68528 matches found
CVE-2023-53824
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race in netlinkrecvmsg 1 Indeed, netlinkrecvmsg can be run concurrently, and netlinkdump also needs protection. 1 BUG: KCSAN: data-race ...
CVE-2023-53862
In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfsbnodeget in hfsbnodecreate Syzbot found a kernel BUG in hfsbnodeput: kernel BUG at fs/hfs/bnode.c:466! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted...
CVE-2023-53853
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning locklessly. Use READONCE there. Add corresponding WRITEONCE to netlinkdump and netlinkdumpstart syzbot reported: BUG:...
CVE-2022-50671
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...
CVE-2023-53866
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn't held appropriately. In the following functions, warning were issued ...
CVE-2025-40338
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...
CVE-2022-50673
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...
CVE-2025-14322
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
CVE-2023-53825
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...
CVE-2023-53842
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove The MBHC resources must be released on component probe failure and removal so can not be tied to the lifetime of the component device. This is specifically needed ...
CVE-2025-40330
In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...
CVE-2025-40340
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xegemfault when running corehotunplug test. I saw an oops in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after corehotunpl...
CVE-2023-53841
In the Linux kernel, the following vulnerability has been resolved: devlink: report devlinkporttypewarn source device devlinkporttypewarn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device driver has no devlink port...
CVE-2023-53850
In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavfresettask is running, LINKSTATESTART will be cleared and netifrunning will return false in iavfreinitinterruptscheme. This will resul...
CVE-2022-50676
In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting lockdep warning at rdstcpresetcallbacks 1, for commit ac3615e7f3cffe2a "RDS: TCP: Reduce code duplication in rdstcpresetcallbacks"...
CVE-2022-50675
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...
CVE-2023-53855
In the Linux kernel, the following vulnerability has been resolved: net: dsa: ocelot: call dsatag8021qunregister under rtnllock on driver remove When the tagging protocol in current use is "ocelot-8021q" and we unbind the driver, we see this splat: $ echo '0000:00:00.2'...
CVE-2023-53802
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback function. However, the skb is not freed in...
CVE-2022-50641
In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fix refcount leak in ssiprobe When returning or breaking early from a foreachavailablechildofnode loop, we need to explicitly call ofnodeput on the child node to possibly release the node...
CVE-2022-50646
In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...
CVE-2022-50648
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...
CVE-2022-50632
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...
CVE-2023-53811
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a warning...
CVE-2023-53791
In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...
CVE-2023-53790
In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the freed element in bpf memory allocator may be immediately reused, for htab map the reuse will reinitialize special fields in map value e.g., bpfspinlock...
CVE-2023-53795
In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increase the refcount syzkaller found a race where IOMMUFDDESTROY increments the refcount: obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj;...
CVE-2022-50651
In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genlinfo in dump The similar fix as commit 46cdedf2a0fa "ethtool: pse-pd: fix null-deref on genlinfo in dump" is also needed for ethtool eeprom...
CVE-2022-50643
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...
CVE-2023-53784
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fix connector access for scdc Commit 5d844091f237 "drm/scdc-helper: Pimp SCDC debugs" changed the scdc interface to pick up an i2c adapter from a connector instead. However, in the case of dw-hdmi, the wrong...
CVE-2022-50642
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...
CVE-2022-50656
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfctarget before being used Fix a slab-out-of-bounds read that occurs in nlaput called from nfcgenlsendtarget when target-sensbreslen, which is duplicated from an nfctarget in pn533, is too large as the nfctarge...
CVE-2023-53778
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...
CVE-2022-50655
In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...
CVE-2022-50640
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the...
CVE-2022-50650
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...
CVE-2023-53812
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pmruntimedisable when the architecture support sub device for 'dev-pm.dev' is NUll, or will get below crash log. 10.771551 pc : rawspinlockirq+0x4c/0xa0 10.771556 l...
CVE-2023-53807
In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clkwzrdregisterdivider Smatch detected this potential error pointer dereference clkwzrdregisterdivider. If devmclkhwregister fails then it sets "hw" to an error pointer and then dereferences it o...
CVE-2023-53808
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from 'mwifiexhistogramread'...
CVE-2023-53816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...
CVE-2022-50639
In the Linux kernel, the following vulnerability has been resolved: io-wq: Fix memory leak in worker creation If the CPU mask allocation for a node fails, then the memory allocated for the 'iowqe' struct of the current node doesn't get freed on the error handling path, since it has not yet been...
CVE-2023-53777
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...
CVE-2023-53782
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...
CVE-2023-53798
In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...
CVE-2023-53779
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53801
In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed...
CVE-2023-53792
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...
CVE-2023-53793
In the Linux kernel, the following vulnerability has been resolved: perf tool x86: Fix perfenv memory leak Found by leak sanitizer: ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 bytes in 1 objects allocated from: 0 0x7f2953a7077b in interceptorstrdup...
CVE-2013-10031
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
CVE-2022-50631
In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 size 9588: comm "kexec", pid 146, jiffies 4294900634 age 64.788s hex dump first 32 bytes: d0 0d fe ed 00 0...
CVE-2022-50645
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, so it doesn't need to call an extra pcidevget in pcigetdevwrapper, and the PCI...