68528 matches found
CVE-2023-53681
In the Linux kernel, the following vulnerability has been resolved: bcache: Fix bchbtreenodealloc to make the failure behavior consistent In some specific situations, the return value of bchbtreenodealloc may be NULL. This may lead to a potential NULL pointer dereference in caller function like a...
CVE-2023-53687
In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fix a memory leak in s3c24xxserialgetclk when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a...
CVE-2023-53632
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdpsetfeatures Hold RTNL lock when calling xdpsetfeatures with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep ...
CVE-2023-53637
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov772x: Fix memleak in ov772xprobe A memory leak was reported when testing ov772x with bpf mock device: AssertionError: unreferenced object 0xffff888109afa7a8 size 8: comm "python3", pid 279, jiffies 4294805921 age...
CVE-2023-53634
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPFTRAMPFCALLORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the...
CVE-2023-53629
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the following KASAN use-after-free warning: 151.760477...
CVE-2023-53635
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...
CVE-2023-53630
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batchlastindex should use 'startindex' since at input to this function the batch is either empty or it has already been adjusted to...
CVE-2023-53633
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in mapuserpages If getuserpagesfast allocates some pages but not as many as we wanted, then the current code leaks those pages. Call putpage on the pages before returning...
CVE-2023-53675
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds accesses in sesenclosuredataprocess...
CVE-2023-53672
In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several warning triggered inside lookupinlineextentbackref. CAUSE As usual, the reproducer doesn't reliably trigger locally here, but at...
CVE-2023-53684
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...
CVE-2023-53686
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
CVE-2023-53685
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2023-53659
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavfremove, and waiting reset done would be timeout, then returned with error but changed numactivequeues directly, that will lead to OOB...
CVE-2023-53657
In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that iceeswitchportstartxmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if...
CVE-2023-53673
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: call disconnect callback before deleting conn In hcicsdisconnect, we do hciconndel even if disconnection failed. ISO, L2CAP and SCO connections refer to the hciconn without hciconnget, so disconncfm must be...
CVE-2022-50535
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dmresume Why Fixing smatch error: dmresume error: we previously assumed 'aconnector-dclink' could be null How Check if dclink null at the beginning of the loop, so further checks can b...
CVE-2022-50512
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4fcrecordregions As krealloc may return NULL, in this case 'state-fcregions' may not be freed by krealloc, but 'state-fcregions' already set NULL. Then will lead to 'state-fcregions' memory...
CVE-2022-50511
In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds i...
CVE-2022-50554
In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...
CVE-2022-50518
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdciodcprint firmware call Utilize pdclock spinlock to protect parallel modifications of the iodcdbuf buffer, check length to prevent buffer overflow of iodcdbuf, drop the iodcretbuf buffer and fix some wro...
CVE-2022-50519
In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARNONs by nilfserror for checkpoint acquisition failure If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces th...
CVE-2022-50509
In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others...
CVE-2022-50553
In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event with many params and then create a trace action for it 1, kernel panic happened 2. It is because that in traceactioncreate...
CVE-2022-50513
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtwinitcmdpriv In rtwinitcmdpriv, if pcmdpriv-rspallocatedbuf is allocated in failure, then pcmdpriv-cmdallocatedbuf will be not properly released. Besides, considering there are...
CVE-2022-50515
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpdrxirqcreateworkqueue If construction of the array of work queues to handle hpdrxirq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the...
CVE-2022-50514
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented so it needs to be decremented to avoid leaving the options structure permanently locked...
CVE-2022-50550
In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of minor device numbers specified, blkcginitdisk is called during init...
CVE-2022-50527
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains v4 Fix amdgpubovalidatesize to check whether the TTM domain manager for the requested memory exists, else we get a kernel oops when dereferencing "man". v2: Make the patch...
CVE-2022-50543
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr-map double free rxemrcleanup which tries to free mr-map again will be called when rxemrinituser fails: CPU: 0 PID: 4917 Comm: rdmaflushserv Kdump: loaded Not tainted 6.1.0-rc1-roce-flush+ 25 Hardware name: QEMU...
CVE-2022-50547
In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solosysfsinit If deviceregister returns error in solosysfsinit, the name allocated by devsetname need be freed. As comment of deviceregister says, it should use putdevice to give up th...
CVE-2022-50545
In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 size 2048: comm "modprobe", pid 817, jiffies 4294759745 age 76.502s hex dump first 32 bytes: 00 c4 0a 04...
CVE-2022-50526
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...
CVE-2022-50542
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported use-after-free in si470xintincallback 1. This indicates that urb-context, which contains struct si470xdevice object, is freed when si470xintincallback is...
CVE-2022-50529
In the Linux kernel, the following vulnerability has been resolved: testfirmware: fix memory leak in testfirmwareinit When miscregister failed in testfirmwareinit, the memory pointed by testfwconfig-name is not released. The memory leak information is as follows: unreferenced object...
CVE-2022-50546
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value in ext4evictinode+0xdd/0x26b0 fs/ext4/inode.c:180...
CVE-2022-50531
In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipctopsrvkernsubscr Use a 8-byte write to initialize sub.usrhandle in tipctopsrvkernsubscr, otherwise four bytes remain uninitialized when issuing setsockopt..., SOLTIPC, .... This resulted in an...
CVE-2022-50522
In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...
CVE-2022-50532
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd, if sasrphyadd returns error, sasrphyfree needs be called to free the resource allocated in sasenddevicealloc. Otherwise a kernel...
CVE-2022-50534
In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's pmd-root when commit failed Recently we found a softlock up problem in dm thin pool btree lookup code due to corrupted metadata: Kernel panic - not syncing: softlockup: hung tasks CPU: 7 PID: 26692...
CVE-2022-50541
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...
CVE-2022-50540
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig Fix broken slaveconfig function that uncorrectly compare the peripheralsize with the size of the config pointer instead of the size of the config struct. This cause the...
CVE-2022-50530
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...
CVE-2022-50525
In the Linux kernel, the following vulnerability has been resolved: iommu/fslpamu: Fix resource leak in fslpamuprobe The fslpamuprobe returns directly when createcsd failed, leaving irq and memories unreleased. Fix by jumping to error if createcsd returns error...
CVE-2022-50523
In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchipclkregisterpll If clkregister fails, @pll-ratetable may have allocated memory by kmemdup, so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it...
CVE-2022-50520
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeonatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...
CVE-2022-50533
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either apmldaddr or link 0 BSS is valid, since we clear sdata-vif.validlink...
CVE-2022-50524
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check return value after calling platformgetresource platformgetresource may return NULL pointer, we need check its return value to avoid null-ptr-deref in resourcesize...
CVE-2022-50536
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent, if msg has moredata, sockput will be called multip...