Linux Kernel vulnerabilities

CVE-2022-50519 [MEDIUM] CVE-2022-50519: In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARN_ONs by nil In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces the WARN_ONs by nilfs_error, so that a kernel, booted with

CVE-2022-50548 [MEDIUM] CWE-401 CVE-2022-50548: In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory l In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846_parse_dt() If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by properly freeing the V4L2 fwnode data in a designat

CVE-2023-53643 [MEDIUM] CWE-476 CVE-2023-53643: In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname() with a released socket. During error recovery wo

CVE-2023-53654 [MEDIUM] CVE-2023-53654: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation be In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPM_USX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization, the driver is assuming they are contiguous and trying to a

CVE-2022-50527 [MEDIUM] CWE-476 CVE-2022-50527: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains (v4) Fix amdgpu_bo_validate_size() to check whether the TTM domain manager for the requested memory exists, else we get a kernel oops when dereferencing "man". v2: Make the patch standalone, i.e. not dependent on local pat

CVE-2022-50541 [MEDIUM] CVE-2022-50541: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset U In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to monitor the operational progress status for a channel,

CVE-2023-53634 [MEDIUM] CVE-2023-53634: In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error o In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPF_TRAMP_F_CALL_ORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the instruction next to call site is usually PACIASP, in this c

CVE-2023-53650 [MEDIUM] CWE-401 CVE-2023-53650: In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix a In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() If 'mipid_detect()' fails, we must free 'md' to avoid a memory leak.

CVE-2022-50540 [MEDIUM] CVE-2022-50540: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slave_config Fix broken slave_config function that uncorrectly compare the peripheral_size with the size of the config pointer instead of the size of the config struct. This cause the crci value to be ignored and cause a kernel panic on any s

CVE-2023-53649 [MEDIUM] CWE-401 CVE-2023-53649: In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evs In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel->priv area In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in evsel->priv") it only was freeing if strcmp(evsel->tp_format->system, "syscalls") returned zero, while the corresponding initialization of evsel->priv was being performed if it

CVE-2023-53670 [MEDIUM] CWE-401 CVE-2023-53670: In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix dev_pm_qos memle In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix dev_pm_qos memleak Call dev_pm_qos_hide_latency_tolerance() in the error unwind patch to avoid following kmemleak:- blktests (master) # kmemleak-clear; ./check nvme/044; blktests (master) # kmemleak-scan ; kmemleak-show nvme/044 (Test bi-directional authentication)

CVE-2022-50514 [MEDIUM] CVE-2022-50514: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix refcoun In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix refcount leak on error path When failing to allocate report_desc, opts->refcnt has already been incremented so it needs to be decremented to avoid leaving the options structure permanently locked.

CVE-2022-50516 [MEDIUM] CWE-476 CVE-2022-50516: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sb_lvbptr I experience issues when putting a lkbsb on the stack and have sb_lvbptr field to a dangled pointer while not using DLM_LKF_VALBLK. It will crash with the following kernel message, the dangled pointer is here 0xdeadbeef as example: [ 102

CVE-2022-50547 [MEDIUM] CWE-401 CVE-2022-50547: In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible m In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solo_sysfs_init() If device_register() returns error in solo_sysfs_init(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path.

CVE-2023-53686 [MEDIUM] CWE-476 CVE-2023-53686: In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-der In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshake_nl_done_doit() We should not call trace_handshake_cmd_done_err() if socket lookup has failed. Also we should call trace_handshake_cmd_done_err() before releasing the file, otherwise dereferencing sock->sk can return garbage. This al

CVE-2023-53666 [MEDIUM] CVE-2023-53666: In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix miss In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix missing mbhc init error handling MBHC initialisation can fail so add the missing error handling to avoid dereferencing an error pointer when later configuring the jack: Unable to handle kernel paging request at virtual address fffffffffffffff8 pc : wcd_mbhc_st

CVE-2023-53656 [MEDIUM] CVE-2023-53656: In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migra In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown The driver needs to migrate the perf context if the current using CPU going to teardown. By the time calling the cpuhp::teardown() callback the cpu_online_mask() hasn't updated yet and still includes the CPU going to tear

CVE-2023-53683 [MEDIUM] CWE-617 CVE-2023-53683: In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() f In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic.

CVE-2022-50530 [MEDIUM] CWE-476 CVE-2022-50530: In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer derefe In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() Our syzkaller report a null pointer dereference, root cause is following: __blk_mq_alloc_map_and_rqs set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs blk_mq_alloc_map_and_rqs blk_mq_alloc_rqs // failed due to oom all

CVE-2023-53633 [MEDIUM] CWE-401 CVE-2023-53633: In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in map_u In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in map_user_pages() If get_user_pages_fast() allocates some pages but not as many as we wanted, then the current code leaks those pages. Call put_page() on the pages before returning.