Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-2394
Vulnerability from csaf_certbund
Published
2025-10-22 22:00
Modified
2025-11-20 23:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2394 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2394.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2394 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2394"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50556",
"url": "https://lore.kernel.org/linux-cve-announce/2025102203-CVE-2022-50556-bbe2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50557",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50557-7adc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50558",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50558-444f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50559",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50559-e162@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50560",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50560-bf0d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50561",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50561-3b76@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50562",
"url": "https://lore.kernel.org/linux-cve-announce/2025102206-CVE-2022-50562-5b54@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50563",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50563-995f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50564",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50564-c6eb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50565",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50565-ddc2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50566",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50566-9cd3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50567",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50567-17f3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50568",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50568-f109@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50569",
"url": "https://lore.kernel.org/linux-cve-announce/2025102207-CVE-2022-50569-fdd1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50570",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50570-38e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50571",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50571-00cd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50572",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50572-dbfb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50573",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50573-e131@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50574",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50574-da86@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50575",
"url": "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50575-1768@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50576",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50576-98f3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50577",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50577-ebe1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50578",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50578-eb90@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50579",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50579-0f47@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50580",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50580-68e3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50581",
"url": "https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50581-cb39@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-50582",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2022-50582-1ac9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53692",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53692-be2d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53693",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53693-57fe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53694",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53694-ed6b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53695",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53695-f553@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53696",
"url": "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53696-dadf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53697",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53697-3078@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53698",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53698-c1f4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53699",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53699-44cc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53700",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53700-9753@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53701",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53701-fb7f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53702",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53702-a6b6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53703",
"url": "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53703-7813@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53704",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53704-9f42@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53705",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53705-38d9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53706",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53706-18d9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53707",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53707-361a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53708",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53708-0bf0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53709",
"url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53709-553a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53710",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53710-68d7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53711",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53711-24c6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53712",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53712-b88e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53713",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53713-550a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53714",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53714-6b41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53715",
"url": "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53715-fd47@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53716",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53716-4265@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53717",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53717-e88c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53718",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53718-9142@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53719",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53719-ad4c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53720",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53720-da5a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53721",
"url": "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53721-f0ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53722",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53722-f3ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53723",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53723-8e9e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53724",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53724-4549@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53725",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53725-0343@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53726",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53726-29cb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53727",
"url": "https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53727-73d8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53728",
"url": "https://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53728-b851@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53729",
"url": "https://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53729-ef1a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53730",
"url": "https://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53730-d257@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53731",
"url": "https://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53731-aef7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2023-53732",
"url": "https://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53732-f3ee@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4057-1 vom 2025-11-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023254.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4111-1 vom 2025-11-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023294.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4128-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023299.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4135-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023300.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4132-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023302.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4139-1 vom 2025-11-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023306.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4141-1 vom 2025-11-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023304.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4140-1 vom 2025-11-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023305.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4149-1 vom 2025-11-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023309.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-20T23:00:00.000+00:00",
"generator": {
"date": "2025-11-21T08:17:20.253+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2394",
"initial_release_date": "2025-10-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-20T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T048085",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50556",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50556"
