68528 matches found
CVE-2023-54167
In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...
CVE-2023-54165
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...
CVE-2022-50878
In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611connectorinit A NULL check for bridge-encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 if !bridge-encoder...
CVE-2022-50872
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtimecounterinit The "sysclk" resource is malloced by clkget, it is not released when the function return...
CVE-2022-50884
In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...
CVE-2022-50873
In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...
CVE-2022-50858
In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...
CVE-2022-50882
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvcgpioparse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer after the IRQ to avoid it...
CVE-2022-50855
In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In 0, we added the ability to bpfprogattach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPFLSMCGROUP, we return too early if...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2022-50879
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT findinsn will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference...
CVE-2023-54296
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...
CVE-2022-50881
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9khifusbdisconnect This patch fixes a use-after-free in ath9k that occurs in ath9khifusbdisconnect when ath9kdestroywmi is trying to access 'drvpriv' that has already been freed by...
CVE-2023-54223
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...
CVE-2023-54202
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915perfaddconfigioctl Userspace can guess the id value and try to race oaconfig object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking t...
CVE-2023-54264
In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sbgetblkinode-isb, parent return a null ptr and taking lock on that leads to the null-ptr-deref bug...
CVE-2023-54172
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current versions of Hyper-...
CVE-2023-54316
In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of waitqueueheadt Running the refscale test occasionally crashes the kernel with the following error: 8569.952896 BUG: unable to handle page fault for address: ffffffffffffffe8 8569.952900 PF:...
CVE-2023-54291
In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...
CVE-2022-50889
In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dmintegritydtr Dmintegrity also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in dmintegritydtr...
CVE-2022-50868
In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...
CVE-2023-54322
In the Linux kernel, the following vulnerability has been resolved: arm64: set exceptionirqentry with irqentry as a default filterirqstacks is supposed to cut entries which are related irq entries from its call stack. And inirqentrytext which is called by filterirqstacks uses irqentrytextstart/en...
CVE-2023-54175
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path wher...
CVE-2023-54214
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...
CVE-2023-54200
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: always release netdev hooks from notifier This reverts "netfilter: nftables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will...
CVE-2023-54276
In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...
CVE-2023-54185
In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUGON's in addnewfreespace At addnewfreespace we have these BUGON's that are there to deal with any failure to add free space to the in memory free space cache. Such failures are mostly -ENOMEM that should be very...
CVE-2022-50887
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget/ofnodeput unbalanced - destroy cset entry: attach overlay...
CVE-2023-54289
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedfmain.c:3056 qedfallocglobalqueues warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return...
CVE-2023-54259
In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...
CVE-2023-54183
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...
CVE-2022-50857
In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: fix possible name leak in rioregistermport If deviceregister returns error, the name allocated by devsetname need be freed. It should use putdevice to give up the reference in the error path, so that the name can be...
CVE-2023-54176
In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect // incoming reset + fastclose // the mptcp worker is...
CVE-2023-54297
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix memory leak after finding block group with super blocks At excludesuperstripes, if we happen to find a block group that has super blocks mapped to it and we are on a zoned filesystem, we error out as this is not...
CVE-2023-54268
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...
CVE-2023-54266
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920xi2cxfer 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920xread call fail...
CVE-2022-50854
In the Linux kernel, the following vulnerability has been resolved: nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction simulated in qemu: cd tools/testing/selftests/nci make ./ncidev BUG: memor...
CVE-2023-54201
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...
CVE-2023-54299
In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the...
CVE-2023-54171
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter-temp when reading tracepipe kmemleak reports: unreferenced object 0xffff88814d14e200 size 256: comm "cat", pid 336, jiffies 4294871818 age 779.490s hex dump first 32 bytes: 04 00 01 03 00 00 00 00...
CVE-2023-54243
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix table blob use-after-free We are not allowed to return an error at this point. Looking at the code it looks like ret is always 0 at this point, but its not. t = findtablelocknet, repl-name, &ret, &ebtmute...
CVE-2023-54166
In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...
CVE-2023-54191
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix memory leak in mt7996mcuexit Always purge mcu skb queues in mt7996mcuexit routine even if mt7996firmwarestate fails...
CVE-2023-54246
In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter scheduletimeoutuninterruptible to idle The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter kthread. However, the hung-task timeout will trigger when the timeout...
CVE-2023-54272
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in niclear In a previous commit c1006bd13146, ni-mi.mrec in niwriteinode could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni-mi.mr...
CVE-2023-54169
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5eptpopen When kvzallocnode or kvzalloc failed in mlx5eptpopen, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the array in the error path...
CVE-2023-54236
In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...
CVE-2023-54198
In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in ttydriverlookuptty When specifying an invalid console= device like console=tty3270, ttydriverlookuptty returns the tty struct without checking whether index is a valid number. To reproduce:...
CVE-2022-50864
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field slogblocksize of superblock data is corrupted and too large, initnilfs and loadnilfs still can trigger a shift-out-of-bounds warning followed by a...
CVE-2022-50869
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...