68528 matches found
CVE-2023-53447
In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fsremount syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 1 PREEMPT SMP KASAN RIP: 0010:lockacquire+0x69/0x2000...
CVE-2023-53421
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats When blkgalloc is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper...
CVE-2022-50403
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50414
In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls fcoetransportattach&fcoeswtransport, but when fcoeifinit fails, &fcoeswtransport is not detached and leaves freed &fcoeswtransport on fcoetransports...
CVE-2022-50415
In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: starttask createsinglethreadworkqueue faile...
CVE-2023-53442
In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To prevent this, check if ADQ is active when changi...
CVE-2022-50413
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assocdata at this point, so need to use another copy of the AP MLD address instead...
CVE-2023-53424
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix ofiomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtkclksimpleprobe warn: 'base' from ofiomap not released on lines: 496. This problem was also found in linux-next. In mtkclksimpleprobe, ba...
CVE-2022-50410
In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...
CVE-2022-50412
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cecunregisteradapter assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the...
CVE-2022-50405
In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...
CVE-2023-53432
In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnetfinishincomingpacket The netifrx function frees the skb so we can't dereference it to save the skb-len...
CVE-2023-53434
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add custom memory copy implementation for i.MX DSP Cores The IRAM is part of the HiFi DSP. According to hardware specification only 32-bits write are allowed otherwise we get a Kernel panic. Therefore add...
CVE-2023-53433
In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of skbheaderpointer in vlangetprotocol and friends. Few callers depended on skb-head being populated with MAC header, syzbot caught one of...
CVE-2023-53423
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
CVE-2022-50411
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpidscallcontrolmethod A use-after-free in acpipsparseaml after a failing invocaion of acpidscallcontrolmethod is reported by KASAN 1 and code inspection reveals that nextwalkstate pushed to the...
CVE-2023-53446
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcielinkstate-downstream is a pointer to the pcidev of function 0. Previously we retained that pointer when removing function 0, and subsequent ASPM...
CVE-2023-53428
In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Remove recursion while parsing zones Powercap zones can be defined as arranged in a hierarchy of trees and when registering a zone with powercapregisterzone, the kernel powercap subsystem expects this to happen...
CVE-2022-50417
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrostgemcreatewithhandle previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a...
CVE-2023-53430
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: dma: fix memory leak running mt76dmatxcleanup Fix device unregister memory leak and alway cleanup all configured rx queues in mt76dmatxcleanup routine...
CVE-2022-50402
In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of mdbitmapgetcounter Check the return value of mdbitmapgetcounter in case it returns NULL pointer, which will result in a null pointer dereference. v2: update the check to include oth...
CVE-2023-53425
In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. This fixes this smatch warning: drivers/media/platform/mediatek/vpu/mtkvpu.c:570 vpuloadfirmware warn: address of NULL point...
CVE-2023-53443
In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pmruntimeresumeandget to prevent refcnt leak In arizonaclk32kenable, we should use pmruntimeresumeandget as pmruntimegetsync will increase the refcnt even when it returns an error...
CVE-2023-53441
In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 size 192: comm "syz-executor.3", pid 17672, jiffies 4298118891 age 9.906s hex...
CVE-2022-50408
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit ret = brcmfprototxqueuedatadrvr, ifp-ifidx, skb; may be schedule, and then complete before the line ndev-stats.txbytes += skb-len; 46.912801...
CVE-2022-50401
In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svcxprtput on rpccreate failure On error situation clp-clcbconn.cbxprt should not be given a reference to the xprt otherwise both client cleanup and the error handling path of the caller call to pu...
CVE-2023-53444
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix bulkmove corruption when adding a entry When the resource is the first in the bulkmove range, adding it again thus moving it to the tail will corrupt the list since the first pointer is not moved. This eventually lea...
CVE-2022-50392
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183mt6358ts3a227max98357devprobe The node returned by ofparsephandle with refcount incremented, ofnodeput needs be called when finish using it. So add it in the error path in...
CVE-2022-50390
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...
CVE-2022-50395
In the Linux kernel, the following vulnerability has been resolved: integrity: Fix memory leakage in keyring allocation error path Key restriction is allocated in integrityinitkeyring. However, if keyring allocation failed, it is not freed, causing memory leaks...
CVE-2022-50388
In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...
CVE-2022-50381
In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...
CVE-2022-50382
In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running -parallel A deadlock can happen when an overloaded system runs -parallel in the context of the current task: padatadoparallel -parallel pcryptaeadenc/dec padatadoserial...
CVE-2022-50384
In the Linux kernel, the following vulnerability has been resolved: staging: vmeuser: Fix possible UAF in tsi148dmalistadd Smatch report warning as follows: drivers/staging/vmeuser/vmetsi148.c:1757 tsi148dmalistadd warn: '&entry-list' not removed from list In tsi148dmalistadd, the error path "got...
CVE-2023-53393
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to use the correct counters, but, portnum is being passed down the stack...
CVE-2023-53376
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long...
CVE-2023-53394
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on regular rq reactivation When the regular rq is reactivated after the XSK socket is closed it could be reading stale cqes which eventually corrupts the rq. This leads to no more traffic being received ...
CVE-2023-53409
In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call...
CVE-2023-53415
In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...
CVE-2023-53410
In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...
CVE-2023-53388
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtkdrmbind can fail, in which case drmdevput is called, destroying the drmdevice object. However a pointer to it was still being held in the private object, and that pointer...
CVE-2023-53392
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix kernel panic during warm reset During warm reset device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel panic...
CVE-2023-53385
In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fix resource leaks in offinddevicebynode Use putdevice to release the object get through offinddevicebynode, avoiding resource leaks...
CVE-2023-53414
In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
CVE-2022-50399
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...
CVE-2022-50398
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomiccheck to bridge ops DRM committails will disable downstream crtc/encoder/bridge if both disable crtc is required and crtc-active is set before pushing a new frame downstream. There is a rare case that user...
CVE-2022-50380
In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 "mm: /proc/pid/smapsrollup: convert to single value seqfile" introduced a null-deref if there are no vma's in the task in showsmapsrollup...
CVE-2022-50397
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53404
In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
CVE-2023-53403
In the Linux kernel, the following vulnerability has been resolved: time/debug: Fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...