68528 matches found
CVE-2022-50319
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50263
In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix memory leak when freeing IOTLBs After commit bda324fd037a "vdpasim: control virtqueue support", vdpasim-iommu became an array of IOTLB, so we should clean the mappings of each free one by one instead of just deleting...
CVE-2023-53242
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 "driver core: Add allocsize hint to devm allocators" exposes a panic "BRK handler: Fatal exception" on the hi3660thermalprobe funciton. This is because the...
CVE-2023-53216
In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...
CVE-2023-53229
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drvstaprercuremove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures...
CVE-2022-50314
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The following program is a simplified version of the reproducer: int mainvoid int sv2, fd; if socketpairAFUNIX, SOCKSTREAM, 0, sv recvthreads =...
CVE-2023-53233
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix deadlock triggered by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: possible circular locking dependency detected...
CVE-2023-53202
In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
CVE-2022-50310
In the Linux kernel, the following vulnerability has been resolved: ip6mr: fix UAF issue in ip6mrskdone when addrconfinitnet failed If the initialization fails in calling addrconfinitnet, devconfall is the pointer that has been released. Then ip6mrskdone is called to release the net, accessing...
CVE-2022-50311
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxlcalccapprouting ofgetnextparent returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. This function only calls ofnodeput in normal path, missing it in...
CVE-2022-50306
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than EXT4FCTAGBASELEN which will lead to out of bound read when mounting corrupt file...
CVE-2022-50304
In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in initmtd I got the error report while inject fault in initmtd: sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: dumpstacklvl+0x67/0x83 sysfswarndup+0x60/0x70...
CVE-2023-53248
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page tables, vm update fences are unused. Install stub fence into these fence pointers instead of NULL to avoid NULL dereference when...
CVE-2023-53235
In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using drmkunithelperallocdrmdevice the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code...
CVE-2023-53254
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same index are shared between CPUs. However, this will trigger...
CVE-2023-53230
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifssmb3domount This fixes the following warning reported by kernel test robot fs/smb/client/cifsfs.c:982 cifssmb3domount warn: possible memory leak of 'cifssb'...
CVE-2022-50279
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Read of size 1 at addr...
CVE-2023-53204
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under spinlockunixgclock, but toomanyunixfds reads it locklessly. Let's annotate the write/read accesses to user-unixinflight. BUG: KCSAN: data-race in...
CVE-2022-50321
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmfnetdevstartxmit The brcmfnetdevstartxmit returns NETDEVTXOK without freeing skb in case of pskbexpandhead fails, add devkfreeskb to fix it. Compile tested only...
CVE-2022-50296
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...
CVE-2022-50328
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2fcwaitbufs In 'jbd2fcwaitbufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count...
CVE-2023-53201
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: wraparound mbox producer index Driver is not handling the wraparound of the mbox producer index correctly. Currently the wraparound happens once u32 max is reached. Bit 31 of the producer index register is special an...
CVE-2023-53253
In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hiddevice devm allocation of inputdev name Use hiddevice for devm allocation of the inputdev name to avoid a use-after-free. inputunregisterdevice would trigger devres cleanup of all resources...
CVE-2022-50270
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...
CVE-2023-53234
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watchdogcdevregister kmemleak reports memory leaks in watchdogdevregister, as follows: unreferenced object 0xffff888116233000 size 2048: comm ""modprobe"", pid 28147, jiffies 4353426116 age 61.741s hex...
CVE-2023-53199
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: clean up skbs if ath9khifusbrxstream fails Syzkaller detected a memory leak of skbs in ath9khifusbrxstream. While processing skbs in ath9khifusbrxstream, the already allocated skbs in skbpool are not freed if...
CVE-2022-50305
In the Linux kernel, the following vulnerability has been resolved: ASoC: sofes8336: fix possible use-after-free in sofes8336remove sofes8336remove calls canceldelayedwork. However, that function does not wait until the work function finishes. This means that the callback function may still be...
CVE-2022-50333
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor...
CVE-2023-53251
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwlpcieirqrxmsixhandler rxq can be NULL only when transpcie-rxq is NULL and entry-entry is zero. For the case when entry-entry is not equal to 0, rxq won't be NULL even if...
CVE-2023-53214
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential memory corruption in updateiostatlatency Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below: fs/f2fs/iostat.c:231 updateiostatlatency error: buffer...
CVE-2023-53217
In the Linux kernel, the following vulnerability has been resolved: nubus: Partially revert proccreatesingledata conversion The conversion to proccreatesingledata introduced a regression whereby reading a file in /proc/bus/nubus results in a seg fault: grep -r . /proc/bus/nubus/e/ Data read fault...
CVE-2023-53218
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
CVE-2022-50320
In the Linux kernel, the following vulnerability has been resolved: ACPI: tables: FPDT: Don't call acpiosmapmemory on invalid phys address On a Packard Bell Dot SC Intel Atom N2600 model there is a FPDT table which contains invalid physical addresses, with high bits set which fall outside the ran...
CVE-2023-53256
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...
CVE-2022-50329
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfqexiticqbfqq Commit 64dc8c732f5c "block, bfq: fix possible uaf for 'bfqq-bic'" will access 'bic-bfqq' in bicsetbfqq, however, bfqexiticqbfqq can free bfqq first, and then call bicsetbfqq, which...
CVE-2023-53213
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a URB provided by a USB device, i...
CVE-2022-50297
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
CVE-2023-53215
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in settaskcpu like below: ------------ cut here ------------...
CVE-2023-53211
In the Linux kernel, the following vulnerability has been resolved: driver core: location: Free struct acpipldinfo pld before return false struct acpipldinfo pld should be freed before the return of allocation failure, to prevent memory leak, add the ACPIFREE to fix it...
CVE-2022-50282
In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdevdeviceadd While doing fault injection test, I got the following report: ------------ cut here ------------ kobject: 'null' 0000000039956980: is not initialized, yet kobjectput is being called...
CVE-2022-50300
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in readonechunk Store the error code before freeing the extentmap. Though it's reference counted structure, in that function it's the first and last allocation so...
CVE-2023-53257
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...
CVE-2022-50335
In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added...
CVE-2023-53225
In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...
CVE-2022-50281
In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fix platform-device leak in bridgeplatformcreate In error case in bridgeplatformcreate after calling platformdeviceadd/platformdeviceadddata/ platformdeviceaddresources, release the failed 'pdev' or it will be lea...
CVE-2023-53238
In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...
CVE-2023-53153
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext Key information in wext.connect is not reset on reconnect and can hold data from a previous connection. Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP...
CVE-2023-53186
In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 "skbuff: fix coalescing for pagepool fragment recycling" allowed coalescing to proceed with non page pool page and page pool page when @from is cloned,...
CVE-2022-50236
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec If the system is rebooted via isr, the IRQ handler might be triggered before the domain is initialized. Resulting on an invalid memory access error. Fix: 0.500930 Unable to handle kern...
CVE-2022-50240
In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...