},
{
"cve": "CVE-2022-50557",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50557"
},
{
"cve": "CVE-2022-50558",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50558"
},
{
"cve": "CVE-2022-50559",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50559"
},
{
"cve": "CVE-2022-50560",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50560"
},
{
"cve": "CVE-2022-50561",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50561"
},
{
"cve": "CVE-2022-50562",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50562"
},
{
"cve": "CVE-2022-50563",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50563"
},
{
"cve": "CVE-2022-50564",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50564"
},
{
"cve": "CVE-2022-50565",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50565"
},
{
"cve": "CVE-2022-50566",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50566"
},
{
"cve": "CVE-2022-50567",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50567"
},
{
"cve": "CVE-2022-50568",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50568"
},
{
"cve": "CVE-2022-50569",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50569"
},
{
"cve": "CVE-2022-50570",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50570"
},
{
"cve": "CVE-2022-50571",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50571"
},
{
"cve": "CVE-2022-50572",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50572"
},
{
"cve": "CVE-2022-50573",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50573"
},
{
"cve": "CVE-2022-50574",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50574"
},
{
"cve": "CVE-2022-50575",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50575"
},
{
"cve": "CVE-2022-50576",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50576"
},
{
"cve": "CVE-2022-50577",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50577"
},
{
"cve": "CVE-2022-50578",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50578"
},
{
"cve": "CVE-2022-50579",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50579"
},
{
"cve": "CVE-2022-50580",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50580"
},
{
"cve": "CVE-2022-50581",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50581"
},
{
"cve": "CVE-2022-50582",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2022-50582"
},
{
"cve": "CVE-2023-53692",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53692"
},
{
"cve": "CVE-2023-53693",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53694",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53694"
},
{
"cve": "CVE-2023-53695",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53695"
},
{
"cve": "CVE-2023-53696",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53696"
},
{
"cve": "CVE-2023-53697",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53700",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53700"
},
{
"cve": "CVE-2023-53701",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53701"
},
{
"cve": "CVE-2023-53702",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53702"
},
{
"cve": "CVE-2023-53703",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53705",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53705"
},
{
"cve": "CVE-2023-53706",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53706"
},
{
"cve": "CVE-2023-53707",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53709",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53709"
},
{
"cve": "CVE-2023-53710",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53710"
},
{
"cve": "CVE-2023-53711",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53712",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53712"
},
{
"cve": "CVE-2023-53713",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53714",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53714"
},
{
"cve": "CVE-2023-53715",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53715"
},
{
"cve": "CVE-2023-53716",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53716"
},
{
"cve": "CVE-2023-53717",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53717"
},
{
"cve": "CVE-2023-53718",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53719",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53719"
},
{
"cve": "CVE-2023-53720",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53720"
},
{
"cve": "CVE-2023-53721",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53723",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53723"
},
{
"cve": "CVE-2023-53724",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53724"
},
{
"cve": "CVE-2023-53725",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53732",
"product_status": {
"known_affected": [
"T002207",
"T048085"
]
},
"release_date": "2025-10-22T22:00:00.000+00:00",
"title": "CVE-2023-53732"
}
]
}
CVE-2023-53729 (GCVE-0-2023-53729)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: qmi_encdec: Restrict string length in decode
The QMI TLV value for strings in a lot of qmi element info structures
account for null terminated strings with MAX_LEN + 1. If a string is
actually MAX_LEN + 1 length, this will cause an out of bounds access
when the NULL character is appended in decoding.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 Version: 9b8a11e82615274d4133aab3cf5aa1c59191f0a2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/qmi_encdec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b58859e7c4ac357517a59f0801e8ce1b58a8ee2",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "2ccab9f82772ead618689d17dbc6950d6bd1e741",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "b2f39b813d1eed4a522428d1e6acd7dfe9b81579",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "f6250ecb7fbb934b89539e7e2ba6c1d8555c0975",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "22ee7c9c7f381be178b4457bc54530002e08e938",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
},
{
"lessThan": "8d207400fd6b79c92aeb2f33bb79f62dff904ea2",
"status": "affected",
"version": "9b8a11e82615274d4133aab3cf5aa1c59191f0a2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/qmi_encdec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.295",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.257",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.295",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.257",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.195",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.132",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.54",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:57.739Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b58859e7c4ac357517a59f0801e8ce1b58a8ee2"
},
{
"url": "https://git.kernel.org/stable/c/64c5e916fabe5ef7bef0210b8a59fa8941ee1b8e"
},
{
"url": "https://git.kernel.org/stable/c/2ccab9f82772ead618689d17dbc6950d6bd1e741"
},
{
"url": "https://git.kernel.org/stable/c/b2f39b813d1eed4a522428d1e6acd7dfe9b81579"
},
{
"url": "https://git.kernel.org/stable/c/f6250ecb7fbb934b89539e7e2ba6c1d8555c0975"
},
{
"url": "https://git.kernel.org/stable/c/22ee7c9c7f381be178b4457bc54530002e08e938"
},
{
"url": "https://git.kernel.org/stable/c/8d207400fd6b79c92aeb2f33bb79f62dff904ea2"
}
],
"title": "soc: qcom: qmi_encdec: Restrict string length in decode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53729",
"datePublished": "2025-10-22T13:23:57.739Z",
"dateReserved": "2025-10-22T13:21:37.349Z",
"dateUpdated": "2025-10-22T13:23:57.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50570 (GCVE-0-2022-50570)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/chrome: fix memory corruption in ioctl
If "s_mem.bytes" is larger than the buffer size it leads to memory
corruption.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: eda2e30c6684d67288edb841c6125d48c608a242 Version: eda2e30c6684d67288edb841c6125d48c608a242 Version: eda2e30c6684d67288edb841c6125d48c608a242 Version: eda2e30c6684d67288edb841c6125d48c608a242 Version: eda2e30c6684d67288edb841c6125d48c608a242 Version: eda2e30c6684d67288edb841c6125d48c608a242 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/chrome/cros_ec_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e548f9503c4b3292a60a63fe77dccea62999a35a",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
},
{
"lessThan": "868fc93b615b9f6c2b0b1894536618fa6cd66acc",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
},
{
"lessThan": "fd1d3b265784a2243fcaef06aebfb2f8ee733cec",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
},
{
"lessThan": "f143f1d9a8e5c6c9db3de81ca270191226fcce36",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
},
{
"lessThan": "0c2e18924504208644d18415667895a4ac54cf2a",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
},
{
"lessThan": "8a07b45fd3c2dda24fad43639be5335a4595196a",
"status": "affected",
"version": "eda2e30c6684d67288edb841c6125d48c608a242",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/chrome/cros_ec_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.220",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.220",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: fix memory corruption in ioctl\n\nIf \"s_mem.bytes\" is larger than the buffer size it leads to memory\ncorruption."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:26.495Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e548f9503c4b3292a60a63fe77dccea62999a35a"
},
{
"url": "https://git.kernel.org/stable/c/868fc93b615b9f6c2b0b1894536618fa6cd66acc"
},
{
"url": "https://git.kernel.org/stable/c/fd1d3b265784a2243fcaef06aebfb2f8ee733cec"
},
{
"url": "https://git.kernel.org/stable/c/f143f1d9a8e5c6c9db3de81ca270191226fcce36"
},
{
"url": "https://git.kernel.org/stable/c/0c2e18924504208644d18415667895a4ac54cf2a"
},
{
"url": "https://git.kernel.org/stable/c/8a07b45fd3c2dda24fad43639be5335a4595196a"
}
],
"title": "platform/chrome: fix memory corruption in ioctl",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50570",
"datePublished": "2025-10-22T13:23:26.495Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:26.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53719 (GCVE-0-2023-53719)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
Smatch reports:
drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn:
'port->membase' from of_iomap() not released on lines: 631.
In arc_serial_probe(), if uart_add_one_port() fails,
port->membase is not released, which would cause a resource leak.
