7.0
CVE-2023-54038 - Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any errβ¦
5.5
CVE-2023-54011 - scsi: mpi3mr: Fix an issue found by KASAN
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix an issue found by KASAN Write only correct size (32 instead of 64 bytes).
7.0
CVE-2023-53996 - x86/sev: Make enc_dec_hypercall() accept a size instead of npages
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make enc_dec_hypercall() accept a size instead of npages enc_dec_hypercall() accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriousβ¦
7.0
CVE-2023-53995 - net: ipv4: fix one memleak in __inet_del_ifa()
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -wβ¦
7.0
CVE-2022-50736 - RDMA/siw: Fix immediate work request flush to completion queue
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value resuβ¦
0.0
CVE-2022-50722 - media: ipu3-imgu: Fix NULL pointer dereference in active selection access
In the Linux kernel, the following vulnerability has been resolved: media: ipu3-imgu: Fix NULL pointer dereference in active selection access What the IMGU driver did was that it first acquired the pointers to active and try V4L2 subdev state, and only then figured out which one to use. The probβ¦
7.0
CVE-2023-54148 - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Move representor neigh cleanup to profile cleanup_tx For IP tunnel encapsulation in ECMP (Equal-Cost Multipath) mode, as the flow is duplicated to the peer eswitch, the related neighbour information on the peer uplink β¦
0.0
CVE-2023-54133 - nfp: clean mc addresses in application firmware when closing port
In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc addresses are remaβ¦
7.0
CVE-2022-50735 - wifi: mt76: do not run mt76u_status_worker if the device is not running
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76u_status_worker if the device is not running Fix the following NULL pointer dereference avoiding to run mt76u_status_worker thread if the device is not running yet. KASAN: null-ptr-deref in range [0x00β¦
5.5
CVE-2023-54105 - can: isotp: check CAN address family in isotp_bind()
In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotp_bind() Add missing check to block non-AF_CAN binds. Syzbot created some code which matched the right sockaddr struct size but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the addreβ¦