68528 matches found
CVE-2023-53543
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointe...
CVE-2023-53539
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxerequester If a send packet is dropped by the IP layer in rxerequester the call to rxexmitpacket can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state...
CVE-2023-53593
In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is called, the call contract is that the callee should unlock the page. This is documented in the readfolio section of...
CVE-2023-53540
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later...
CVE-2023-53585
In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. The function therefore needs to make...
CVE-2022-50496
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
CVE-2022-50477
In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...
CVE-2023-53536
In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blkcryptoevictkey more robust If blkcryptoevictkey sees that the key is still in-use due to a bug or that -keyslotevict failed, it currently just returns while leaving the key linked into the keyslot management...
CVE-2023-53533
In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpitsprobe rpifirmwareget take reference, we need to release it in error paths as well. Use devmrpifirmwareget helper to handling the resources. Also remove the existing rpifirmwareput...
CVE-2023-53612
In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation...
CVE-2023-53615
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trac...
CVE-2023-53611
In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit: unreferenced object 0xffff00018ecf9400 size 1024: comm "modprobe", pid 2707763, jiffies 4300851415 age 773.308s backtrace:...
CVE-2023-53614
In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mmstruct teardown exitmmap will tear down the VMAs and maple tree with the mmaplock held in write mode. Ensure that the maple tree is still valid by checking ksmtestexit after taking the...
CVE-2023-53607
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following: 9.625915 ------------ cut here ------------ 9.633440...
CVE-2023-53610
In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platformirqchipprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...
CVE-2023-53609
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...
CVE-2023-53550
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec "cpufreq: amd-pstate: move to use busgetdevroot" the "amdpstate" attributes where moved from a dedicated kobject to the cpu root kobject. While the...
CVE-2023-53553
In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from...
CVE-2023-53566
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix null deref on element insertion There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEM...
CVE-2023-53567
In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...
CVE-2023-53562
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix vram leak on bind errors Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Patchwork: https://patchwork.freedesktop.org/patch/525094/...
CVE-2023-53575
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2023-53600
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ipcomputecsum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by...
CVE-2022-50508
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0phygettargetpower After 'commit ba45841ca5eb "wifi: mt76: mt76x02: simplify struct mt76x02ratepower"', mt76x02 relies on ht0-7 ratepower data for vht mcs0,7, while it uses vth0-1...
CVE-2023-53538
In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in pushnodeleft There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following trace: 530.569 BTRFS critical device sda3: unable to find...
CVE-2023-53579
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action...
CVE-2022-50489
In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipidsihostunregister loops over every device currently found on that bus and will unregister it. However, it doesn't...
CVE-2023-53587
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible maybe not in a real system, but it did happen in ARCH=um with time-travel to destroy the...
CVE-2023-53613
In the Linux kernel, the following vulnerability has been resolved: dax: Fix daxmappingrelease use after free A CONFIGDEBUGKOBJECTRELEASE test of removing a device-dax region provider like modprobe -r daxhmem yields: kobject: 'mapping0' ffff93eb460e8800: kobjectrelease, parent 0000000000000000...
CVE-2023-53594
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will call cleanupgluedir to free resource. But in kobjectadd, dev-kobj.parent has been set to NULL. This will cause resource leak. The...
CVE-2023-53549
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of time and can result in soft lockup errors. The patch...
CVE-2023-53556
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...
CVE-2023-53552
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across different proceses. To counter-act t...
CVE-2023-53583
In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERFHESSTOPPED flag checking in riscvpmustart Since commit 096b52fd2bb4 "perf: RISC-V: throttle perf events" the perfsampleeventtook function was added to report time spent in overflow interrupts. If the...
CVE-2023-53589
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be, we might copy far too much uninitialized memory and even crash if t...
CVE-2022-50485
In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4IGETBAD flag to prevent unexpected bad inode There are many places that will get unhappy and crash when ext4iget returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, becaus...
CVE-2023-53537
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folioendwriteback+0x8a/0x90 Call Trace: endpagewriteback+0x1c/0x60 f2fswriteendio+0x199/0x420...
CVE-2023-53544
In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufrequnregisterdriver. If one of the cpufreq callbacks is called just before cpufrequnregisterdriver is run, the freed clks...
CVE-2022-50497
In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: fix shift-out-of-bounds in checkspecialflags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: dumpstack lib/dumpstack.c:88 inline...
CVE-2023-53578
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...
CVE-2023-53602
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11kfwstatsfree function before hardware unregister. While at i...
CVE-2022-50501
In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcodairamalloc As the codairamalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others...
CVE-2023-53541
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length is not in multiple of words, the oob write function does out-of-bounds read on the oob source buffer at the last iteration. Fix th...
CVE-2023-53554
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
CVE-2023-53560
In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables are added for trigg...
CVE-2023-53598
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...
CVE-2023-53604
In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmemcachedestroy in dmintegrityinit error path Otherwise the journaliocache will leak if dmregistertarget fails...
CVE-2023-53559
In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipvti devic...
CVE-2022-50500
In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed If some items in nsimdevresourcesregister fail, memory leak will occur. The following is the memory leak information. unreferenced object...
CVE-2025-39939
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpcigetiommuctrs returns counter information to be reported as part of device statistics; these counters are stored as part of the s390domain. The problem, however, is...