SUSE CVE-2022-50372

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 size 448: comm "mount.cifs", pid 51391, jiffies 4295596373 age 330.596s hex dump first ...

SUSE CVE-2022-50374

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...

SUSE CVE-2023-53147

In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrmupdateaeparams Normally, x-replayesn and x-preplayesn should be allocated at xfrmallocreplaystateesn... in xfrmstateconstruct..., hence the xfrmupdateaeparams... is okay to update them. However, the...

SUSE CVE-2023-53148

In the Linux kernel, the following vulnerability has been resolved: igb: Fix igbdown hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type-C, users may experience a hung task timeout when they remove the cable between the PC and the...

SUSE CVE-2023-53149

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4writepages calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock...

SUSE CVE-2023-53150

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fcbsgtorport may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing...

SUSE CVE-2023-53151

In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has condresched while raid10 doesn't, and too many writes can cause soft lockup. Follow up...

SUSE CVE-2023-53152

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrmbuddyfini The following call trace is observed when removing the amdgpu driver, which is caused by that BOs allocated for psp are not freed until removing. 61811.450562 RIP:...

SUSE CVE-2023-53169

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

SUSE CVE-2023-53170

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Removed unneeded ofnodeput in felixparseportsnode Remove unnecessary ofnodeput from the continue path to prevent child node from being released twice, which could avoid resource leak or other unexpected issues...

SUSE CVE-2023-53171

In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevent underflow of lockedvm via exec When a vfio container is preserved across exec, the task does not change, but it gets a new mm with lockedvm=0, and loses the count from existing dma mappings. If the user later...

SUSE CVE-2023-53172

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FSIOCENABLEVERITY on mode 3 fds Commit 56124d6c87fd "fsverity: support enabling with tree block size fmode & FMODEREAD' in kernelread became reachable by fuzz tests. This happens if FSIOCENABLEVERITY is called on...

SUSE CVE-2023-53177

In the Linux kernel, the following vulnerability has been resolved: media: hi846: fix usage of pmruntimegetifinuse pmruntimegetifinuse does not only return nonzero values when the device is in use, it can return a negative errno too. And especially during resuming from system suspend, when runtim...

SUSE CVE-2023-53188

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows 2. two network namespaces "server" and "client" 3. two ovs interfaces "server"...

SUSE CVE-2023-53189

In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference idev depends on whether rstimer is not pending. Then modify rstimer timeout. There is a time gap in 1, during which if the pending...

SUSE CVE-2023-53192

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix nexthop hash size The nexthop code expects a 31 bit hash, such as what is returned by fibmultipathhash and rt6multipathhash. Passing the 32 bit hash returned by skbgethash can lead to problems related to the fact that...

SUSE CVE-2023-53209

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fix possible NULL dereference In a call to mac80211hwsimselecttxlink the sta pointer might be NULL, thus need to check that it is not NULL before accessing it...

SUSE CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

SUSE CVE-2023-53221

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memleak due to fentry attach failure If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms. This meamleak can be verified by a simple...

SUSE CVE-2023-53228

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amdgpucssubmit, legacy code will perform cleanup of scheduler job. However, it's not needed at all, as...

SUSE CVE-2023-53229

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drvstaprercuremove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures...

SUSE CVE-2023-53234

In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watchdogcdevregister kmemleak reports memory leaks in watchdogdevregister, as follows: unreferenced object 0xffff888116233000 size 2048: comm ""modprobe"", pid 28147, jiffies 4353426116 age 61.741s hex...

SUSE CVE-2023-53239

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork:...

SUSE CVE-2023-53240

In the Linux kernel, the following vulnerability has been resolved: xsk: check IFFUP earlier in Tx path Xsk Tx can be triggered via either sendmsg or poll syscalls. These two paths share a call to common function xskxmit which has two sanity checks within. A pseudo code example to show the two...

SUSE CVE-2023-53241

In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...

SUSE CVE-2023-53242

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 "driver core: Add allocsize hint to devm allocators" exposes a panic "BRK handler: Fatal exception" on the hi3660thermalprobe funciton. This is because the...

