7.8
CVE-2023-53138 - net: caif: Fix use-after-free in cfusbl_device_notify()
In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. This causes a stack trace like below: BUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caifβ¦
5.5
CVE-2023-53133 - bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 2β¦
5.5
CVE-2023-53121 - tcp: tcp_make_synack() can be called from process context
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might β¦
5.5
CVE-2023-53118 - scsi: core: Fix a procfs host directory removal regression
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_add_host_with_dma() β¦
7.1
CVE-2023-53117 - fs: prevent out-of-bounds array speculation when closing a file descriptor
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
7.8
CVE-2023-53116 - nvmet: avoid potential UAF in nvmet_req_complete()
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the requesβ¦
7.8
CVE-2023-53111 - loop: Fix use-after-free issues
In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loop_handle_cmd() such that it does notβ¦
7.1
CVE-2023-53090 - drm/amdkfd: Fix an illegal memory access
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfd_wait_on_events() function, the kfd_event_waiter structure is allocated by alloc_event_waiters(), but the event field of the waiter structure is not initialized; When copy_from_uβ¦
5.5
CVE-2023-53110 - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all linkβ¦
7.8
CVE-2023-53106 - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and boundβ¦