To fix this, I replace of_iomap with devm_platform_ioremap_resource.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a Version: 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/arc_uart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f00df24a5021a6f02c1830a290acd4bceb22a2d",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "7525aa211758cc023a371e010d16ceaae1057807",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "153017561d2804cfae87cc9aa377aa84dd906ae1",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "f76a18e53a66c0ef2938276110717b3805720cd9",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "081790eee6b47389a0d895262086d64c6a38d6e5",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "40a462313ba4f337a2b419e7fb4a670f3dd95e14",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
},
{
"lessThan": "8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd",
"status": "affected",
"version": "8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/arc_uart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.244",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.284",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.244",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.181",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.113",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.30",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.4",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: arc_uart: fix of_iomap leak in `arc_serial_probe`\n\nSmatch reports:\n\ndrivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn:\n\u0027port-\u003emembase\u0027 from of_iomap() not released on lines: 631.\n\nIn arc_serial_probe(), if uart_add_one_port() fails,\nport-\u003emembase is not released, which would cause a resource leak.\n\nTo fix this, I replace of_iomap with devm_platform_ioremap_resource."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:51.441Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f00df24a5021a6f02c1830a290acd4bceb22a2d"
},
{
"url": "https://git.kernel.org/stable/c/7525aa211758cc023a371e010d16ceaae1057807"
},
{
"url": "https://git.kernel.org/stable/c/153017561d2804cfae87cc9aa377aa84dd906ae1"
},
{
"url": "https://git.kernel.org/stable/c/f76a18e53a66c0ef2938276110717b3805720cd9"
},
{
"url": "https://git.kernel.org/stable/c/081790eee6b47389a0d895262086d64c6a38d6e5"
},
{
"url": "https://git.kernel.org/stable/c/40a462313ba4f337a2b419e7fb4a670f3dd95e14"
},
{
"url": "https://git.kernel.org/stable/c/8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd"
}
],
"title": "serial: arc_uart: fix of_iomap leak in `arc_serial_probe`",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53719",
"datePublished": "2025-10-22T13:23:51.441Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:51.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50575 (GCVE-0-2022-50575)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
As 'kdata.num' is user-controlled data, if user tries to allocate
memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it
creates a stack trace and messes up dmesg with a warning.
Call trace:
-> privcmd_ioctl
--> privcmd_ioctl_mmap_resource
Add __GFP_NOWARN in order to avoid too large allocation warning.
This is detected by static analysis using smatch.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff Version: 3ad0876554cafa368f574d4d408468510543e9ff |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/xen/privcmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d68ae32d132ea2af73bc223fd64c46f85302a8b",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "46026bb057c35f5bb111bf95e00cd8366d2e34d4",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "0bf874183b32eae2cc20e3c5be38ec3d33e7e564",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "e0c5f1058ed96f2b7487560c4c4cbd768d13d065",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "4da411086f5ab32f811a89ef804980ec106ebb65",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
},
{
"lessThan": "8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79",
"status": "affected",
"version": "3ad0876554cafa368f574d4d408468510543e9ff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/xen/privcmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()\n\nAs \u0027kdata.num\u0027 is user-controlled data, if user tries to allocate\nmemory larger than(\u003e=) MAX_ORDER, then kcalloc() will fail, it\ncreates a stack trace and messes up dmesg with a warning.\n\nCall trace:\n-\u003e privcmd_ioctl\n--\u003e privcmd_ioctl_mmap_resource\n\nAdd __GFP_NOWARN in order to avoid too large allocation warning.\nThis is detected by static analysis using smatch."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:29.595Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d68ae32d132ea2af73bc223fd64c46f85302a8b"
},
{
"url": "https://git.kernel.org/stable/c/4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5"
},
{
"url": "https://git.kernel.org/stable/c/46026bb057c35f5bb111bf95e00cd8366d2e34d4"
},
{
"url": "https://git.kernel.org/stable/c/0bf874183b32eae2cc20e3c5be38ec3d33e7e564"
},
{
"url": "https://git.kernel.org/stable/c/e0c5f1058ed96f2b7487560c4c4cbd768d13d065"
},
{
"url": "https://git.kernel.org/stable/c/4da411086f5ab32f811a89ef804980ec106ebb65"
},
{
"url": "https://git.kernel.org/stable/c/8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79"
}
],
"title": "xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50575",
"datePublished": "2025-10-22T13:23:29.595Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:29.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53731 (GCVE-0-2023-53731)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netlink: fix potential deadlock in netlink_set_err()
syzbot reported a possible deadlock in netlink_set_err() [1]
A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs
for netlink_lock_table()") in netlink_lock_table()
This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()
which were not covered by cited commit.
