Linux Kernel vulnerabilities

CVE-2023-53471 [HIGH] CVE-2023-53471: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cp In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras gfx9 cp_ecc_error_irq is only enabled when legacy gfx ras is assert. So in gfx_v9_0_hw_fini, interrupt disablement for cp_ecc_error_irq should be executed under such condition, otherwise, an amdgpu_irq_put callt

CVE-2023-53454 [HIGH] CWE-416 CVE-2023-53454: In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm d In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequent

CVE-2025-39891 [HIGH] CVE-2025-39891: In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the c In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chan_stats array to zero The adapter->chan_stats[] array is initialized in mwifiex_init_channel_scan_gap() with vmalloc(), which doesn't zero out memory. The array is filled in mwifiex_update_chan_statistics() and then the user can query the data in mwifiex_cfg

CVE-2023-53506 [HIGH] CVE-2023-53506: In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in

CVE-2023-53507 [HIGH] CVE-2023-53507: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink pa In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN[1]. Fix it by unregistering devlink params in that case as well. [1] [ 295.244769 ] WARNING: CPU: 15 PID: 1 at

CVE-2022-50422 [HIGH] CWE-416 CVE-2022-50422: In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-fre In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() wil

CVE-2023-53524 [HIGH] CWE-190 CVE-2023-53524: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix intege In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function. static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count, void *buf, s

CVE-2022-50467 [MEDIUM] CWE-476 CVE-2022-50467: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr d In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to lpfc_nlp_put() with a null pointer to a nodelist structure. Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon entr

CVE-2022-50460 [MEDIUM] CWE-401 CVE-2022-50460: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_floc In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_flock() If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked.

CVE-2022-50445 [MEDIUM] CVE-2022-50445: In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode p In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198] CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loa

CVE-2022-50441 [MEDIUM] CWE-476 CVE-2022-50441: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to c In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work Commit 0d4e8ed139d8 ("net/mlx5: Lag, avoid lockdep warnings") accidentally removed a call to cancel delayed bond work thus it may cause queued delay to expire and fall on an already destroyed work queue. Fix by restoring the

CVE-2025-39925 [MEDIUM] CVE-2025-39925: In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UN In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREGISTER notification handler for undoing changes made by j1939_sk_bind(). Commit 2

CVE-2025-39923 [MEDIUM] CVE-2025-39923: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix D In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-powered BAM instances. In this case, we need to read num-channel

CVE-2022-50469 [MEDIUM] CWE-401 CVE-2022-50469: In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potenti In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() In rtw_init_drv_sw(), there are various init functions are called to populate the padapter structure and some checks for their return value. However, except for the first one error path, the other five error paths

CVE-2025-39906 [MEDIUM] CWE-476 CVE-2025-39906: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. (cherry picked from commit 89923fb7ead4fdd37b78dd49962d9

CVE-2023-53453 [MEDIUM] CWE-401 CVE-2023-53453: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombi In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", pid 326, jiffies 4294682822 (age 716.338s) hex dump (first 32 bytes): 00 00 00 00 c4 aa ec aa 14 ab 00 00

CVE-2023-53481 [MEDIUM] CWE-835 CVE-2023-53481: In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_wl_put_peb: Fix infini In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed Following process will trigger an infinite loop in ubi_wl_put_peb(): ubifs_bgt ubi_bgt ubifs_leb_unmap ubi_leb_unmap ubi_eba_unmap_leb ubi_wl_put_peb wear_leveling_worker e1 = rb_entry(rb_first(&ubi->used) e2 =

CVE-2023-53476 [MEDIUM] CWE-476 CVE-2023-53476: In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL de In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() This condition needs to match the previous "if (epcp->state == LISTEN) {" exactly to avoid a NULL dereference of either "listen_ep" or "ep". The problem is that "epcp" has been re-assigned so just testing "if

CVE-2025-39924 [MEDIUM] CVE-2025-39924: In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm fo In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX and ensure consistency with sbi->available_compr_algs.

CVE-2023-53528 [MEDIUM] CVE-2023-53528: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If create_qp does not fully succeed it is possible for qp cleanup code to attempt to drain the send or recv work queues before the queues have been created causing a seg fault. This patch checks to see if the queues exist before attempting to dra