Linux Kernel vulnerabilities

CVE-2023-53185 [MEDIUM] CVE-2023-53185: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to ove In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such se

CVE-2022-50277 [MEDIUM] CWE-476 CVE-2022-50277: In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscrypt_limit_io_blocks() when the 'inlinecrypt' mount option is used. The problem is that when jbd2_journal_init_inode() calls bmap(),

CVE-2023-53190 [MEDIUM] CWE-401 CVE-2023-53190: In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix memory leaks in erro In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix memory leaks in error path The memory allocated by vxlan_vnigroup_init() is not freed in the error path, leading to memory leaks [1]. Fix by calling vxlan_vnigroup_uninit() in the error path. The leaks can be reproduced by annotating gro_cells_init() with ALLOW_ERROR_I

CVE-2023-53198 [MEDIUM] CWE-476 CVE-2023-53198: In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_ In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_next(). Dae R. Jeong reported a NULL deref in raw_get_next() [0]. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another netns. unshare(0x40060200) r0 = syz_open_

CVE-2023-53221 [MEDIUM] CWE-401 CVE-2023-53221: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memleak due to fentry In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memleak due to fentry attach failure If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms. This meamleak can be verified by a simple bpf program as follows: SEC("fentry/trap_init") in

CVE-2023-53149 [MEDIUM] CWE-667 CVE-2023-53149: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs recl In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4_writepages() calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock like: CPU0 CPU1 ext4_writepages() percpu_down_r

CVE-2023-53202 [MEDIUM] CWE-401 CVE-2023-53202: In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak wi In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

CVE-2022-50276 [MEDIUM] CWE-476 CVE-2022-50276: In the Linux kernel, the following vulnerability has been resolved: power: supply: fix null pointer In the Linux kernel, the following vulnerability has been resolved: power: supply: fix null pointer dereferencing in power_supply_get_battery_info when kmalloc() fail to allocate memory in kasprintf(), propname will be NULL, strcmp() called by of_get_property() will cause null pointer dereference. So return ENOMEM if kasprintf() return NULL point

CVE-2023-53200 [MEDIUM] CWE-401 CVE-2023-53200: In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix percpu In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix percpu counter block leak on error path when creating new netns Here is the stack where we allocate percpu counter block: +- ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails there is no freeing of the

CVE-2022-50285 [MEDIUM] CVE-2022-50285: In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock b In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock. This could lead to a corrupted value of h->resv_huge_pages, w

CVE-2023-53178 [MEDIUM] CWE-362 CVE-2023-53178: In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race co In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different page. The race unfolds like this: 1. a page with data A and swap offs

CVE-2022-50265 [MEDIUM] CVE-2022-50265: In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm->rx_wait kcm->rx_psock can be read locklessly in kcm_rfree(). Annotate the read and writes accordingly. syzbot reported: BUG: KCSAN: data-race in kcm_rcv_strparser / kcm_rfree write to 0xffff88810784e3d0 of 1 bytes by task 1823 on cpu 1: reserve_rx_k

CVE-2023-53246 [MEDIUM] CWE-476 CVE-2023-53246: In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops wi In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to S_AUTOMOUNT and corresponding dentry flags is retained regardless of CONFIG

CVE-2022-50323 [MEDIUM] CVE-2022-50323: In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc st In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc status in skb_append_pagefrags() skb_append_pagefrags() is used by af_unix and udp sendpage() implementation so far. In commit 326140063946 ("tcp: TX zerocopy should not sense pfmemalloc status") we explained why we should not sense pfmemalloc status for page

CVE-2023-53229 [MEDIUM] CVE-2023-53229: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drv In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures.

CVE-2023-53172 [MEDIUM] CVE-2023-53172: In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_ In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsverity: support enabling with tree block size f_mode & FMODE_READ))' in __kernel_read() became reachable by fuzz tests. This happens if FS_IOC_ENABLE_VERITY is called on a fd opened with access mode 3, which means

CVE-2022-50289 [MEDIUM] CWE-401 CVE-2022-50289: In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2_stack_glue_init() ocfs2_table_header should be free in ocfs2_stack_glue_init() if ocfs2_sysfs_init() failed, otherwise kmemleak will report memleak. BUG: memory leak unreferenced object 0xffff88810eeb5800 (size 128): comm "modprobe", pid 4507, jiff

CVE-2022-50308 [MEDIUM] CWE-476 CVE-2022-50308: In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.

CVE-2022-50259 [MEDIUM] CWE-362 CVE-2022-50259: In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sock_ In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sock_map_free() sock_map_free() calls release_sock(sk) without owning a reference on the socket. This can cause use-after-free as syzbot found [1] Jakub Sitnicki already took care of a similar issue in sock_hash_free() in commit 75e68e5bf2c7 ("bpf, sockh

CVE-2023-53250 [MEDIUM] CWE-476 CVE-2023-53250: In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix null-p In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 1373 Comm: modprobe Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:dmi_s