Linux Kernel vulnerabilities

CVE-2022-50396 [MEDIUM] CWE-401 CVE-2022-50396: In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_set_parms Syzkaller reports a memory leak as follows: BUG: memory leak unreferenced object 0xffff88810c287f00 (size 256): comm "syz-executor105", pid 3600, jiffies 4294943292 (age 12.990s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00

CVE-2022-50387 [MEDIUM] CWE-401 CVE-2022-50387: In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CM In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CMDQ memory leaks When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not released correctly. Fix it.

CVE-2023-53409 [MEDIUM] CWE-401 CVE-2023-53409: In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix m In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the lo

CVE-2023-53410 [MEDIUM] CWE-401 CVE-2023-53410: In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2022-50380 [MEDIUM] CWE-476 CVE-2022-50380: In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-deref if there are no vma's in the task in show_smaps_rollup.

CVE-2023-53402 [MEDIUM] CWE-401 CVE-2023-53402: In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fix memo In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic

CVE-2022-50409 [MEDIUM] CWE-476 CVE-2022-50409: In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't acce In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ 14.471200] Call Trace: [ 14.471562] [ 14.471882] lock_acquire+0x245/0x2e0 [ 14.472416] ? remove_wait_queue+0x12/0x50 [ 14.473014] ? _raw_spin_lock_irqsave+0x1

CVE-2023-53379 [MEDIUM] CWE-401 CVE-2023-53379: In the Linux kernel, the following vulnerability has been resolved: usb: phy: phy-tahvo: fix memory In the Linux kernel, the following vulnerability has been resolved: usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Smatch reports: drivers/usb/phy/phy-tahvo.c: tahvo_usb_probe() warn: missing unwind goto? After geting irq, if ret < 0, it will return without error handling to free memory. Just add error handling to fix this problem.

CVE-2022-50376 [MEDIUM] CWE-401 CVE-2022-50376: In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orang In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e

CVE-2022-50388 [MEDIUM] CWE-476 CVE-2022-50388: In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash cause In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blk_kick_flush has NULL bio, and it may be dealt with nvme_end_req during io completion. When blktrace is enabled, nvme_trace_bio_complete with multipath activated trying to

CVE-2022-50400 [MEDIUM] CWE-401 CVE-2022-50400: In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: remove unused and wrong debugfs usage In the greybus audio_helper code, the debugfs file for the dapm has the potential to be removed and memory will be leaked. There is also the very real potential for this code to remove ALL debugfs entries from t

CVE-2023-53447 [MEDIUM] CWE-362 CVE-2023-53447: In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable m In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942 Call Trace:

CVE-2022-50416 [MEDIUM] CWE-401 CVE-2022-50416: In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory lea In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init() If of_iomap() failed, 'aic' should be freed before return. Otherwise there is a memory leak.

CVE-2022-50404 [MEDIUM] CWE-401 CVE-2022-50404: In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer wh In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer when fbcon_do_set_font() failed syzbot is reporting memory leak at fbcon_do_set_font() [1], for commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when vc_resize() failed") missed that the buffer might be newly allocated by fbcon_set_font().

CVE-2023-53391 [MEDIUM] CVE-2023-53391: In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs_context method, which allocates fc->s_fs_info, use ramfs_kill_sb() to free it and avoid a memory leak.

CVE-2022-50405 [MEDIUM] CWE-476 CVE-2022-50405: In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all sk_u In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all sk_user_data reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after getting vxlan_sock vs from sk_user_data. Then in la

CVE-2023-53424 [MEDIUM] CWE-401 CVE-2023-53424: In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap mem In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496. This problem was also found in linux-next. In mtk_clk_simple_probe(), base is not released when handling erro

CVE-2022-50375 [MEDIUM] CVE-2022-50375: In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disabl In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can

CVE-2023-53423 [MEDIUM] CWE-401 CVE-2023-53423: In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in cre In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in create_static_call_sections() strdup() allocates memory for key_name. We need to release the memory in the following error paths. Add free() to avoid memory leak.

CVE-2023-53421 [MEDIUM] CWE-476 CVE-2023-53421: In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_ In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former fiel