SUSE CVE-2023-53335

In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in passestablish If getepfromtid fails to lookup non-NULL value for ep, ep is dereferenced later regardless of whether it is empty. This patch adds a simple sanity check to fix the issue...

SUSE CVE-2023-53336

In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipubridgeparserotation and ipubridgeparseorientation run sensor-adev is not set yet. So if either of the devwarn calls about unknown values are hit this...

SUSE CVE-2023-53337

In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, markbufferdirty called from nilfssegctordoconstruct outputs a warning with some patterns after nilfs2 detects metadata corruption and...

SUSE CVE-2023-53338

In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive values, such like NETRXDROP, NETXMITCN, NETDEVTXBUSY, and so on, from function skbdoredirect and bpflwtxmitreroute. At the xmit hook, suc...

SUSE CVE-2023-53339

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUGON condition in btrfscancelbalance Pausing and canceling balance can race to interrupt balance lead to BUGON panic in btrfscancelbalance. The BUGON condition in btrfscancelbalance does not take this race scenario in...

SUSE CVE-2023-53340

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't...

SUSE CVE-2023-53341

In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when earlyinitdtscanmemory fails If memory has been found earlyinitdtscanmemory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on...

SUSE CVE-2023-53343

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...

SUSE CVE-2023-53345

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race in rxrpcwaittobeconnected Inside the loop in rxrpcwaittobeconnected it checks call-error to see if it should exit the loop without first checking the call state. This is probably safe as if call-err...

SUSE CVE-2023-53347

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-switch via uplink un/load APIs In case user switch a device from switchdev mode to legacy mode, mlx5 first unpair the E-switch and afterwards unload the uplink vport. From the other hand, in case use...

SUSE CVE-2023-53348

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when aborting transaction during relocation with scrub Before relocating a block group we pause scrub, then do the relocation and then unpause scrub. The relocation process requires starting and committing a...

SUSE CVE-2023-53349

In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740initcontrols There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 size 16: comm "51-i2c-ov2740", pid 278, jiffies 4294781584 age...

SUSE CVE-2023-53350

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix slicing memory leak The temporary buffer storing slicing configuration data from user is only freed on error. This is a memory leak. Free the buffer unconditionally...

SUSE CVE-2023-53351

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 drm/sched: Check scheduler ready before calling timeout handling. It uses ready...

SUSE CVE-2023-53353

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone memmgr IDR destruction to hprivrelease The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the user context might be still held, and memory buffe...

SUSE CVE-2023-53355

In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instea...

SUSE CVE-2023-53357

In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to md/bitmapsetbits, mdbitmapcheckpage will return -EINVAL because 'page = bitmap-pages', but the return value was not checked immediately in...

SUSE CVE-2023-53358

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREECONNEXPIRE flags for tcon to avoid cocurrent access...

SUSE CVE-2023-53359

In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead which...

SUSE CVE-2023-53360

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READPLUS again I found that the read code might send multiple requests using the same nfspgioheader, but nfs4procreadsetup is only called once. This is how we ended up occasionally...

SUSE CVE-2023-53361

In the Linux kernel, the following vulnerability has been resolved: LoongArch: mm: Add p?dleaf definitions When I do LTP test, LTP test case ksm06 caused panic at breakksmpmdentry - pmdleaf Huge page table but False - ptepresent panic The reason is pmdleaf is not defined, So like commit...

SUSE CVE-2023-53362

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: don't assume child devices are all fsl-mc devices Changes in VFIO caused a pseudo-device to be created as child of fsl-mc devices causing a crash 1 when trying to bind a fsl-mc device to VFIO. Fix this by checking th...

SUSE CVE-2023-53363

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pcibusreleasedomainnr Commit c14f7ccc9f5d "PCI: Assign PCI domain IDs by idaalloc" introduced a use-after-free bug in the bus removal cleanup. The issue was found with kfence: 19.293351 BUG: KFENCE:...

SUSE CVE-2023-53364

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: better fix null deref with partial DT Two versions of the original patch were sent but V1 was merged instead of V2 due to a mistake. So update to V2. The advantage of V2 is that it completely avoids dereferenci...