[1]
WARNING: possible irq lock inversion dependency detected
6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted
syz-executor.2/23011 just changed the state of lock:
ffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612
but this lock was taken by another, SOFTIRQ-safe lock in the past:
(&local->queue_stop_reason_lock){..-.}-{2:2}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nl_table_lock);
local_irq_disable();
lock(&local->queue_stop_reason_lock);
lock(nl_table_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
*** DEADLOCK ***
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 82b2ea5f904b3826934df4a00f3b8806272185f6 Version: 59fba11d649854134c75ad88c8adafa9304ac419 Version: 21df0c2e7d195de4a3c650de9361b3037fa6c59a Version: 1d6d43d4805da9b3fa0f5841e8b1083c89868f35 Version: 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d Version: 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d Version: 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d Version: 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d Version: 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d Version: 5f155c4046200f067b1dc3140ea99ef56e4e0b74 Version: a8e9111a8625dd11e70edd61f7a1ccd26c041442 Version: 76cc8e04f38c2bbfcba07f62864a011f142bd40c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c",
"net/netlink/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c09e8e3f7fd432984bf5422302b093d2371dfc48",
"status": "affected",
"version": "82b2ea5f904b3826934df4a00f3b8806272185f6",
"versionType": "git"
},
{
"lessThan": "4b9adb8d4a62ff7608d4a7d4eb42036a88f30980",
"status": "affected",
"version": "59fba11d649854134c75ad88c8adafa9304ac419",
"versionType": "git"
},
{
"lessThan": "8f6652ed2ad98fe6d13b903483d9257762ab2ec6",
"status": "affected",
"version": "21df0c2e7d195de4a3c650de9361b3037fa6c59a",
"versionType": "git"
},
{
"lessThan": "cde7b90e0539a3b11da377e463dfd2288a162dbf",
"status": "affected",
"version": "1d6d43d4805da9b3fa0f5841e8b1083c89868f35",
"versionType": "git"
},
{
"lessThan": "a641240b7e071c5538dc0e7894ece833fce459dd",
"status": "affected",
"version": "1d482e666b8e74c7555dbdfbfb77205eeed3ff2d",
"versionType": "git"
},
{
"lessThan": "61ffe8b1ee084e5c82a4e4bbf9e7b68e0c06e464",
"status": "affected",
"version": "1d482e666b8e74c7555dbdfbfb77205eeed3ff2d",
"versionType": "git"
},
{
"lessThan": "eb8e27c8fa9397b4a7b181c48fa58157dbe9902e",
"status": "affected",
"version": "1d482e666b8e74c7555dbdfbfb77205eeed3ff2d",
"versionType": "git"
},
{
"lessThan": "1556ba034b95cfd4f75ea93c1a2679ae0444bba1",
"status": "affected",
"version": "1d482e666b8e74c7555dbdfbfb77205eeed3ff2d",
"versionType": "git"
},
{
"lessThan": "8d61f926d42045961e6b65191c09e3678d86a9cf",
"status": "affected",
"version": "1d482e666b8e74c7555dbdfbfb77205eeed3ff2d",
"versionType": "git"
},
{
"status": "affected",
"version": "5f155c4046200f067b1dc3140ea99ef56e4e0b74",
"versionType": "git"
},
{
"status": "affected",
"version": "a8e9111a8625dd11e70edd61f7a1ccd26c041442",
"versionType": "git"
},
{
"status": "affected",
"version": "76cc8e04f38c2bbfcba07f62864a011f142bd40c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c",
"net/netlink/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.322",
"versionStartIncluding": "4.14.237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.291",
"versionStartIncluding": "4.19.195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.251",
"versionStartIncluding": "5.4.126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"versionStartIncluding": "5.10.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.121",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:59.055Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c09e8e3f7fd432984bf5422302b093d2371dfc48"
},
{
"url": "https://git.kernel.org/stable/c/4b9adb8d4a62ff7608d4a7d4eb42036a88f30980"
},
{
"url": "https://git.kernel.org/stable/c/8f6652ed2ad98fe6d13b903483d9257762ab2ec6"
},
{
"url": "https://git.kernel.org/stable/c/cde7b90e0539a3b11da377e463dfd2288a162dbf"
},
{
"url": "https://git.kernel.org/stable/c/a641240b7e071c5538dc0e7894ece833fce459dd"
},
{
"url": "https://git.kernel.org/stable/c/61ffe8b1ee084e5c82a4e4bbf9e7b68e0c06e464"
},
{
"url": "https://git.kernel.org/stable/c/eb8e27c8fa9397b4a7b181c48fa58157dbe9902e"
},
{
"url": "https://git.kernel.org/stable/c/1556ba034b95cfd4f75ea93c1a2679ae0444bba1"
},
{
"url": "https://git.kernel.org/stable/c/8d61f926d42045961e6b65191c09e3678d86a9cf"
}
],
"title": "netlink: fix potential deadlock in netlink_set_err()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53731",
"datePublished": "2025-10-22T13:23:59.055Z",
"dateReserved": "2025-10-22T13:21:37.349Z",
"dateUpdated": "2025-10-22T13:23:59.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53730 (GCVE-0-2023-53730)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled
when unlock. DEADLOCK might happen if we have held other locks and disabled
IRQ before invoking it.
Fix it by using spin_lock_irqsave() instead, which can keep IRQ state
consistent with before when unlock.
