68528 matches found
CVE-2023-53489
In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...
CVE-2023-53493
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decodemessage Copy the bounds checking from encodemessage to decodemessage. This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we...
CVE-2023-53509
In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qedmcptracedump By default, qedmcpcmdandunion delays 10us at a time in a loop that can run 500K times, so calls to qedmcpnvmrdcmd may block the current thread for over 5s. We observed thread scheduling delays...
CVE-2023-53528
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If createqp does not fully succeed it is possible for qp cleanup code to attempt to drain the send or recv work queues before the queues have been created causing a seg fault. This patch...
CVE-2023-53517
In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msgmax is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for the minimum mtu,...
CVE-2022-50426
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...
CVE-2023-53458
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in bufferprepare and bufferfinish When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in a empty buffer risc-cpu. Later wh...
CVE-2022-50443
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by replacing it with the...
CVE-2023-53486
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. 169.181521 BUG: KASAN: slab-out-of-bounds in...
CVE-2023-53479
In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...
CVE-2023-53500
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decodesession6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when the xfrm device sen...
CVE-2023-53518
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreqdevrelease srcuinitnotifierhead allocates resources that need to be released with a srcucleanupnotifierhead call. Reported by kmemleak...
CVE-2023-53520
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hcisuspendsync crash If hciunregisterdev frees the hcidev object but hcisuspendnotifier may still be accessing it, it can cause the program to crash. Here's the call trace: 102152.653246 Call Trace: 102152.653254...
CVE-2023-53524
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwlwritetouserbuf An integer overflow occurs in the iwlwritetouserbuf function, which is called by the iwldbgfsmonitordataread function. static bool iwlwritetouserbufchar user userbuf,...
CVE-2023-53452
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...
CVE-2022-50440
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox...
CVE-2022-50446
In the Linux kernel, the following vulnerability has been resolved: ARC: mm: fix leakage of memory allocated for PTE Since commit d9820ff "ARC: mm: switch pgtablet back to struct page " a memory leakage problem occurs. Memory allocated for page table entries not released during process terminatio...
CVE-2022-50469
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential memory leak in rtwinitdrvsw In rtwinitdrvsw, there are various init functions are called to populate the padapter structure and some checks for their return value. However, except for the first o...
CVE-2023-53480
In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset-kobj.ktype in ksetregister When I register a kset in the following way: static struct kset mykset; kobjectsetname&mykset.kobj, "mykset"; ret = ksetregister&mykset; A null pointer dereference...
CVE-2022-50433
In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc "efi: avoid efivars layer when loading SSDTs from variables". The problem appears t...
CVE-2023-53476
In the Linux kernel, the following vulnerability has been resolved: iwcxgb4: Fix potential NULL dereference in c4iwfillrescmidentry This condition needs to match the previous "if epcp-state == LISTEN " exactly to avoid a NULL dereference of either "listenep" or "ep". The problem is that "epcp" ha...
CVE-2023-53504
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Properly order ibdeviceunalloc to avoid UAF ibdeallocdevice should be called only after device cleanup. Fix the dealloc sequence...
CVE-2023-53519
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter numrdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter numrdy when getting the value with function:...
CVE-2023-53459
In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might kick in the devm free code path and thus have unavailable struct mcp2221 while in delayed wor...
CVE-2023-53485
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...
CVE-2022-50447
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...
CVE-2022-50456
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical address in the non-inline region...
CVE-2022-50453
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's...
CVE-2023-53478
In the Linux kernel, the following vulnerability has been resolved: tracing/synthetic: Fix races on freeing lastcmd Currently, the "lastcmd" variable can be accessed by multiple processes asynchronously when multiple users manipulate syntheticevents node at the same time, it could lead to...
CVE-2023-53499
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...
CVE-2022-50462
In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, it need be freed when module exiting,...
CVE-2023-53494
In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of xts may specify...
CVE-2023-53487
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update yields a BUG: kern...
CVE-2023-53522
In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpuhotpluglock before freezermutex syzbot is reporting circular locking dependency between cpuhotpluglock and freezermutex, for commit f5d39b020809 "freezer,sched: Rewrite core freezer logic" replaced atomici...
CVE-2022-50464
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fix PCI device refcount leak in mt7915pciinithif2 As comment of pcigetdevice says, it returns a pcidevice with its refcount increased. We need to call pcidevput to decrease the refcount. Save the return value of...
CVE-2023-53507
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN1. Fix it by unregistering devlink params in that...
CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53477
In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6nlmsgsize, the length of nexthop is calculated by multipling the nexthop length of fib6info and the number of siblings. However if the fib6info h...
CVE-2023-53512
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree...
CVE-2023-53451
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'curdsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer...
CVE-2023-53523
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect and then the struct...
CVE-2023-53454
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...
CVE-2022-50451
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak on ntfsfillsuper error path syzbot reported kmemleak as below: BUG: memory leak unreferenced object 0xffff8880122f1540 size 32: comm "a.out", pid 6664, jiffies 4294939771 age 25.500s hex dump first 32...
CVE-2022-50461
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65cpswnussndoslaveopen Ensure pmruntimeput is issued in error path...
CVE-2023-53505
In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked...
CVE-2023-53472
In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm-hwpwm value is always 0. O...
CVE-2023-53495
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2main: fix possible OOB write in mvpp2ethtoolgetrxnfc rules is allocated in ethtoolgetrxnfc and the size is determined by rulecnt from user space. So rulecnt needs to be check before using rules to avoid OOB...
CVE-2022-50439
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ before we are ready to handle it. 2.334737 Unable to handle kernel read from unreadable memory at...
CVE-2023-53526
In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh-btransaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2journalcommittransaction jbd2journalinsertcheckpointjh, committransaction // Put jh into trans1-tcheckpointli...
CVE-2021-4460
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is...