68528 matches found
CVE-2023-54072
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocati...
CVE-2023-54052
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the probl...
CVE-2023-54099
In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...
CVE-2023-54074
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use correct encap attribute during invalidation With introduction of post action infrastructure most of the users of encap attribute had been modified in order to obtain the correct attribute by calling...
CVE-2023-54078
In the Linux kernel, the following vulnerability has been resolved: media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path. Fix it...
CVE-2023-54114
In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows, skbpanic was caused by wrong skb-macheader in nshgsosegment: invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 PID: 2737 Comm: syz Not...
CVE-2023-54045
In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in auditinodechild Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIGKASAN=y && CONFIGPREEMPTION=n 2. auditc...
CVE-2023-54054
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54156
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efxnetstats .ndogetstats64 can be called during an ethtool selftest, during which time nicdata-mcstats is NULL as the NIC has been fini'd. In this case do not attempt to...
CVE-2023-54097
In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix ofiomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32pwrregulatorprobe warn: 'base' from ofiomap not released on lines: 151,166. In stm32pwrregulatorprobe, base is not released when...
CVE-2023-54136
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when probe returns failure to avoid memory leak...
CVE-2023-54135
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix potential out-of-bounds access in maswrendpiv Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extend...
CVE-2023-54155
In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...
CVE-2025-68745
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f "scsi: qla2xxx: target: Fix offline port handling and host reset handling" caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as ...
CVE-2023-54119
In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotifyfreeingmark races with inotifyhandleinodeevent it can happen that inotifyhandleinodeevent sees that imark-wd got already reset to -1 and reports this value to userspace...
CVE-2022-50735
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76ustatusworker if the device is not running Fix the following NULL pointer dereference avoiding to run mt76ustatusworker thread if the device is not running yet. KASAN: null-ptr-deref in range...
CVE-2023-54066
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...
CVE-2022-50769
In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...
CVE-2022-50734
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: Fix memleak in nvmemregister devsetname will alloc memory for nvmem-dev.kobj.name in nvmemregister, when nvmemvalidatekeepouts failed, nvmem's memory will be freed and return, but nobody will free memory for...
CVE-2023-54065
In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv-chipdata to void priv + sizeofpriv with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chipdata spac...
CVE-2022-50776
In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in stofquadfssetup If stclkregisterquadfspll fails, @lock should be freed before goto @errexit, otherwise will cause meory leak issue, fix it...
CVE-2022-50770
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2mountvolume There is a memory leak reported by kmemleak: unreferenced object 0xffff88810cc65e60 size 32: comm "mount.ocfs2", pid 23753, jiffies 4302528942 age 34735.105s hex dump first 32 bytes: 10 ...
CVE-2023-54086
In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...
CVE-2023-54047
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...
CVE-2022-50761
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xeninitlockcpu In xeninitlockcpu, the @name has allocated new string by kasprintf, if bindipitoirqhandler fails, it should be freed, otherwise may lead to a memory leak issue, fix it...
CVE-2023-54159
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...
CVE-2023-54103
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54073
In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 kernel BUG...
CVE-2023-54081
In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to...
CVE-2023-54123
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...
CVE-2023-54151
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...
CVE-2023-54055
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC objects. PBLEs objects...
CVE-2023-54079
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix pollinterval handling and races on remove Before this patch bq27xxxbatteryteardown was setting pollinterval = 0 to avoid bq27xxxbatteryupdate requeuing the delayedwork item. There are 2 problems with...
CVE-2023-54090
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDPTX with 64 CPUs Commit 4fe815850bdc "ixgbe: let the xdpdrv work with more than 64 cpus" adds support to allow XDP programs to run on systems with more than 64 CPUs by locking the XDP TX rings and indexi...
CVE-2023-54145
In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes as of now, and there are at least two...
CVE-2023-54109
In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fix refcount leak in probe and remove function rcarfcpget take reference, which should be balanced with rcarfcpput. Add missing rcarfcpput in fdp1remove and the error paths of fdp1probe to fix this. hverkuil:...
CVE-2023-54048
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since...
CVE-2023-54044
In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observ...
CVE-2023-54158
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect o...
CVE-2023-54096
In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for soundwire device to become enumerated on the bus and initialised by their drivers, respectively. The code...
CVE-2023-54160
In the Linux kernel, the following vulnerability has been resolved: firmware: armsdei: Fix sleep from invalid context BUG Running a preempt-rt v6.2-rc3-rt1 based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 0,...
CVE-2023-54152
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...
CVE-2023-54071
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use work to update rate to avoid RCU warning The ieee80211ops::starcupdate must be atomic, because ieee80211chanbwchange holds rcuread lock while calling drvstarcupdate, so create a work to do original things...
CVE-2023-54061
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50762
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Avoid UBSAN error on truesectorsperclst syzbot reported UBSAN error as below: 76.901829 T6677 ================================================================================ 76.903908 T6677 UBSAN: shift-out-of-bounds i...
CVE-2025-68747
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to be updated still, and if the MMU is blocked, the rest of the GPU should be blocked too, so no...
CVE-2023-54046
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify...
CVE-2025-68749
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpugembofree removes the BO from the BOs list before it gets unmapped. Then fileprivunbind triggers a...
CVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...
CVE-2025-68744
In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...