================================
WARNING: inconsistent lock state
5.10.0-02758-g8e5f91fd772f #26 Not tainted
--------------------------------
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:
ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq
ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390
{IN-HARDIRQ-W} state was registered at:
__lock_acquire+0x3d7/0x1070
lock_acquire+0x197/0x4a0
__raw_spin_lock_irqsave
_raw_spin_lock_irqsave+0x3b/0x60
bfq_idle_slice_timer_body
bfq_idle_slice_timer+0x53/0x1d0
__run_hrtimer+0x477/0xa70
__hrtimer_run_queues+0x1c6/0x2d0
hrtimer_interrupt+0x302/0x9e0
local_apic_timer_interrupt
__sysvec_apic_timer_interrupt+0xfd/0x420
run_sysvec_on_irqstack_cond
sysvec_apic_timer_interrupt+0x46/0xa0
asm_sysvec_apic_timer_interrupt+0x12/0x20
irq event stamp: 837522
hardirqs last enabled at (837521): [<ffffffff84b9419d>] __raw_spin_unlock_irqrestore
hardirqs last enabled at (837521): [<ffffffff84b9419d>] _raw_spin_unlock_irqrestore+0x3d/0x40
hardirqs last disabled at (837522): [<ffffffff84b93fa3>] __raw_spin_lock_irq
hardirqs last disabled at (837522): [<ffffffff84b93fa3>] _raw_spin_lock_irq+0x43/0x50
softirqs last enabled at (835852): [<ffffffff84e00558>] __do_softirq+0x558/0x8ec
softirqs last disabled at (835845): [<ffffffff84c010ff>] asm_call_irq_on_stack+0xf/0x20
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&bfqd->lock);
<Interrupt>
lock(&bfqd->lock);
*** DEADLOCK ***
3 locks held by kworker/2:3/388:
#0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0
#1: ffff8881176bfdd8 ((work_completion)(&td->dispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0
#2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq
#2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390
stack backtrace:
CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: kthrotld blk_throtl_dispatch_work_fn
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x167
print_usage_bug
valid_state
mark_lock_irq.cold+0x32/0x3a
mark_lock+0x693/0xbc0
mark_held_locks+0x9e/0xe0
__trace_hardirqs_on_caller
lockdep_hardirqs_on_prepare.part.0+0x151/0x360
trace_hardirqs_on+0x5b/0x180
__raw_spin_unlock_irq
_raw_spin_unlock_irq+0x24/0x40
spin_unlock_irq
adjust_inuse_and_calc_cost+0x4fb/0x970
ioc_rqos_merge+0x277/0x740
__rq_qos_merge+0x62/0xb0
rq_qos_merge
bio_attempt_back_merge+0x12c/0x4a0
blk_mq_sched_try_merge+0x1b6/0x4d0
bfq_bio_merge+0x24a/0x390
__blk_mq_sched_bio_merge+0xa6/0x460
blk_mq_sched_bio_merge
blk_mq_submit_bio+0x2e7/0x1ee0
__submit_bio_noacct_mq+0x175/0x3b0
submit_bio_noacct+0x1fb/0x270
blk_throtl_dispatch_work_fn+0x1ef/0x2b0
process_one_work+0x83e/0x13f0
process_scheduled_works
worker_thread+0x7e3/0xd80
kthread+0x353/0x470
ret_from_fork+0x1f/0x30
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 Version: b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8563b58a4360e648ce18f0e98a75a4be51667431",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
},
{
"lessThan": "eb120c0aff5ceab9c9c46b87f302465bbf2bbaed",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
},
{
"lessThan": "8ceeb3fc86a83700bb1585c189006080a47e8506",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
},
{
"lessThan": "9279a1b74ad98039d5d44d26b9e7a9cfe655b6d3",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
},
{
"lessThan": "3376c4fe2db4aea2dc721a27a999c41fdb45b54f",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
},
{
"lessThan": "8d211554679d0b23702bd32ba04aeac0c1c4f660",
"status": "affected",
"version": "b0853ab4a238c54b8f97ca7dde1ae156e2bbd5e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.121",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:58.419Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8563b58a4360e648ce18f0e98a75a4be51667431"
},
{
"url": "https://git.kernel.org/stable/c/eb120c0aff5ceab9c9c46b87f302465bbf2bbaed"
},
{
"url": "https://git.kernel.org/stable/c/8ceeb3fc86a83700bb1585c189006080a47e8506"
},
{
"url": "https://git.kernel.org/stable/c/9279a1b74ad98039d5d44d26b9e7a9cfe655b6d3"
},
{
"url": "https://git.kernel.org/stable/c/3376c4fe2db4aea2dc721a27a999c41fdb45b54f"
},
{
"url": "https://git.kernel.org/stable/c/8d211554679d0b23702bd32ba04aeac0c1c4f660"
}
],
"title": "blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53730",
"datePublished": "2025-10-22T13:23:58.419Z",
"dateReserved": "2025-10-22T13:21:37.349Z",
"dateUpdated": "2025-10-22T13:23:58.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53698 (GCVE-0-2023-53698)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xsk: fix refcount underflow in error path
Fix a refcount underflow problem reported by syzbot that can happen
when a system is running out of memory. If xp_alloc_tx_descs() fails,
and it can only fail due to not having enough memory, then the error
path is triggered. In this error path, the refcount of the pool is
decremented as it has incremented before. However, the reference to
the pool in the socket was not nulled. This means that when the socket
is closed later, the socket teardown logic will think that there is a
pool attached to the socket and try to decrease the refcount again,
leading to a refcount underflow.
I chose this fix as it involved adding just a single line. Another
option would have been to move xp_get_pool() and the assignment of
xs->pool to after the if-statement and using xs_umem->pool instead of
xs->pool in the whole if-statement resulting in somewhat simpler code,
but this would have led to much more churn in the code base perhaps
making it harder to backport.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "789fcd94c9cac133dd4d96e193188661aca9f6c3",
"status": "affected",
"version": "f7019562f142bc041f9cde63af338d1886585923",
"versionType": "git"
},
{
"lessThan": "15b453cf7348973217558235b9ece2ee5fea6777",
"status": "affected",
"version": "ba3beec2ec1d3b4fd8672ca6e781dac4b3267f6e",
"versionType": "git"
},
{
"lessThan": "3e7722c31d4167eb7f3ffd35aba52cab69b79072",
"status": "affected",
"version": "ba3beec2ec1d3b4fd8672ca6e781dac4b3267f6e",
"versionType": "git"
},
{
"lessThan": "85c2c79a07302fe68a1ad5cc449458cc559e314d",
"status": "affected",
"version": "ba3beec2ec1d3b4fd8672ca6e781dac4b3267f6e",
"versionType": "git"
},
{
"status": "affected",
"version": "9f0c8a9d4ef1b9ebee0e4ac2495fe790727044aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.127",
"versionStartIncluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.46",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.11",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:38.384Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/789fcd94c9cac133dd4d96e193188661aca9f6c3"
},
{
"url": "https://git.kernel.org/stable/c/15b453cf7348973217558235b9ece2ee5fea6777"
},
{
"url": "https://git.kernel.org/stable/c/3e7722c31d4167eb7f3ffd35aba52cab69b79072"
},
{
"url": "https://git.kernel.org/stable/c/85c2c79a07302fe68a1ad5cc449458cc559e314d"
}
],
"title": "xsk: fix refcount underflow in error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53698",
"datePublished": "2025-10-22T13:23:38.384Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53703 (GCVE-0-2023-53703)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: Fix for shift-out-of-bounds
Shift operation of 'exp' and 'shift' variables exceeds the maximum number
of shift values in the u32 range leading to UBSAN shift-out-of-bounds.
