Linux Kernel vulnerabilities

CVE-2023-53651 [MEDIUM] CVE-2023-53651: In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops.

CVE-2022-50535 [MEDIUM] CWE-476 CVE-2022-50535: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped.

CVE-2022-50550 [MEDIUM] CWE-401 CVE-2022-50550: In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on add_disk() failures When a gendisk is successfully initialized but add_disk() fails such as when a loop device has invalid number of minor device numbers specified, blkcg_init_disk() is called during init and then blkcg_exit_disk() during error han

CVE-2022-50532 [MEDIUM] CWE-401 CVE-2022-50532: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible res In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() In mpt3sas_transport_port_add(), if sas_rphy_add() returns error, sas_rphy_free() needs be called to free the resource allocated in sas_end_device_alloc(). Otherwise a kernel crash will happen: Unable to h

CVE-2023-53641 [MEDIUM] CWE-401 CVE-2023-53641: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memor In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of remain_skbs hif_dev->remain_skb is allocated and used exclusively in ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is processed and subsequently freed (in error paths) only during the next call of ath9k_hif_usb_rx_st

CVE-2022-50553 [MEDIUM] CWE-787 CVE-2022-50553: In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' When generate a synthetic event with many params and then create a trace action for it [1], kernel panic happened [2]. It is because that in trace_action_create() 'data->n_params' is up to SYNTH_FIELDS_MAX (current

CVE-2023-53648 [MEDIUM] CWE-476 CVE-2023-53648: In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL d In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072) remove redundant assignment, return error if rac97 is NULL.

CVE-2023-53628 [MEDIUM] CVE-2023-53628: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfx_v11_0_cp_e In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs The gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still use amdgpu_irq_put to disable this interrupt, which caused the call trace in this function. [ 102.873958] Call Trace: [ 102.873959] [ 102.873961] gfx_v11_0_hw_fini+0

CVE-2023-53630 [MEDIUM] CVE-2023-53630: In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batch_last_index should use 'start_index' since at input to this function the batch is either empty or it has already been adjusted to cross any accesses so it will start at the point we are

CVE-2023-53631 [MEDIUM] CVE-2023-53631: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned. This means that we need to dispose it accordingly. Use kobject_put() to dispose the duplicate attribute in such a case. Compile-tested only.

CVE-2023-53639 [MEDIUM] CVE-2023-53639: In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to de In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN() hinders automated testing. Reducing severity.

CVE-2022-50521 [MEDIUM] CWE-401 CVE-2022-50521: In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix meml In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() The ACPI buffer memory (out.pointer) returned by wmi_evaluate_method() is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so just pass NULL to wmi_evaluate_method()

CVE-2022-50517 [MEDIUM] CVE-2022-50517: In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: do not clobber In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: do not clobber swp_entry_t during THP split The following has been observed when running stressng mmap since commit b653db77350c ("mm: Clear page->private when splitting or migrating a page") watchdog: BUG: soft lockup - CPU#75 stuck for 26s! [stress-ng:9546] CPU: 75 PID:

CVE-2023-53642 [MEDIUM] CVE-2023-53642: In the Linux kernel, the following vulnerability has been resolved: x86: fix clear_user_rep_good() In the Linux kernel, the following vulnerability has been resolved: x86: fix clear_user_rep_good() exception handling annotation This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") upstream. However, rather than backport the full range of x86 memory clearing and

CVE-2023-53664 [MEDIUM] CWE-476 CVE-2023-53664: In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr der In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate() "opp" pointer is dereferenced before the IS_ERR_OR_NULL() check. Fix it by removing the dereference to cache opp_table and dereference it directly where opp_table is used. This fixes the following smatch

CVE-2023-53627 [MEDIUM] CWE-476 CVE-2023-53627: In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lo In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(), it is possible that sas_dev.list is being traversed elsewhere, and it may trigger a NULL pointer exception, such as follows: ==>cq thread ==>scsi_eh

CVE-2022-50545 [MEDIUM] CWE-401 CVE-2022-50545: In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe an In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 (size 2048): comm "modprobe", pid 817, jiffies 4294759745 (age 76.502s) hex dump (first 32 bytes): 00 c4 0a 04 81 88 ff ff 08 10 11 16 81 88 ff ff ........

CVE-2022-50522 [LOW] CVE-2022-50522: In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handi In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleon_parse_gdd() If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount of bus and device name are leaked. Fix this by calling put_device() to give up the reference, so they can be released in mcb_release_dev() and kobject_clea

CVE-2023-53559 [HIGH] CWE-416 CVE-2023-53559: In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use- In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ip_vti device sends IPv6 packets. As commit f855691975bb ("xfr

CVE-2022-50507 [HIGH] CWE-416 CVE-2022-50507: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run off In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access behaviors. [ 82.940342] BUG: KASAN: use-after-free i