Linux Kernel vulnerabilities

CVE-2023-53253 [HIGH] CWE-416 CVE-2023-53253: In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference h In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hid_device devm allocation of input_dev name Use hid_device for devm allocation of the input_dev name to avoid a use-after-free. input_unregister_device would trigger devres cleanup of all resources associated with the input_dev, free-ing the name. The

CVE-2023-53235 [HIGH] CWE-416 CVE-2023-53235: In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a dri In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code frees it. Fix this by simply make the driver

CVE-2022-50243 [HIGH] CWE-416 CVE-2022-50243: In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(), the active_key is actually not updated. The old sh_key will be freeed while it's still used as active key in asoc. Then an use-after-free will be trigg

CVE-2022-50241 [HIGH] CWE-416 CVE-2022-50241: In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on sou In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on source server when doing inter-server copy Use-after-free occurred when the laundromat tried to free expired cpntf_state entry on the s2s_cp_stateids list after inter-server copy completed. The sc_cp_list that the expired copy state was inserted on was al

CVE-2023-53254 [HIGH] CWE-125 CVE-2023-53254: In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix shared_cpu_map t In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels The cacheinfo sets up the shared_cpu_map by checking whether the caches with the same index are shared between CPUs. However, this will trigger slab-out-of-bounds access if the CPUs do not have the same cache

CVE-2023-53153 [HIGH] CWE-416 CVE-2023-53153: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after f In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext Key information in wext.connect is not reset on (re)connect and can hold data from a previous connection. Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP connection request and access the freed or already reused

CVE-2023-53187 [HIGH] CWE-416 CVE-2023-53187: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of ne In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfs_create_pending_block_groups(), then when btrfs_mark_bg_unused() is called against the block group, we assum

CVE-2023-53232 [HIGH] CVE-2023-53232: In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 ("mt76: mt7921: rely on mcu_get_nic_capability"). This could result in potential invalid memory ac

CVE-2023-53151 [MEDIUM] CWE-667 CVE-2023-53151: In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has cond_resched() while raid10 doesn't, and too many writes can cause soft lockup. Follow up soft lockup can be triggered easily with writebac

CVE-2023-53208 [MEDIUM] CVE-2023-53208: In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multip In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from the default. Functionally, the end result is the same as KVM

CVE-2023-53152 [MEDIUM] CWE-772 CVE-2023-53152: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warni In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrm_buddy_fini The following call trace is observed when removing the amdgpu driver, which is caused by that BOs allocated for psp are not freed until removing. [61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy] [61811

CVE-2022-50264 [MEDIUM] CWE-401 CVE-2022-50264: In the Linux kernel, the following vulnerability has been resolved: clk: socfpga: Fix memory leak i In the Linux kernel, the following vulnerability has been resolved: clk: socfpga: Fix memory leak in socfpga_gate_init() Free @socfpga_clk and @ops on the error path to avoid memory leak issue.

CVE-2023-53245 [MEDIUM] CWE-476 CVE-2023-53245: In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the storvsc driver. The storvsc driver includes a partial

CVE-2023-53256 [MEDIUM] CVE-2023-53256: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix FFA devi In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and UUID. The number of distinct UUID in a system will be less th

CVE-2023-53168 [MEDIUM] CWE-476 CVE-2023-53168: In the Linux kernel, the following vulnerability has been resolved: usb: ucsi_acpi: Increase the co In the Linux kernel, the following vulnerability has been resolved: usb: ucsi_acpi: Increase the command completion timeout Commit 130a96d698d7 ("usb: typec: ucsi: acpi: Increase command completion timeout value") increased the timeout from 5 seconds to 60 seconds due to issues related to alternate mode discovery. After the alternate mode discove

CVE-2023-53181 [MEDIUM] CVE-2023-53181: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller wo

CVE-2022-50261 [MEDIUM] CVE-2022-50261: In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of sti In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks

CVE-2023-53255 [MEDIUM] CWE-401 CVE-2023-53255: In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() svc_create_memory_pool() is only called from stratix10_svc_drv_probe(). Most of resources in the probe are managed, but not this memremap() call. There is also no memunmap() call in the file. So sw

CVE-2022-50322 [MEDIUM] CVE-2022-50322: In the Linux kernel, the following vulnerability has been resolved: rtc: msc313: Fix function proto In the Linux kernel, the following vulnerability has been resolved: rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. I

CVE-2022-50273 [MEDIUM] CVE-2022-50273: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1 F2FS-fs (loop5): r