...
[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50
[ 6.120598] shift exponent 104 is too large for 64-bit type 'long unsigned int'
[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10
[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023
[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]
[ 6.120687] Call Trace:
[ 6.120690] <TASK>
[ 6.120694] dump_stack_lvl+0x48/0x70
[ 6.120704] dump_stack+0x10/0x20
[ 6.120707] ubsan_epilogue+0x9/0x40
[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170
[ 6.120720] ? psi_group_change+0x25f/0x4b0
[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]
[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]
[ 6.120748] ? __schedule+0xba7/0x1b60
[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]
[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]
[ 6.120772] process_one_work+0x229/0x430
[ 6.120780] worker_thread+0x4a/0x3c0
[ 6.120784] ? __pfx_worker_thread+0x10/0x10
[ 6.120788] kthread+0xf7/0x130
[ 6.120792] ? __pfx_kthread+0x10/0x10
[ 6.120795] ret_from_fork+0x29/0x50
[ 6.120804] </TASK>
...
Fix this by adding the condition to validate shift ranges.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a45ed1ae34bb0e68944471f4bafb68e0a572791",
"status": "affected",
"version": "93ce5e0231d79189be4d9e5f9295807b18941419",
"versionType": "git"
},
{
"lessThan": "1e50bc2c177d4b2953d77037ac46ea0702d6aa1f",
"status": "affected",
"version": "93ce5e0231d79189be4d9e5f9295807b18941419",
"versionType": "git"
},
{
"lessThan": "87854366176403438d01f368b09de3ec2234e0f5",
"status": "affected",
"version": "93ce5e0231d79189be4d9e5f9295807b18941419",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.40",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.5",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:41.450Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a45ed1ae34bb0e68944471f4bafb68e0a572791"
},
{
"url": "https://git.kernel.org/stable/c/1e50bc2c177d4b2953d77037ac46ea0702d6aa1f"
},
{
"url": "https://git.kernel.org/stable/c/87854366176403438d01f368b09de3ec2234e0f5"
}
],
"title": "HID: amd_sfh: Fix for shift-out-of-bounds",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53703",
"datePublished": "2025-10-22T13:23:41.450Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:41.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50573 (GCVE-0-2022-50573)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks
Coverity message: variable "buf" going out of scope leaks the storage.
Addresses-Coverity-ID: 1527799 ("Resource leaks")
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ecff00802f60fa5d08c133d209ed984a455a41f8",
"status": "affected",
"version": "e3296759f34752ea2562678706dbb5bf607af530",
"versionType": "git"
},
{
"lessThan": "8b25301af01566f4b5a301fc1ad7c5d2b1788d7f",
"status": "affected",
"version": "e3296759f34752ea2562678706dbb5bf607af530",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks\n\nCoverity message: variable \"buf\" going out of scope leaks the storage.\n\nAddresses-Coverity-ID: 1527799 (\"Resource leaks\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:28.437Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ecff00802f60fa5d08c133d209ed984a455a41f8"
},
{
"url": "https://git.kernel.org/stable/c/8b25301af01566f4b5a301fc1ad7c5d2b1788d7f"
}
],
"title": "wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50573",
"datePublished": "2025-10-22T13:23:28.437Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:28.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53716 (GCVE-0-2023-53716)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix skb leak in __skb_tstamp_tx()
Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with
TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with
zerocopy skbs. But it ended up adding a leak of its own. When
skb_orphan_frags_rx() fails, the function just returns, leaking the skb
it just cloned. Free it before returning.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 281072fb2a7294cde7acbf5375b879f40a8001b7 Version: 1f69c086b20e27763af28145981435423f088268 Version: 602fa8af44fd55a58f9e94eb673e8adad2c6cc46 Version: 230a5ed7d813fb516de81d23f09d7506753e41e9 Version: 43e4197dd5f6b474a8b16f8b6a42cd45cf4f9d1a Version: cb52e7f24c1d01a536a847dff0d1d95889cc3b5c Version: 426384dd4980040651536fef5feac4dcc4d7ee4e Version: 50749f2dd6854a41830996ad302aef2ffaf011d8 Version: 30290f210ba7426ff7592fe2eb4114b1b5bad219 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82501f1ead557cbee1c2467654ec109a80334d22",
