Linux Kernel vulnerabilities

CVE-2023-53626 [HIGH] CWE-415 CVE-2023-53626: In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unloc In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory

CVE-2023-53619 [HIGH] CWE-416 CVE-2023-53619: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free If nf_conntrack_init_start() fails (for example due to a register_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini() clean-up path frees the nf_ct_helper_hash map. When built with NF_CONNTRACK=y, further netfilt

CVE-2023-53629 [HIGH] CWE-416 CVE-2023-53629: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the following KASAN use-after-free warning: [ 151.760477] ================================================================== [ 151.761803] BUG: KASAN: use-after-fr

CVE-2023-53640 [HIGH] CWE-416 CVE-2023-53640: In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use_ In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use_after_free out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bounds in regcache_flat_read+0x10c/0x110 Read of siz

CVE-2022-50552 [HIGH] CWE-416 CVE-2022-50552: In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator s In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work

CVE-2023-53618 [MEDIUM] CVE-2023-53618: In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tre In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). That ASSERT() makes sure the reloc tree is properly pointed back by its subvolume tree. [CAUSE] After more debugging output, it turns out we

CVE-2023-53684 [MEDIUM] CVE-2023-53684: In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of

CVE-2023-53655 [MEDIUM] CWE-674 CVE-2023-53655: In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due t In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Registering a kprobe on __rcu_irq_enter_check_tick() can cause kernel stack overflow as shown below. This issue can be reproduced by enabling CONFIG_NO_HZ_FULL and booting the kernel with argument "nohz_

CVE-2023-53658 [MEDIUM] CWE-476 CVE-2023-53658: In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer acc

CVE-2023-53678 [MEDIUM] CWE-476 CVE-2023-53678: In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend wi In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platforms without display - suspending fbdev should be skipped during system suspend, fix this up. While at it add an assert that suspending fbdev only happens

CVE-2023-53674 [MEDIUM] CWE-401 CVE-2023-53674: In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_cl In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocated resource was leaked. Fix the issue by

CVE-2022-50510 [MEDIUM] CWE-401 CVE-2022-50510: In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callba In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() arm_smmu_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_multi_state() in fail path. Similar to the handling of arm_cc

CVE-2022-50538 [MEDIUM] CWE-476 CVE-2022-50538: In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in f In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fake_init() In fake_init(), __root_device_register() is possible to fail but it's ignored, which can cause unregistering vme_root fail when exit. general protection fault, probably for non-canonical address 0xdffffc000000008c KASAN: null-ptr-deref in

CVE-2022-50523 [MEDIUM] CWE-401 CVE-2022-50523: In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchip_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it.

CVE-2023-53672 [MEDIUM] CVE-2023-53672: In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref [BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref(). [CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inli

CVE-2023-53625 [MEDIUM] CWE-476 CVE-2023-53625: In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when destroying vgpu, e.g in remove case drm minor's debugfs root might already be destroyed, which led to kernel oops like below. Console: switching to colour dummy device 80x25 i915 0000:00:

CVE-2022-50511 [MEDIUM] CVE-2022-50511: In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavi In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for get_default_font Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in lib/fonts/fonts.c:139:20 left shift of 1 by 31 places c

CVE-2023-53687 [MEDIUM] CWE-401 CVE-2023-53687: In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a better match has already been found, we still ne

CVE-2022-50539 [MEDIUM] CVE-2022-50539: In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.

CVE-2022-50525 [MEDIUM] CWE-401 CVE-2022-50525: In the Linux kernel, the following vulnerability has been resolved: iommu/fsl_pamu: Fix resource le In the Linux kernel, the following vulnerability has been resolved: iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() The fsl_pamu_probe() returns directly when create_csd() failed, leaving irq and memories unreleased. Fix by jumping to error if create_csd() returns error.