0.0
CVE-2023-54159 - usb: mtu3: fix kernel panic at qmu transfer done irq handler
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it β¦
7.0
CVE-2023-54156 - sfc: fix crash when reading stats while NIC is resetting
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do notβ¦
5.5
CVE-2023-54154 - scsi: target: core: Fix target_cmd_counter leak
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced object 0xffff88801f920β¦
5.5
CVE-2023-54150 - drm/amd: Fix an out of bounds error in BIOS parser
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589 ("drβ¦
0.0
CVE-2023-54147 - media: platform: mtk-mdp3: Add missing check and free for ida_alloc
In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for ida_alloc Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx->id" if mdp_m2m_open fails later inβ¦
5.5
CVE-2023-54145 - bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two β¦
0.0
CVE-2023-54138 - drm/msm: fix NULL-deref on irq uninstall
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Patchwork: https://patβ¦
7.0
CVE-2023-54136 - serial: sprd: Fix DMA buffer leak issue
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak.
5.5
CVE-2023-54135 - maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the writeβ¦
7.0
CVE-2023-54129 - octeontx2-af: Add validation for lmac type
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received fβ¦