Linux Kernel vulnerabilities

CVE-2023-53299 [MEDIUM] CWE-401 CVE-2023-53299: In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio- In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio->remaining' for recovery raid10_sync_request() will add 'r10bio->remaining' for both rdev and replacement rdev. However, if the read io fails, recovery_request_write() returns without issuing the write io, in this case, end_sync_request() is only cal

CVE-2023-53314 [MEDIUM] CVE-2023-53314: In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value. Fixes a bug where the driver incorrectly decreases the hardware d

CVE-2025-39815 [MEDIUM] CVE-2025-39815: In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand.

CVE-2023-53327 [MEDIUM] CVE-2023-53327: In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflo In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflow of uptr and length syzkaller hits a WARN_ON when trying to have a uptr close to UINTPTR_MAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufd_test+0xb19/0x16f0 Modules linked in: CPU: 1 PID: 393 Comm: repro Not tainted 6.2.0-c9c339

CVE-2022-50351 [MEDIUM] CWE-401 CVE-2022-50351: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_crea In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_create() If the cifs already shutdown, we should free the xid before return, otherwise, the xid will be leaked.

CVE-2025-39816 [MEDIUM] CVE-2025-39816: In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: always use READ_ In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READ_ONCE() to read the value into a local variable, and use that for any other actions taken. Having a stable read of the buffer length avoids worr

CVE-2023-53287 [MEDIUM] CVE-2023-53287: In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set ac In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set active part outside the spin lock The device may be scheduled during the resume process, so this cannot appear in atomic operations. Since pm_runtime_set_active will resume suppliers, put set active outside the spin lock, which is only used to protect the stru

CVE-2022-50346 [MEDIUM] CWE-908 CVE-2022-50346: In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff88823869

CVE-2023-53270 [MEDIUM] CVE-2023-53270: In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggering a warning. generic_perform_write copied = iov_iter_copy_from_user_atomic(len) // copied i_disksize, newsize) // update i_disksize | generic_write_end | copie

CVE-2025-39819 [MEDIUM] CVE-2025-39819: In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inconsistent update could lead to possible resource leaks. Why it is a possible bug: 1. In the comment section of the function, it clearly states that the referenc

CVE-2023-53275 [MEDIUM] CWE-476 CVE-2023-53275: In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null- In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync():

CVE-2025-39807 [MEDIUM] CWE-476 CVE-2025-39807: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add error handlin In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add error handling for old state CRTC in atomic_disable Introduce error handling to address an issue where, after a hotplug event, the cursor continues to update. This situation can lead to a kernel panic due to accessing the NULL `old_state->crtc`. E,g. Unable to h

CVE-2023-53312 [MEDIUM] CWE-401 CVE-2023-53312: In the Linux kernel, the following vulnerability has been resolved: net: fix net_dev_start_xmit tra In the Linux kernel, the following vulnerability has been resolved: net: fix net_dev_start_xmit trace event vs skb_transport_offset() After blamed commit, we must be more careful about using skb_transport_offset(), as reminded us by syzbot: WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [in

CVE-2023-53289 [MEDIUM] CWE-476 CVE-2023-53289: In the Linux kernel, the following vulnerability has been resolved: media: bdisp: Add missing check In the Linux kernel, the following vulnerability has been resolved: media: bdisp: Add missing check for create_workqueue Add the check for the return value of the create_workqueue in order to avoid NULL pointer dereference.

CVE-2023-53290 [MEDIUM] CWE-401 CVE-2023-53290: In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in h In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's run_bpf_prog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope.

CVE-2022-50343 [MEDIUM] CWE-401 CVE-2022-50343: In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leak In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_regis

CVE-2022-50348 [MEDIUM] CWE-401 CVE-2022-50348: In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an e In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few lines above should be freed. Otherwise it leaks.

CVE-2025-39805 [MEDIUM] CVE-2025-39805: In the Linux kernel, the following vulnerability has been resolved: net: macb: fix unregister_netde In the Linux kernel, the following vulnerability has been resolved: net: macb: fix unregister_netdev call order in macb_remove() When removing a macb device, the driver calls phy_exit() before unregister_netdev(). This leads to a WARN from kernfs: ------------[ cut here ]------------ kernfs: can not remove 'attached_dev', no directory WARNING: CPU: 1 PID

CVE-2023-53303 [MEDIUM] CWE-401 CVE-2023-53303: In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix p In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak occurs. If kzalloc() for duprule succeeds, but the following kmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree them

CVE-2023-53304 [MEDIUM] CWE-476 CVE-2023-53304: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any. Can be reproduced with tests/shell/testcases/sets/0044interval_overlap_0 in nftables.git and kmemleak enabled