hung task at douseraddrfault 1, for there is a silent deadlock between PGlocked bit and nilock lock. Since filemapupdatepage calls filemapreadfolio afte...

SUSE CVE-2023-53164

In the Linux kernel, the following vulnerability has been resolved: irqchip/ti-sci: Fix refcount leak in tisciintrirqdomainprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2023-53168

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: Increase the command completion timeout Commit 130a96d698d7 "usb: typec: ucsi: acpi: Increase command completion timeout value" increased the timeout from 5 seconds to 60 seconds due to issues related to alternate...

SUSE CVE-2023-53174

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name allocated by devsetname needs be freed. As the comment of deviceadd says, putdevice should be used to decrease the reference count in th...

SUSE CVE-2023-53175

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix a crash in hvpcirestoremsimsg during hibernation When a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI device driver is not loaded yet i.e. MSI-X/MSI is not enabled on the device yet, doing a VM...

SUSE CVE-2023-53176

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can...

SUSE CVE-2023-53196

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak Function dwc3qcomprobe allocates memory for resource structure which is pointed by parentres pointer. This memory is not freed. This leads to memory leak. Use stack memory to prevent...

SUSE CVE-2023-53202

In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...

SUSE CVE-2023-53214

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential memory corruption in updateiostatlatency Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below: fs/f2fs/iostat.c:231 updateiostatlatency error: buffer...

SUSE CVE-2023-53219

In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...

SUSE CVE-2023-53227

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2023-53230

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifssmb3domount This fixes the following warning reported by kernel test robot fs/smb/client/cifsfs.c:982 cifssmb3domount warn: possible memory leak of 'cifssb'...

SUSE CVE-2023-53288

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclientmodesetprobe When a new mode is set to modeset-mode, the previous mode should be freed. This fixes the following kmemleak report: drmmodeduplicate+0x45/0x220 drm...

SUSE CVE-2023-53306

In the Linux kernel, the following vulnerability has been resolved: fsdax: force clear dirty mark if CoW XFS allows CoW on non-shared extents to combat fragmentation1. The old non-shared extent could be mwrited before, its dax entry is marked dirty. This results in a WARNing: 28.512349 ----------...

SUSE CVE-2023-53342

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. Trying to add an IPv4 route referencing a nextop via nhid: $ ip...

SUSE CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

SUSE CVE-2023-53352

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: 90.002283 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASA...

SUSE CVE-2023-53354

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

SUSE CVE-2023-53356

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Add null pointer check in gserialsuspend Consider a case where gserialdisconnect has already cleared gser-ioport. And if gserialsuspend gets called afterwards, it will lead to accessing of gser-ioport and th...

SUSE CVE-2023-53368

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rbendcommit at code: if RBWARNONcpubuffer, !localread&cpubuffer-committing WARNING: CPU: 0 PID: 139 at kernel/trace/ringbuffer.c:3142...

SUSE CVE-2023-53371

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5efsttredirectanycreate The memory pointed to by the fs-any pointer is not freed in the error path of mlx5efsttredirectanycreate, which can lead to a memory leak. Fix by freeing the memory in the...

SUSE CVE-2023-53373

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

SUSE CVE-2023-53376

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long...

SUSE CVE-2023-53377

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2compoundop we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixin...