Linux Kernel vulnerabilities

CVE-2023-53584 [MEDIUM] CWE-617 CVE-2023-53584: In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_releasepage: Remov In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifs_releasepage() which means there exists pages being private but not dirty. Reprodu

CVE-2023-53606 [MEDIUM] CVE-2023-53606: In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsd_f In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath There are two different flavors of the nfsd4_copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically allocated, refcounted and tracked in the client struture. For t

CVE-2023-53534 [MEDIUM] CWE-476 CVE-2023-53534: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtk_drm_crtc: Add In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.

CVE-2023-53598 [MEDIUM] CVE-2023-53598: In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHD In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic. Range check the read value to prevent a crash due to bad dat

CVE-2023-53586 [MEDIUM] CWE-415 CVE-2023-53586: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_ In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 ("target: Delete tmr from list before processing"). The problem occurs when: 1. We have N

CVE-2023-53571 [MEDIUM] CVE-2023-53571: In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intel_get_crtc_n In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intel_get_crtc_new_encoder() less oopsy The point of the WARN was to print something, not oops straight up. Currently that is precisely what happens if we can't find the connector for the crtc in the atomic state. Get the dev pointer from the atomic state instead of the pot

CVE-2025-39946 [MEDIUM] CVE-2025-39946: In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the str In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent connection stalls. Make sure that we abort the connection when we f

CVE-2023-53593 [MEDIUM] CVE-2023-53593: In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fsc In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the

CVE-2023-53605 [MEDIUM] CWE-401 CVE-2023-53605: In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory l In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dc_construct_ctx() function.

CVE-2022-50493 [MEDIUM] CVE-2022-50493: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx] qla_nvme_post_cmd+0x166/0x240 [qla2xxx] nvme_fc_start_fc

CVE-2022-50482 [MEDIUM] CWE-908 CVE-2022-50482: In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool") when there was a failure in init_dmars(), because the iommu_domain cache still had o

CVE-2023-53540 [MEDIUM] CVE-2023-53540: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/ass In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later.

CVE-2025-39929 [MEDIUM] CWE-401 CVE-2025-39929: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()

CVE-2025-39953 [MEDIUM] CVE-2025-39953: In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroup_destroy_wq In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroup_destroy_wq into 3 workqueues A hung task can occur during [1] LTP cgroup testing when repeatedly mounting/unmounting perf_event and net_prio controllers with systemd.unified_cgroup_hierarchy=1. The hang manifests in cgroup_lock_and_drain_offline() during root destruct

CVE-2025-39938 [MEDIUM] CWE-476 CVE-2025-39938: In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: F In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink grap

CVE-2022-50477 [MEDIUM] CWE-401 CVE-2022-50477: In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memle In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devm_rtc_allocate_device() devm_rtc_allocate_device() will alloc a rtc_device first, and then run dev_set_name(). If dev_set_name() failed, the rtc_device will memleak. Move devm_add_action_or_reset() in front of dev_set_name() to prevent memle

CVE-2022-50504 [MEDIUM] CVE-2022-50504: In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG: sleeping function called from invalid context at

CVE-2022-50503 [MEDIUM] CWE-476 CVE-2022-50503: In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible n In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_resource() returns NULL.

CVE-2022-50473 [MEDIUM] CWE-908 CVE-2022-50473: In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_sysfs_release() when kobject_init_and_add() fails. And that will cause a crash such as the following page fault in complete: BUG: unable to handle page

CVE-2023-53610 [MEDIUM] CVE-2023-53610: In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in p In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platform_irqchip_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak.