Linux Kernel vulnerabilities

CVE-2023-53317 [MEDIUM] CVE-2023-53317: In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in mb_find_ex In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in mb_find_extent Syzbot found the following issue: EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! EXT4-fs (loop0): orphan cleanup on readonly fs ------------[ cut here ]------------ WARNING: C

CVE-2023-53334 [MEDIUM] CWE-401 CVE-2023-53334: In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53273 [MEDIUM] CWE-476 CVE-2023-53273: In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for chann In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When the second kernel boots and if the guest receives a

CVE-2023-53271 [MEDIUM] CWE-401 CVE-2023-53271: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object re In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 (size 128): comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s) hex dump (first 32 bytes): ff ff ff ff

CVE-2023-53279 [MEDIUM] CWE-401 CVE-2023-53279: In the Linux kernel, the following vulnerability has been resolved: misc: vmw_balloon: fix memory l In the Linux kernel, the following vulnerability has been resolved: misc: vmw_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at

CVE-2025-39825 [MEDIUM] CWE-362 CVE-2025-39825: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with conc In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as well as marking all existing open handles as deleted to prevent them f

CVE-2023-53278 [MEDIUM] CWE-401 CVE-2023-53278: In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in ubifs In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in ubifs_sysfs_init() When insmod ubifs.ko, a kmemleak reported as below: unreferenced object 0xffff88817fb1a780 (size 8): comm "insmod", pid 25265, jiffies 4295239702 (age 100.130s) hex dump (first 8 bytes): 75 62 69 66 73 00 ff ff ubifs... backtrace: [] s

CVE-2023-53315 [MEDIUM] CWE-401 CVE-2023-53315: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix SKB corruptio In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix SKB corruption in REO destination ring While running traffics for a long time, randomly an RX descriptor filled with value "0" from REO destination ring is received. This descriptor which is invalid causes the wrong SKB (SKB stored in the IDR lookup with buffer i

CVE-2025-39808 [MEDIUM] CVE-2025-39808: In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to h In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xfffffff

CVE-2023-53332 [MEDIUM] CWE-476 CVE-2023-53332: In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer de In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() If ipi_send_{mask|single}() is called with an invalid interrupt number, all the local variables there will be NULL. ipi_send_verify() which is invoked from these functions does verify its 'data' parameter, resultin

CVE-2023-53329 [MEDIUM] CWE-362 CVE-2023-53329: In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with t In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with the pwq->stats[] increment KCSAN has discovered a data race in kernel/workqueue.c:2598: [ 1863.554079] ================================================================== [ 1863.554118] BUG: KCSAN: data-race in process_one_work / process_one_work [ 1

CVE-2023-53268 [MEDIUM] CVE-2023-53268: In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put() to the correct location of_node_put() should have been done directly after mqs_priv->regmap = syscon_node_to_regmap(gpr_np); otherwise it creates a reference leak on the success path. To fix this, of_node_put() is moved to the correct location, and chang

CVE-2023-53297 [MEDIUM] CVE-2023-53297: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlo In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered.

CVE-2023-53281 [MEDIUM] CWE-667 CVE-2023-53281: In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fi In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()") besides fixing the deadlock also modified _rtw_join_timeout_handler() to use spin_[un]lock_irq() instead of sp

CVE-2023-53277 [MEDIUM] CWE-476 CVE-2023-53277: In the Linux kernel, the following vulnerability has been resolved: wifi: iwl3945: Add missing chec In the Linux kernel, the following vulnerability has been resolved: wifi: iwl3945: Add missing check for create_singlethread_workqueue Add the check for the return value of the create_singlethread_workqueue in order to avoid NULL pointer dereference.

CVE-2025-39827 [MEDIUM] CVE-2025-39827: In the Linux kernel, the following vulnerability has been resolved: net: rose: include node referen In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_soc

CVE-2023-53284 [MEDIUM] CWE-476 CVE-2023-53284: In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for null ret In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() Because of the possilble failure of devm_kzalloc(), dpu_wb_conn might be NULL and will cause null pointer dereference later. Therefore, it might be better to check it and directly return -ENOMEM. Patchw

CVE-2025-39829 [MEDIUM] CVE-2025-39829: In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning c In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftrace_suspend_notifier_call already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0 ... Call Trace: blo

CVE-2025-39813 [MEDIUM] CWE-362 CVE-2025-39813: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning i In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) e

CVE-2022-50342 [MEDIUM] CWE-401 CVE-2022-50342: In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in do_f In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in do_floppy_init() A memory leak was reported when floppy_alloc_disk() failed in do_floppy_init(). unreferenced object 0xffff888115ed25a0 (size 8): comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s) hex dump (first 8 bytes): 00 ac 67 5b 81 88 ff f