Linux Kernel vulnerabilities

CVE-2023-53568 [MEDIUM] CWE-401 CVE-2023-53568: In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if dev_set_name() fails When dev_set_name() fails, zcdn_create() doesn't free the newly allocated resources. Do it.

CVE-2023-53611 [MEDIUM] CWE-401 CVE-2023-53611: In the Linux kernel, the following vulnerability has been resolved: ipmi_si: fix a memleak in try_s In the Linux kernel, the following vulnerability has been resolved: ipmi_si: fix a memleak in try_smi_init() Kmemleak reported the following leak info in try_smi_init(): unreferenced object 0xffff00018ecf9400 (size 1024): comm "modprobe", pid 2707763, jiffies 4300851415 (age 773.308s) backtrace: [] __kmalloc+0x4b8/0x7b0 [] try_smi_init+0x148/0x5d

CVE-2023-53546 [MEDIUM] CWE-401 CVE-2023-53546: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak i In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx when mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5_cmd_exec.

CVE-2023-53591 [MEDIUM] CWE-667 CVE-2023-53591: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc r In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock[0] when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the call chain and there is no obvious way to easily fix

CVE-2022-50479 [MEDIUM] CWE-401 CVE-2022-50479: In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory l In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak (clk_src) when function run into last return NULL. s/free/kfree/ - Alex

CVE-2025-39933 [MEDIUM] CVE-2025-39933: In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done veri In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.

CVE-2023-53549 [MEDIUM] CWE-667 CVE-2023-53549: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long t In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of time and can result in soft lockup errors. The patch 5f7b51bf09ba ("netfilter: ipset: Limit the maximal

CVE-2022-50506 [MEDIUM] CWE-476 CVE-2022-50506: In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier", from drbd_request_prepare to drbd_req_new. The problem is that this accesses device->ldev->backing_bde

CVE-2023-53615 [MEDIUM] CWE-362 CVE-2023-53615: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion rac In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trace that show the same port was allowed to double queu

CVE-2023-53583 [MEDIUM] CVE-2023-53583: In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERF_HES_S In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Since commit 096b52fd2bb4 ("perf: RISC-V: throttle perf events") the perf_sample_event_took() function was added to report time spent in overflow interrupts. If the interrupt takes too long, the perf framework will l

CVE-2023-53603 [MEDIUM] CWE-476 CVE-2023-53603: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport poi In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport po

CVE-2023-53558 [MEDIUM] CVE-2023-53558: In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid pr_info() with In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because pr_info() calls printk() that might sleep, this will result in BUG like below: [ 0.206455] cblist_init_generic: Setting adjustable number of callback qu

CVE-2023-53538 [MEDIUM] CWE-476 CVE-2023-53538: In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in push_node_left There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following trace: [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096 [530.585] BTRFS critica

CVE-2023-53595 [MEDIUM] CWE-476 CVE-2023-53595: In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL poi In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred. This patch fixes those crashes by using correct order of teardown [ 3324.406942] Unable to handle kernel NULL pointer derefere

CVE-2023-53566 [MEDIUM] CWE-476 CVE-2023-53566: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem(): general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in r

CVE-2022-50501 [MEDIUM] CWE-476 CVE-2022-50501: In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcod In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcoda_iram_alloc As the coda_iram_alloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others.

CVE-2023-53602 [MEDIUM] CWE-401 CVE-2023-53602: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak i In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11k_fw_stats_free() function before hardware unregister. While at it, avoid calling ath11k_fw_stats_free() while

CVE-2025-39940 [MEDIUM] CWE-190 CVE-2025-39940: In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integ In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits->io_min and limits->io_opt;

CVE-2022-50484 [MEDIUM] CWE-401 CVE-2022-50484: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the part

CVE-2023-53535 [MEDIUM] CVE-2023-53535: In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid invoking skb_over_panic() and move on to processing the next pack