68528 matches found
CVE-2023-53582
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...
CVE-2023-53597
In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection. But we do not return the mi...
CVE-2023-53581
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOTREADY flag state after locking Currently the check for NOTREADY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from...
CVE-2023-53557
In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftraceops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 1 PREEMPT SMP...
CVE-2023-53608
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread The finalization of nilfssegctorthread can race with nilfssegctorkillthread which terminates that thread, potentially causing a use-after-free BUG as KASAN...
CVE-2023-53606
In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsdfile refcount leaks in COPY codepath There are two different flavors of the nfsd4copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically...
CVE-2023-53534
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtkdrmcrtc: Add checks for devmkcalloc As the devmkcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference...
CVE-2022-50473
In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...
CVE-2022-50475
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ibport" is valid when access sysfs node The "ibport" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle...
CVE-2022-50504
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtasosterm It's unsafe to use rtasbusydelay to handle a busy status from the ibm,os-term RTAS function in rtasosterm: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG:...
CVE-2022-50503
In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrange invoked, if platformgetresource returns NULL...
CVE-2022-50507
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...
CVE-2022-50470
In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then t...
CVE-2022-50476
In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such...
CVE-2022-50499
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, dvb-entity is allocated and initialized. If the initialization fails, it frees the dvb-entity, a...
CVE-2022-50471
In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: User process sets up a gntdev mapping composed of two grant...
CVE-2022-50491
In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in ctidisablehw ctienablehw and ctidisablehw are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852...
CVE-2022-50488
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...
CVE-2023-53592
In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifivegpioprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...
CVE-2022-50483
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of 2 refcount values on its page. We are the owner of...
CVE-2022-50480
In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnode needs a corresponding ofnodeput when the reference 'child' is not used anymore. Here we do not need to call ofnodeput in fail path...
CVE-2022-50492
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down e.g. after a second late...
CVE-2022-50481
In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in cxlregisterafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-dere...
CVE-2023-53591
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...
CVE-2022-50502
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53535
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid...
CVE-2023-53547
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini error Fix sdma v4 sw fini error for sdma 4.2.2 to solve the following general protection fault +0.108196 general protection fault, probably for non-canonical address 0xd5e5a4ae79d24a32: 0000 1...
CVE-2023-53588
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't eve...
CVE-2023-53616
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110 mm/slub.c:3674 Free ...
CVE-2023-53573
In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume Disabling the cache in commit 2ff4ba9e3702 "clk: rs9: Fix I2C accessors" without removing cache synchronization in resume path results in a kernel panic as map-cacheops is unset, due to REGCACHENONE...
CVE-2023-53601
In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...
CVE-2022-50505
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling...
CVE-2022-50472
In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ibquerypkey in atomic context. WARNING: CPU: 0 PID: 1888000 at...
CVE-2022-50493
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...
CVE-2022-50498
In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnllock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c 2891 RIP: 0010:netifsetrealnumtxqueues+0x1ac/0x1c0 Call Trace: alxopen+0x230/0x570 alx...
CVE-2023-53596
In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devresreleaseall only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices...
CVE-2023-53551
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Add null pointer check in gserialresume Consider a case where gserialdisconnect has already cleared gser-ioport. And if a wakeup interrupt triggers afterwards, gserialresume gets called, which will lead to...
CVE-2022-50506
In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb drbd: set -bibdev in drbdreqnew moved a biosetdev call which has since been removed to "earlier", from drbdrequestprepare to drbdreqnew. The problem is that th...
CVE-2023-53595
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred. This patch fixes those crashes by using correct order of teardown 3324.4069...
CVE-2023-53580
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...
CVE-2023-53576
In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in the nullvalidateconf and return error for NULLQRQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is...
CVE-2023-53577
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ------------ cut here ------------ WARNING: CPU: 4 PID: ...
CVE-2023-53584
In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifsreleasepage: Remove ubifsassert0 to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifsreleasepage which means there exist...
CVE-2023-53605
In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dcconstructctx function...
CVE-2023-53546
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5drcmdcreatereformatctx when mlx5cmdexec failed in mlx5drcmdcreatereformatctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5cmdexec...
CVE-2023-53548
In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504...
CVE-2023-53561
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipcimemwwanchannelinit fai...
CVE-2023-53563
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amdpstateutcheckperf and amdpstateutcheckfreq use cpufreqcpuget to get the policy of the CPU and mark it as busy. In these...
CVE-2023-53545
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csava properly Root PD BO should be reserved before unmap and remove a bova from VM otherwise lockdep will complain. v2: check fpriv-csava is not NULL instead of amdgpumcbp christian 14616.936827...
CVE-2023-53542
In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver adding support for Exynos5420 MIPI phy back in 2016 wasn't used on Exynos5420, which caused a kernel panic. Add the proper compatible...