Linux Kernel vulnerabilities

CVE-2022-50395 [MEDIUM] CWE-401 CVE-2022-50395: In the Linux kernel, the following vulnerability has been resolved: integrity: Fix memory leakage i In the Linux kernel, the following vulnerability has been resolved: integrity: Fix memory leakage in keyring allocation error path Key restriction is allocated in integrity_init_keyring(). However, if keyring allocation failed, it is not freed, causing memory leaks.

CVE-2023-53433 [MEDIUM] CVE-2023-53433: In the Linux kernel, the following vulnerability has been resolved: net: add vlan_get_protocol_and_ In the Linux kernel, the following vulnerability has been resolved: net: add vlan_get_protocol_and_depth() helper Before blamed commit, pskb_may_pull() was used instead of skb_header_pointer() in __vlan_get_protocol() and friends. Few callers depended on skb->head being populated with MAC header, syzbot caught one of them (skb_mac_gso_segment()) Add vla

CVE-2023-53415 [MEDIUM] CWE-401 CVE-2023-53415: In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. N

CVE-2023-53417 [MEDIUM] CWE-401 CVE-2023-53417: In the Linux kernel, the following vulnerability has been resolved: USB: sl811: fix memory leak wit In the Linux kernel, the following vulnerability has been resolved: USB: sl811: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53370 [MEDIUM] CWE-401 CVE-2023-53370: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix memory leak in In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix memory leak in mes self test The fences associated with mes queue have to be freed up during amdgpu_ring_fini.

CVE-2023-53413 [MEDIUM] CWE-401 CVE-2023-53413: In the Linux kernel, the following vulnerability has been resolved: USB: isp116x: fix memory leak w In the Linux kernel, the following vulnerability has been resolved: USB: isp116x: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53371 [MEDIUM] CWE-401 CVE-2023-53371: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in m In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create The memory pointed to by the fs->any pointer is not freed in the error path of mlx5e_fs_tt_redirect_any_create, which can lead to a memory leak. Fix by freeing the memory in the error path, thereby making the error path

CVE-2022-50383 [MEDIUM] CWE-476 CVE-2022-50383: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Can't In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Can't set dst buffer to done when lat decode error Core thread will call v4l2_m2m_buf_done to set dst buffer done for lat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to free dst buffer when lat decode error, core thread will access kernel NUL

CVE-2023-53400 [MEDIUM] CVE-2023-53400: In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surr In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names get_line_out_pfx() may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for the 9.1 channels and also fix the potential Oops by uni

CVE-2023-53437 [MEDIUM] CVE-2023-53437: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link.

CVE-2023-53412 [MEDIUM] CWE-401 CVE-2023-53412: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: bcm63xx_udc: fix m In the Linux kernel, the following vulnerability has been resolved: USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the lo

CVE-2022-50391 [MEDIUM] CWE-401 CVE-2022-50391: In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak i In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in set_mempolicy_home_node system call When encountering any vma in the range with policy other than MPOL_BIND or MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on the policy just allocated with mpol_dup(). This allows arbitrary

CVE-2023-53430 [MEDIUM] CWE-401 CVE-2023-53430: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: dma: fix memory lea In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: dma: fix memory leak running mt76_dma_tx_cleanup Fix device unregister memory leak and alway cleanup all configured rx queues in mt76_dma_tx_cleanup routine.

CVE-2023-53399 [MEDIUM] CWE-476 CVE-2023-53399: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL pointer derefer In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() If share is , share->path is NULL and it cause NULL pointer dereference issue.

CVE-2023-53381 [MEDIUM] CVE-2023-53381: In the Linux kernel, the following vulnerability has been resolved: NFSD: fix leaked reference coun In the Linux kernel, the following vulnerability has been resolved: NFSD: fix leaked reference count of nfsd4_ssc_umount_item The reference count of nfsd4_ssc_umount_item is not decremented on error conditions. This prevents the laundromat from unmounting the vfsmount of the source file. This patch decrements the reference count of nfsd4_ssc_umount_item

CVE-2023-53394 [MEDIUM] CVE-2023-53394: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on re In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on regular rq reactivation When the regular rq is reactivated after the XSK socket is closed it could be reading stale cqes which eventually corrupts the rq. This leads to no more traffic being received on the regular rq and a crash on the next close or deactivat

CVE-2023-53390 [MEDIUM] CWE-401 CVE-2023-53390: In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: fix memory l In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at

CVE-2023-53389 [MEDIUM] CWE-476 CVE-2023-53389: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been attached to a DRM device. As drm_helper_hpd_irq_event

CVE-2022-50382 [MEDIUM] CWE-667 CVE-2022-50382: In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabl In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running ->parallel() A deadlock can happen when an overloaded system runs ->parallel() in the context of the current task: padata_do_parallel ->parallel() pcrypt_aead_enc/dec padata_do_serial spin_lock(&reorder->lock) // BHs still enabled .

CVE-2023-53385 [MEDIUM] CWE-401 CVE-2023-53385: In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fix resource leaks In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fix resource leaks in of_find_device_by_node Use put_device to release the object get through of_find_device_by_node, avoiding resource leaks.