Linux Kernel vulnerabilities

CVE-2023-53220 [MEDIUM] CWE-476 CVE-2023-53220: In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-der In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanit

CVE-2023-53167 [MEDIUM] CWE-476 CVE-2023-53167: In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer deref In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracing_err_log_open() Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek'

CVE-2022-50257 [MEDIUM] CVE-2022-50257: In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking gra In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed partially, some of the entries in the map_ops array would be invalid, whereas all of the entries in the kmap_ops array would be valid. This in turn would cause the following logic in gntdev_map_gr

CVE-2023-53249 [MEDIUM] CWE-401 CVE-2023-53249: In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memor In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc() will leak, but using devm_kzalloc() instead will automatically free the me

CVE-2022-50281 [MEDIUM] CWE-401 CVE-2022-50281: In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fix platform-de In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() In error case in bridge_platform_create after calling platform_device_add()/platform_device_add_data()/ platform_device_add_resources(), release the failed 'pdev' or it will be leak, call platform_device_put() to

CVE-2022-50268 [MEDIUM] CWE-476 CVE-2022-50268: In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value c In the Linux kernel, the following vulnerability has been resolved: mmc: moxart: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this

CVE-2022-50317 [MEDIUM] CWE-476 CVE-2022-50317: In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a nu In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0

CVE-2023-53182 [MEDIUM] CVE-2023-53182: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavio In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_ob

CVE-2022-50311 [MEDIUM] CVE-2022-50311: In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_c In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. This function only calls of_node_put() in normal path, missing it in the error path. Add missing of_node_put() to

CVE-2023-53244 [MEDIUM] CWE-476 CVE-2023-53244: In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr- In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr dere

CVE-2022-50282 [MEDIUM] CWE-908 CVE-2022-50282: In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put

CVE-2022-50278 [MEDIUM] CWE-401 CVE-2022-50278: In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pn In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pnp_alloc_dev() After commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, move dev_set_name() after pnp_add_id() to avoid memory leak.

CVE-2023-53203 [MEDIUM] CWE-476 CVE-2023-53203: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt7 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val In order to fix a possible NULL pointer dereference in mt7996_mac_write_txwi() of vif pointer, export mt76_connac2_mac_tx_rate_val utility routine and reuse it in mt7996 driver.

CVE-2022-50327 [MEDIUM] CWE-476 CVE-2022-50327: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check ac In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ]

CVE-2022-50236 [MEDIUM] CWE-908 CVE-2022-50236: In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on is In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec() If the system is rebooted via isr(), the IRQ handler might be triggered before the domain is initialized. Resulting on an invalid memory access error. Fix: [ 0.500930] Unable to handle kernel read from unreadable memory at virtual ad

CVE-2023-53169 [MEDIUM] CVE-2023-53169: In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear staged_confi In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear staged_config[] before and after it is used As a temporary storage, staged_config[] in rdt_domain should be cleared before and after it is used. The stale value in staged_config[] could cause an MSR access error. Here is a reproducer on a system with 16 usable CLOSIDs

CVE-2023-53189 [MEDIUM] CWE-191 CVE-2023-53189: In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconf_mod_rs_timer(), reference idev depends on whether rs_timer is not pending. Then modify rs_timer timeout. There is a time gap in [1], during which if the pending rs_timer becomes not pending. It will miss to

CVE-2023-53230 [MEDIUM] CWE-401 CVE-2023-53230: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cif In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifs_smb3_do_mount() This fixes the following warning reported by kernel test robot fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible memory leak of 'cifs_sb'

CVE-2023-53233 [MEDIUM] CWE-667 CVE-2023-53233: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix deadlock triggered In the Linux kernel, the following vulnerability has been resolved: net/smc: fix deadlock triggered by cancel_delayed_work_syn() The following LOCKDEP was detected: Workqueue: events smc_lgr_free_work [smc] WARNING: possible circular locking dependency detected 6.1.0-20221027.rc2.git8.56bc5b569087.300.fc36.s390x+debug #1 Not tainted kworker/3:0/17

CVE-2023-53234 [MEDIUM] CWE-401 CVE-2023-53234: In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watch In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watchdog_cdev_register kmemleak reports memory leaks in watchdog_dev_register, as follows: unreferenced object 0xffff888116233000 (size 2048): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 32 bytes): 80 fa b9 05 81 88 ff f