"status": "affected",
"version": "281072fb2a7294cde7acbf5375b879f40a8001b7",
"versionType": "git"
},
{
"lessThan": "779332447108545ef04682ea29af5f85c0202aee",
"status": "affected",
"version": "1f69c086b20e27763af28145981435423f088268",
"versionType": "git"
},
{
"lessThan": "58766252f6b2c0487cda6976a53d2bb03ae28e2a",
"status": "affected",
"version": "602fa8af44fd55a58f9e94eb673e8adad2c6cc46",
"versionType": "git"
},
{
"lessThan": "a594382ec6d0cc8cff5a8bc7e61b54e3858fb243",
"status": "affected",
"version": "230a5ed7d813fb516de81d23f09d7506753e41e9",
"versionType": "git"
},
{
"lessThan": "e06841a2abf9c82735cee39e88b1d79464088840",
"status": "affected",
"version": "43e4197dd5f6b474a8b16f8b6a42cd45cf4f9d1a",
"versionType": "git"
},
{
"lessThan": "cc18b4685910d5d9de8314bae9c55790701b1811",
"status": "affected",
"version": "cb52e7f24c1d01a536a847dff0d1d95889cc3b5c",
"versionType": "git"
},
{
"lessThan": "f4d928c00254cfc9dd0ee7076f4a59bceec675f4",
"status": "affected",
"version": "426384dd4980040651536fef5feac4dcc4d7ee4e",
"versionType": "git"
},
{
"lessThan": "8a02fb71d7192ff1a9a47c9d937624966c6e09af",
"status": "affected",
"version": "50749f2dd6854a41830996ad302aef2ffaf011d8",
"versionType": "git"
},
{
"status": "affected",
"version": "30290f210ba7426ff7592fe2eb4114b1b5bad219",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.14.316",
"status": "affected",
"version": "4.14.315",
"versionType": "semver"
},
{
"lessThan": "4.19.284",
"status": "affected",
"version": "4.19.283",
"versionType": "semver"
},
{
"lessThan": "5.4.244",
"status": "affected",
"version": "5.4.243",
"versionType": "semver"
},
{
"lessThan": "5.10.181",
"status": "affected",
"version": "5.10.180",
"versionType": "semver"
},
{
"lessThan": "5.15.114",
"status": "affected",
"version": "5.15.111",
"versionType": "semver"
},
{
"lessThan": "6.1.31",
"status": "affected",
"version": "6.1.28",
"versionType": "semver"
},
{
"lessThan": "6.3.5",
"status": "affected",
"version": "6.3.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.316",
"versionStartIncluding": "4.14.315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.284",
"versionStartIncluding": "4.19.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.244",
"versionStartIncluding": "5.4.243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.181",
"versionStartIncluding": "5.10.180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.114",
"versionStartIncluding": "5.15.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.31",
"versionStartIncluding": "6.1.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5",
"versionStartIncluding": "6.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix skb leak in __skb_tstamp_tx()\n\nCommit 50749f2dd685 (\"tcp/udp: Fix memleaks of sk and zerocopy skbs with\nTX timestamp.\") added a call to skb_orphan_frags_rx() to fix leaks with\nzerocopy skbs. But it ended up adding a leak of its own. When\nskb_orphan_frags_rx() fails, the function just returns, leaking the skb\nit just cloned. Free it before returning.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:49.536Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82501f1ead557cbee1c2467654ec109a80334d22"
},
{
"url": "https://git.kernel.org/stable/c/779332447108545ef04682ea29af5f85c0202aee"
},
{
"url": "https://git.kernel.org/stable/c/58766252f6b2c0487cda6976a53d2bb03ae28e2a"
},
{
"url": "https://git.kernel.org/stable/c/a594382ec6d0cc8cff5a8bc7e61b54e3858fb243"
},
{
"url": "https://git.kernel.org/stable/c/e06841a2abf9c82735cee39e88b1d79464088840"
},
{
"url": "https://git.kernel.org/stable/c/cc18b4685910d5d9de8314bae9c55790701b1811"
},
{
"url": "https://git.kernel.org/stable/c/f4d928c00254cfc9dd0ee7076f4a59bceec675f4"
},
{
"url": "https://git.kernel.org/stable/c/8a02fb71d7192ff1a9a47c9d937624966c6e09af"
}
],
"title": "net: fix skb leak in __skb_tstamp_tx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53716",
"datePublished": "2025-10-22T13:23:49.536Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:49.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50582 (GCVE-0-2022-50582)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: core: Prevent integer underflow
By using a ratio of delay to poll_enabled_time that is not integer
time_remaining underflows and does not exit the loop as expected.
As delay could be derived from DT and poll_enabled_time is defined
in the driver this can easily happen.
