5.5
CVE-2023-54043 - iommufd: Do not add the same hwpt to the ioas->hwpt_list twice
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the β¦
5.5
CVE-2023-54042 - powerpc/64s: Fix VAS mm use after free
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached.
7.0
CVE-2023-54040 - ice: fix wrong fallback logic for FDIR
In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr returns failure, the fdir context info for irβ¦
7.0
CVE-2023-54039 - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is larger than the size of β¦
7.0
CVE-2023-54038 - Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any errβ¦
5.5
CVE-2023-54035 - netfilter: nf_tables: fix underflow in chain reference counter
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b478666ffa ("netfilteβ¦
5.5
CVE-2023-54034 - iommufd: Make sure to zero vfio_iommu_type1_info before copying to user
In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfio_iommu_type1_info before copying to user Missed a zero initialization here. Most of the struct is filled with a copy_from_user(), however minsz for that copy is smaller than the actual struct by 8 bβ¦
5.5
CVE-2023-54033 - bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps
In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCPU maps allocate a new element on update before locking the target hash table bucket. Right after that the maps try to lock the bucket. If this fails,β¦
5.5
CVE-2023-54031 - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattβ¦
5.5
CVE-2023-54030 - io_uring/net: don't overflow multishot recv
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task.