Linux Kernel vulnerabilities

CVE-2023-53197 [MEDIUM] CWE-401 CVE-2023-53197: In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2023-53223 [MEDIUM] CWE-476 CVE-2023-53223: In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/517646/

CVE-2022-50267 [MEDIUM] CWE-476 CVE-2022-50267: In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_pci: fix return value In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_pci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix thi

CVE-2022-50249 [MEDIUM] CVE-2022-50249: In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak b In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically increase and decrease the refcount.

CVE-2022-50286 [MEDIUM] CVE-2022-50286: In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bu In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cl

CVE-2023-53240 [MEDIUM] CWE-476 CVE-2023-53240: In the Linux kernel, the following vulnerability has been resolved: xsk: check IFF_UP earlier in Tx In the Linux kernel, the following vulnerability has been resolved: xsk: check IFF_UP earlier in Tx path Xsk Tx can be triggered via either sendmsg() or poll() syscalls. These two paths share a call to common function xsk_xmit() which has two sanity checks within. A pseudo code example to show the two paths: __xsk_sendmsg() : xsk_poll(): if (unli

CVE-2023-53201 [MEDIUM] CVE-2023-53201: In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: wraparound mbox p In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: wraparound mbox producer index Driver is not handling the wraparound of the mbox producer index correctly. Currently the wraparound happens once u32 max is reached. Bit 31 of the producer index register is special and should be set only once for the first command. Because t

CVE-2023-53258 [MEDIUM] CWE-191 CVE-2023-53258: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible u In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank [Why] Underflow observed when using a display with a large vblank region and low refresh rate [How] Simplify calculation of vblank_nom Increase value for VBlankNomDefaultUS to 800us

CVE-2023-53251 [MEDIUM] CWE-476 CVE-2023-53251: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL p In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() rxq can be NULL only when trans_pcie->rxq is NULL and entry->entry is zero. For the case when entry->entry is not equal to 0, rxq won't be NULL even if trans_pcie->rxq is NULL. Modify checker to ch

CVE-2022-50254 [MEDIUM] CVE-2022-50254: In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error han In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error handling path in ov8865_probe() The commit in Fixes also introduced some new error handling which should goto the existing error handling path. Otherwise some resources leak.

CVE-2023-53241 [MEDIUM] CWE-401 CVE-2023-53241: In the Linux kernel, the following vulnerability has been resolved: nfsd: call op_release, even whe In the Linux kernel, the following vulnerability has been resolved: nfsd: call op_release, even when op_func returns an error For ops with "trivial" replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is calling op_release. This could cause a memory leak in

CVE-2022-50246 [MEDIUM] CVE-2022-50246: In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix of node In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() I got the following report while doing device(mt6370-tcpc) load test with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalance

CVE-2022-50287 [MEDIUM] CWE-401 CVE-2022-50287: In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fix a memory lea In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs When (size != 0 || ptrs->lvds_ entries != 3), the program tries to free() the ptrs. However, the ptrs is not created by calling kzmalloc(), but is obtained by pointer offset operation. This may lead to memory leaks or unde

CVE-2023-53150 [MEDIUM] CWE-476 CVE-2023-53150: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be d In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing.

CVE-2022-50309 [MEDIUM] CVE-2022-50309: In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcou In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.

CVE-2022-50250 [MEDIUM] CVE-2022-50250: In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix use_count In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix use_count leakage when handling boot-on I found a use_count leakage towards supply regulator of rdev with boot-on option. ┌───────────────────┐ ┌───────────────────┐ │ regulator_dev A │ │ regulator_dev B │ │ (boot-on) │ │ (boot-on) │ │ use_count=0 │◀──supply──│ use_co

CVE-2022-50275 [MEDIUM] CWE-401 CVE-2022-50275: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Add the missed acpi In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Add the missed acpi_put_table() to fix memory leak When the radeon driver reads the bios information from ACPI table in radeon_acpi_vfct_bios(), it misses to call acpi_put_table() to release the ACPI memory after the init, so add acpi_put_table() properly to fix the me

CVE-2022-50318 [MEDIUM] CVE-2022-50318: In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix refe In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put()

CVE-2023-53239 [MEDIUM] CWE-476 CVE-2023-53239: In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kza In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/514154/

CVE-2023-53170 [MEDIUM] CVE-2023-53170: In the Linux kernel, the following vulnerability has been resolved: net: dsa: Removed unneeded of_n In the Linux kernel, the following vulnerability has been resolved: net: dsa: Removed unneeded of_node_put in felix_parse_ports_node Remove unnecessary of_node_put from the continue path to prevent child node from being released twice, which could avoid resource leak or other unexpected issues.