Linux Kernel vulnerabilities

CVE-2023-53663 [MEDIUM] CVE-2023-53663: In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of ass In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO has diverged from KVM's default. Userspace can trigger the WARN at will by writin

CVE-2023-53671 [MEDIUM] CVE-2023-53671: In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL Commit 994f706872e6 ("srcu: Make Tree SRCU able to operate without snp_node array") assumes that cpu 0 is always online. However, there really are situations when some other CPU is the boot CPU, for example, when booting a kdump

CVE-2022-50520 [MEDIUM] CVE-2022-50520: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refc In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev

CVE-2022-50549 [MEDIUM] CWE-667 CVE-2022-50549: In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock betw In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list e

CVE-2022-50534 [MEDIUM] CVE-2022-50534: In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's pmd->root when commit failed Recently we found a softlock up problem in dm thin pool btree lookup code due to corrupted metadata: Kernel panic - not syncing: softlockup: hung tasks CPU: 7 PID: 2669225 Comm: kworker/u16:3 Hardware name: QEMU Standard PC (i4

CVE-2022-50513 [MEDIUM] CWE-401 CVE-2022-50513: In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a poten In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly released. Besides, considering there are only two error paths and the fi

CVE-2022-50528 [MEDIUM] CWE-401 CVE-2022-50528: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in _gpuvm_import_dmabuf() function

CVE-2023-53660 [MEDIUM] CVE-2023-53660: In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptr_ring The following warning was reported when running xdp_redirect_cpu with both skb-mode and stress-mode enabled: ------------[ cut here ]------------ Incorrect XDP memory type (-2128176192) usage WARNING: CPU: 7 PID: 1442 at net/core/xdp

CVE-2023-53617 [MEDIUM] CWE-401 CVE-2023-53617: In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree() in the later error handling in order to avoid memory leak.

CVE-2023-53665 [MEDIUM] CVE-2023-53665: In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev aft In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be used anymore after export_rdev(). This problem can be tri

CVE-2023-53669 [MEDIUM] CWE-401 CVE-2023-53669: In the Linux kernel, the following vulnerability has been resolved: tcp: fix skb_copy_ubufs() vs BI In the Linux kernel, the following vulnerability has been resolved: tcp: fix skb_copy_ubufs() vs BIG TCP David Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB. skb_copy_ubufs() assumed it could copy all payload using up to MAX_SKB_FRAGS order-0 pages. This assumption broke w

CVE-2022-50554 [MEDIUM] CVE-2022-50554: In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed ou

CVE-2023-53653 [MEDIUM] CWE-476 CVE-2023-53653: In the Linux kernel, the following vulnerability has been resolved: media: amphion: fix REVERSE_INU In the Linux kernel, the following vulnerability has been resolved: media: amphion: fix REVERSE_INULL issues reported by coverity null-checking of a pointor is suggested before dereferencing it

CVE-2023-53647 [MEDIUM] CWE-476 CVE-2023-53647: In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't deref In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root object trying to find Hyper-V MMIO ranges. However, if

CVE-2023-53620 [MEDIUM] CWE-667 CVE-2023-53620: In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_r In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_resync status_resync() will calculate 'curr_resync - recovery_active' to show user a progress bar like following: [============>........] resync = 61.4% 'curr_resync' and 'recovery_active' is updated in md_do_sync(), and status_resync() can read the

CVE-2023-53624 [MEDIUM] CWE-190 CVE-2023-53624: In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with "initial quantum" having values greater than INT_MAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this situation, the syzkaller script provided by Cristop

CVE-2022-50537 [MEDIUM] CWE-401 CVE-2022-50537: In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix poss In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will not be freed through rpi_firmware_delete(), fix this leak by calling kfree() in the error path.

CVE-2022-50544 [MEDIUM] CWE-401 CVE-2022-50544: In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to

CVE-2023-53632 [MEDIUM] CVE-2023-53632: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features() Hold RTNL lock when calling xdp_set_features() with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep to nic profile for example. This resolves the follow

CVE-2023-53657 [MEDIUM] CWE-476 CVE-2023-53657: In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if switchdev configuration was finished.