68528 matches found
CVE-2022-50312
In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just returning directly...
CVE-2022-50319
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50314
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The following program is a simplified version of the reproducer: int mainvoid int sv2, fd; if socketpairAFUNIX, SOCKSTREAM, 0, sv recvthreads =...
CVE-2022-50335
In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added...
CVE-2022-50334
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range 0x0000000000000000-0x0000000000000007...
CVE-2023-53210
In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix null-ptr-deref for r5lflushstripetoraid r5lflushstripetoraid will check if the list 'flushingios' is empty, and then submit 'flushbio', however, r5llogflushendio is clearing the list first and then clear the...
CVE-2023-53215
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in settaskcpu like below: ------------ cut here ------------...
CVE-2023-53236
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0 then setting npfns0 before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be...
CVE-2023-53238
In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...
CVE-2023-53235
In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using drmkunithelperallocdrmdevice the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code...
CVE-2023-53254
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same index are shared between CPUs. However, this will trigger...
CVE-2023-53252
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...
CVE-2022-50287
In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fix a memory leak in generatelfpdataptrs When size != 0 || ptrs-lvds entries != 3, the program tries to free the ptrs. However, the ptrs is not created by calling kzmalloc, but is obtained by pointer offset...
CVE-2022-50285
In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlblock before decrementing h-resvhugepages The h-hugepages counters are protected by the hugetlblock, but allochugepage has a corner case where it can decrement the counter outside of the lock. This could le...
CVE-2022-50306
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than EXT4FCTAGBASELEN which will lead to out of bound read when mounting corrupt file...
CVE-2022-50310
In the Linux kernel, the following vulnerability has been resolved: ip6mr: fix UAF issue in ip6mrskdone when addrconfinitnet failed If the initialization fails in calling addrconfinitnet, devconfall is the pointer that has been released. Then ip6mrskdone is called to release the net, accessing...
CVE-2022-50311
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxlcalccapprouting ofgetnextparent returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. This function only calls ofnodeput in normal path, missing it in...
CVE-2022-50328
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2fcwaitbufs In 'jbd2fcwaitbufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count...
CVE-2023-53205
In the Linux kernel, the following vulnerability has been resolved: KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler We do check for target CPU == -1, but this might change at the time we are going to use it. Hold the physical target CPU in a local variable to avoid...
CVE-2023-53204
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under spinlockunixgclock, but toomanyunixfds reads it locklessly. Let's annotate the write/read accesses to user-unixinflight. BUG: KCSAN: data-race in...
CVE-2023-53208
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...
CVE-2023-53229
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drvstaprercuremove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures...
CVE-2023-53225
In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...
CVE-2023-53248
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page tables, vm update fences are unused. Install stub fence into these fence pointers instead of NULL to avoid NULL dereference when...
CVE-2023-53249
In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mnclocksprobe Use devmofiomap instead of ofiomap to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc will leak, but using devmkzalloc...
CVE-2023-53243
In the Linux kernel, the following vulnerability has been resolved: btrfs: add handling for RAID1C23/DUP to btrfsreduceallocprofile Callers of btrfsreduceallocprofile expect it to return exactly one allocation profile flag, and failing to do so may ultimately result in a WARNON and remount-ro whe...
CVE-2022-50280
In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when creating mounts and propagates the source mount tree @sourcemnt to all applicable nodes of the destination propagation mount tree headed...
CVE-2022-50297
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
CVE-2022-50296
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...
CVE-2022-50317
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: 31.911505 i2c-core: driver stdp2690-ge-b850v3-fw unregistered 31.912484 general protection fault, probably for...
CVE-2023-53213
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a URB provided by a USB device, i...
CVE-2023-53216
In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...
CVE-2022-50321
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmfnetdevstartxmit The brcmfnetdevstartxmit returns NETDEVTXOK without freeing skb in case of pskbexpandhead fails, add devkfreeskb to fix it. Compile tested only...
CVE-2022-50337
In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls pcigetdomainbusandslot, as comment says, it returns a pci device with refcount increment, so after using it, pcidevput needs be called. Get the devic...
CVE-2023-53237
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix amdgpuirqput call trace in gmcv110hwfini The gmc.eccirq is enabled by firmware per IFWI setting, and the host driver is not privileged to enable/disable the interrupt. So, it is meaningless to use the amdgpuirqput...
CVE-2023-53211
In the Linux kernel, the following vulnerability has been resolved: driver core: location: Free struct acpipldinfo pld before return false struct acpipldinfo pld should be freed before the return of allocation failure, to prevent memory leak, add the ACPIFREE to fix it...
CVE-2023-53253
In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hiddevice devm allocation of inputdev name Use hiddevice for devm allocation of the inputdev name to avoid a use-after-free. inputunregisterdevice would trigger devres cleanup of all resources...
CVE-2023-53230
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifssmb3domount This fixes the following warning reported by kernel test robot fs/smb/client/cifsfs.c:982 cifssmb3domount warn: possible memory leak of 'cifssb'...
CVE-2023-53233
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix deadlock triggered by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: possible circular locking dependency detected...
CVE-2022-50263
In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix memory leak when freeing IOTLBs After commit bda324fd037a "vdpasim: control virtqueue support", vdpasim-iommu became an array of IOTLB, so we should clean the mappings of each free one by one instead of just deleting...
CVE-2022-50303
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfdprocessdeviceinitvm returns failure after vm is converted to compute vm and vm-pasid set to compute pasid, KFD will not take pdd-drmfile reference. As a result, drm close file...
CVE-2023-53242
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 "driver core: Add allocsize hint to devm allocators" exposes a panic "BRK handler: Fatal exception" on the hi3660thermalprobe funciton. This is because the...
CVE-2022-50304
In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in initmtd I got the error report while inject fault in initmtd: sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: dumpstacklvl+0x67/0x83 sysfswarndup+0x60/0x70...
CVE-2023-53202
In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
CVE-2022-50262
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT recordsize When the NTFS BOOT recordsize field recordbits calculation through blksizebits assumes the size always 256, which could lead to NPD while mounting a malformed NTFS image. 318.675159 BUG: kernel...
CVE-2022-50309
In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvipgraphdmainit ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...
CVE-2023-53255
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resource leak in svccreatememorypool svccreatememorypool is only called from stratix10svcdrvprobe. Most of resources in the probe are managed, but not this memremap call. There is also no...
CVE-2023-53258
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank Why Underflow observed when using a display with a large vblank region and low refresh rate How Simplify calculation of vblanknom Increase value for...
CVE-2022-50279
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Read of size 1 at addr...
CVE-2023-53201
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: wraparound mbox producer index Driver is not handling the wraparound of the mbox producer index correctly. Currently the wraparound happens once u32 max is reached. Bit 31 of the producer index register is special an...