7.0
CVE-2023-54155 - net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: ======================================= Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4β¦
0.0
CVE-2023-54132 - erofs: stop parsing non-compact HEAD index if clusterofs is invalid
In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which causes the followiβ¦
0.0
CVE-2023-54126 - crypto: safexcel - Cleanup ring IRQ workqueues on load failure
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure we clean up the affβ¦
5.5
CVE-2023-54118 - serial: sc16is7xx: setup GPIO controller later in probe
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before thβ¦
7.0
CVE-2023-54102 - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow A static code analysis tool flagged the possibility of buffer overflow when using copy_from_user() for a debugfs entry. Currently, it is possible that copy_from_uβ¦
0.0
CVE-2023-54104 - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() 'op-cs' is copied in 'fun->mchip_number' which is used to access the 'mchip_offsets' and the 'rnb_gpio' arrays. These arrays have NAND_MAX_CHIPS elements, so the indeβ¦
5.5
CVE-2023-54100 - scsi: qedi: Fix use after free bug in qedi_remove()
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qeβ¦
5.5
CVE-2023-54087 - ubi: Fix possible null-ptr-deref in ubi_free_volume()
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() ->β¦
5.5
CVE-2023-54073 - tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site
In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site The following crash was reported: [ 1950.279393] list_del corruption, ffff99560d485790->next is NULL [ 1950.279400] ------------[ cut here ]------------ [ β¦
5.5
CVE-2023-54058 - firmware: arm_ffa: Check if ffa_driver remove is present before executing
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currently ffa_drv->remove() is called unconditionally from ffa_device_remove(). Since the driver registration doesn't check for it and allows it to be regiβ¦