Linux Kernel vulnerabilities

CVE-2022-50407 [MEDIUM] CWE-674 CVE-2022-50407: In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest

CVE-2022-50402 [MEDIUM] CWE-476 CVE-2022-50402: In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Check the return value of md_bitmap_get_counter() in case it returns NULL pointer, which will result in a null pointer dereference. v2: update the check to include other dereference

CVE-2023-53411 [MEDIUM] CWE-401 CVE-2023-53411: In the Linux kernel, the following vulnerability has been resolved: PM: EM: fix memory leak with us In the Linux kernel, the following vulnerability has been resolved: PM: EM: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53387 [MEDIUM] CVE-2023-53387: In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device man In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management cmd (NOP OUT) to the device for link recovery. If this cmd times out and clearing the doorbell fails, ufshcd_wait_for_dev_cmd() will do nothing and return. hba->d

CVE-2023-53422 [MEDIUM] CWE-401 CVE-2023-53422: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory l In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory leak in debugfs Fix a memory leak that occurs when reading the fw_info file all the way, since we return NULL indicating no more data, but don't free the status tracking object.

CVE-2023-53445 [MEDIUM] CVE-2023-53445: In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug i In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25 ... Call Trace: __refcount_add include/linux/refcount.h:199 [inline] __refcount_inc include/l

CVE-2023-53383 [MEDIUM] CVE-2023-53383: In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for N In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 The T241 platform suffers from the T241-FABRIC-4 erratum which causes unexpected behavior in the GIC when multiple transactions are received simultaneously from different sources. This hardware issue impacts NVIDIA server platform

CVE-2023-53406 [MEDIUM] CWE-401 CVE-2023-53406: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: pxa25x_udc: fix me In the Linux kernel, the following vulnerability has been resolved: USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the log

CVE-2023-53441 [MEDIUM] CWE-401 CVE-2023-53441: In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpu_map_update_elem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 (size 192): comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s) hex dump (first 32 bytes): 00 00 00 00 4a 19 00 0

CVE-2023-53378 [MEDIUM] CVE-2023-53378: In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO as a framebuffer Currently i915_gem_object_is_framebuffer() doesn't treat the BO containing the framebuffer's DPT as a framebuffer itself. This means eg. that the shrinker can evict the DPT BO while leaving the actual FB BO bound, when the DPT is allocated fr

CVE-2023-53404 [MEDIUM] CWE-401 CVE-2023-53404: In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak w In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53382 [MEDIUM] CWE-476 CVE-2023-53382: In the Linux kernel, the following vulnerability has been resolved: net/smc: Reset connection when In the Linux kernel, the following vulnerability has been resolved: net/smc: Reset connection when trying to use SMCRv2 fails. We found a crash when using SMCRv2 with 2 Mellanox ConnectX-4. It can be reproduced by: - smc_run nginx - smc_run wrk -t 32 -c 500 -d 30 http://: BUG: kernel NULL pointer dereference, address: 0000000000000014 #PF: superv

CVE-2022-50418 [MEDIUM] CWE-401 CVE-2022-50418: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potentia In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets some error, mhi_ctrl should be freed with mhi_free_controller(). But when ath11k_mhi_read_addr_from_dt() fails, the function returns withou

CVE-2023-53418 [MEDIUM] CWE-401 CVE-2023-53418: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: lpc32xx_udc: fix m In the Linux kernel, the following vulnerability has been resolved: USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the lo

CVE-2023-53384 [MEDIUM] CWE-476 CVE-2023-53384: In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible N In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiex_handle_uap_rx_forward()', always check the value returned by 'skb_copy()' to avoid potential NULL pointer dereference in 'mwifiex_uap_queue_bridged_pkt()', and drop original skb in case of copying failure. Fou

CVE-2022-50393 [MEDIUM] CVE-2022-50393: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: SDMA update use unl In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: SDMA update use unlocked iterator SDMA update page table may be called from unlocked context, this generate below warning. Use unlocked iterator to handle this case. WARNING: CPU: 0 PID: 1475 at drivers/dma-buf/dma-resv.c:483 dma_resv_iter_next Call Trace: dma_resv_iter_first

CVE-2023-53443 [MEDIUM] CVE-2023-53443: In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_re In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase the refcnt even when it returns an error.

CVE-2023-53397 [MEDIUM] CWE-193 CVE-2023-53397: In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_e In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_executable_section() The > comparison should be >= to prevent an out of bounds array access.

CVE-2022-50385 [MEDIUM] CVE-2022-50385: In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_autom In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead.

CVE-2023-53405 [MEDIUM] CWE-401 CVE-2023-53405: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: gr_udc: fix memory In the Linux kernel, the following vulnerability has been resolved: USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic a