Linux Kernel vulnerabilities

CVE-2022-50354 [MEDIUM] CWE-476 CVE-2022-50354: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_dev In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_device_init_vm error handling Should only destroy the ib_mem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd->qpd structure, to avoid NULL pointer access in process destroy worker. BUG: kernel NULL pointer dereferen

CVE-2023-53359 [MEDIUM] CWE-401 CVE-2023-53359: In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53347 [MEDIUM] CVE-2023-53347: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-s In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-switch via uplink un/load APIs In case user switch a device from switchdev mode to legacy mode, mlx5 first unpair the E-switch and afterwards unload the uplink vport. From the other hand, in case user remove or reload a device, mlx5 first unload the uplink vp

CVE-2023-53366 [MEDIUM] CWE-476 CVE-2023-53366: In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 [#1] SMP CPU: 0 PID: 21915 Comm: iocore_0 Kdump: loaded Tainted: G S 5.12.0-0_fbk12_clang_7346_

CVE-2023-53355 [MEDIUM] CWE-401 CVE-2023-53355: In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at onc

CVE-2023-53361 [MEDIUM] CVE-2023-53361: In the Linux kernel, the following vulnerability has been resolved: LoongArch: mm: Add p?d_leaf() d In the Linux kernel, the following vulnerability has been resolved: LoongArch: mm: Add p?d_leaf() definitions When I do LTP test, LTP test case ksm06 caused panic at break_ksm_pmd_entry -> pmd_leaf (Huge page table but False) -> pte_present (panic) The reason is pmd_leaf() is not defined, So like commit 501b81046701 ("mips: mm: add p?d_leaf() definitions

CVE-2023-53337 [MEDIUM] CVE-2023-53337: In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only de

CVE-2023-53341 [MEDIUM] CWE-908 CVE-2023-53341: In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup wh In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when early_init_dt_scan_memory fails If memory has been found early_init_dt_scan_memory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on. Previously early_init_dt_scan_memory always retu

CVE-2023-53360 [MEDIUM] CWE-415 CVE-2023-53360: In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handlin In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READ_PLUS (again) I found that the read code might send multiple requests using the same nfs_pgio_header, but nfs4_proc_read_setup() is only called once. This is how we ended up occasionally double-freeing the scratch buffer, but also means we

CVE-2022-50369 [MEDIUM] CWE-476 CVE-2022-50369: In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->output.composer_workq in vkms_release(). KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 5 PID: 17193 Comm: modprobe Not tainte

CVE-2023-53350 [MEDIUM] CWE-401 CVE-2023-53350: In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix slicing memory In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix slicing memory leak The temporary buffer storing slicing configuration data from user is only freed on error. This is a memory leak. Free the buffer unconditionally.

CVE-2022-50358 [MEDIUM] CVE-2022-50358: In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when get In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we di

CVE-2022-50364 [MEDIUM] CWE-476 CVE-2022-50364: In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return val In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platform_get_resource() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. And use devm_

CVE-2023-53354 [MEDIUM] CWE-476 CVE-2023-53354: In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb") added the call to zero copy functions in skb_segment(). The change introduced a bug in skb_segment() because skb_orphan_frag

CVE-2023-53365 [MEDIUM] CVE-2023-53365: In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in i In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] P

CVE-2022-50356 [MEDIUM] CWE-476 CVE-2022-50356: In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null point In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the q->qdisc is NULL, and it will cause gpf issue. The p

CVE-2022-50353 [MEDIUM] CWE-476 CVE-2022-50353: In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return valu In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix th

CVE-2023-53345 [MEDIUM] CWE-362 CVE-2023-53345: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() Inside the loop in rxrpc_wait_to_be_connected() it checks call->error to see if it should exit the loop without first checking the call state. This is probably safe as if call->error is set, the call is dead anyway, but

CVE-2022-50370 [MEDIUM] CWE-476 CVE-2022-50370: In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling o In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs") caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where system crashes to NULL pointer dereference in i2c_dw

CVE-2023-53351 [MEDIUM] CWE-908 CVE-2023-53351: In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 (drm/sched: Check scheduler ready before calling timeout handling). It uses ready condition whether to call drm_sched_fault which