Use a signed iterator to make sure that the loop exits once
the remaining time is negative.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b051d9bf98bd9cea312b228e264eb6542a9beb67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e33da263e9658bfe870ea7836fbbd72f246d7dbd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9f2395316e4845466cb9b5b9b15a171a2c91913c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfe602d9a349360e60e9051c9cafb9fef204524d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d8e16592022c9650df8aedfe6552ed478d7135b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: Prevent integer underflow\n\nBy using a ratio of delay to poll_enabled_time that is not integer\ntime_remaining underflows and does not exit the loop as expected.\nAs delay could be derived from DT and poll_enabled_time is defined\nin the driver this can easily happen.\n\nUse a signed iterator to make sure that the loop exits once\nthe remaining time is negative."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:34.037Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b051d9bf98bd9cea312b228e264eb6542a9beb67"
},
{
"url": "https://git.kernel.org/stable/c/e33da263e9658bfe870ea7836fbbd72f246d7dbd"
},
{
"url": "https://git.kernel.org/stable/c/9f2395316e4845466cb9b5b9b15a171a2c91913c"
},
{
"url": "https://git.kernel.org/stable/c/bfe602d9a349360e60e9051c9cafb9fef204524d"
},
{
"url": "https://git.kernel.org/stable/c/8d8e16592022c9650df8aedfe6552ed478d7135b"
}
],
"title": "regulator: core: Prevent integer underflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50582",
"datePublished": "2025-10-22T13:23:34.037Z",
"dateReserved": "2025-10-22T13:20:23.762Z",
"dateUpdated": "2025-10-22T13:23:34.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53728 (GCVE-0-2023-53728)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
posix-timers: Ensure timer ID search-loop limit is valid
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sched/signal.h",
"kernel/time/posix-timers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8dc52c200b889bc1cb34288fbf623d4ff381d2ae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ea26a8494a0a9337e7415eafd6f3ed940327dc5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ad6679a5bb97cdb3e14942729292b4bfcc0e223",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "322377cc909defcca9451487484845e7e1d20d1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ef535e0315afd098c4beb1da364847eca4b56a20",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a0ac84501b4fec73a1a823c55cf13584c43f418",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ce8849dd1e78dadcee0ec9acbd259d239b7069f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sched/signal.h",
"kernel/time/posix-timers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:57.127Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8dc52c200b889bc1cb34288fbf623d4ff381d2ae"
},
{
"url": "https://git.kernel.org/stable/c/9ea26a8494a0a9337e7415eafd6f3ed940327dc5"
},
{
"url": "https://git.kernel.org/stable/c/8ad6679a5bb97cdb3e14942729292b4bfcc0e223"
},
{
"url": "https://git.kernel.org/stable/c/322377cc909defcca9451487484845e7e1d20d1b"
},
{
"url": "https://git.kernel.org/stable/c/ef535e0315afd098c4beb1da364847eca4b56a20"
},
{
"url": "https://git.kernel.org/stable/c/6a0ac84501b4fec73a1a823c55cf13584c43f418"
},
{
"url": "https://git.kernel.org/stable/c/37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937"
},
{
"url": "https://git.kernel.org/stable/c/8ce8849dd1e78dadcee0ec9acbd259d239b7069f"
}
],
"title": "posix-timers: Ensure timer ID search-loop limit is valid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53728",
"datePublished": "2025-10-22T13:23:57.127Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:57.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53693 (GCVE-0-2023-53693)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-30 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: gadget: Fix the memory leak in raw_gadget driver
Currently, increasing raw_dev->count happens before invoke the
raw_queue_event(), if the raw_queue_event() return error, invoke
raw_release() will not trigger the dev_free() to be called.
[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event
[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12
[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12
[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
BUG: memory leak
[<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076
[<ffffffff8347eb55>] kmalloc include/linux/slab.h:582 [inline]
[<ffffffff8347eb55>] kzalloc include/linux/slab.h:703 [inline]
[<ffffffff8347eb55>] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]
[<ffffffff8347eb55>] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385
[<ffffffff827d1d09>] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165
[<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076
[<ffffffff8347cd2f>] kmalloc include/linux/slab.h:582 [inline]
[<ffffffff8347cd2f>] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460
[<ffffffff8347dfe9>] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250
[<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076
[<ffffffff833ecc6a>] kmalloc include/linux/slab.h:582 [inline]
[<ffffffff833ecc6a>] kzalloc include/linux/slab.h:703 [inline]
[<ffffffff833ecc6a>] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665
[<ffffffff833e9132>] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196
[<ffffffff8347f13d>] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292
This commit therefore invoke kref_get() under the condition that
raw_queue_event() return success.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/legacy/raw_gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68e6287ac61dc22513cd39f02b9ac1fef28513e4",
"status": "affected",
"version": "f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10",
"versionType": "git"
},
{
"lessThan": "0f7a2b567197798da7bfa2252f4485c0ca6c6266",
"status": "affected",
"version": "f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10",
"versionType": "git"
},
{
"lessThan": "de77000c1923d7942f9b4f08447c8feeae1c0f33",
"status": "affected",
"version": "f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10",
"versionType": "git"
},
{
"lessThan": "9934e5d07c0dc294169a7d52f6309f35cd6d7755",
"status": "affected",
"version": "f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10",
"versionType": "git"
},
{
"lessThan": "83e30f2bf86ef7c38fbd476ed81a88522b620628",
"status": "affected",
"version": "f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/legacy/raw_gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.190",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.124",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.43",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:33:07.203Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68e6287ac61dc22513cd39f02b9ac1fef28513e4"
},
{
"url": "https://git.kernel.org/stable/c/0f7a2b567197798da7bfa2252f4485c0ca6c6266"
},
{
"url": "https://git.kernel.org/stable/c/de77000c1923d7942f9b4f08447c8feeae1c0f33"
},
{
"url": "https://git.kernel.org/stable/c/9934e5d07c0dc294169a7d52f6309f35cd6d7755"
},
{
"url": "https://git.kernel.org/stable/c/83e30f2bf86ef7c38fbd476ed81a88522b620628"
}
],
"title": "USB: gadget: Fix the memory leak in raw_gadget driver",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53693",
"datePublished": "2025-10-22T13:23:35.280Z",
"dateReserved": "2025-10-22T13:21:37.344Z",
"dateUpdated": "2025-10-30T19:33:07.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50580 (GCVE-0-2022-50580)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-throttle: prevent overflow while calculating wait time
There is a problem found by code review in tg_with_in_bps_limit() that
'bps_limit * jiffy_elapsed_rnd' might overflow. Fix the problem by
calling mul_u64_u64_div_u64() instead.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-throttle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19c010ae44f0ce52b5436080492a61a092ee0cf4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70b2adb1d698fbc63d3b3848c452524dc15872c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cc6f0855bf8d9b729df28ff443ced7350c380dbd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca67b0563b39e79290c23e509319c178b9ca9104",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d6bbaada2e0a65f9012ac4c2506460160e7237a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-throttle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-throttle: prevent overflow while calculating wait time\n\nThere is a problem found by code review in tg_with_in_bps_limit() that\n\u0027bps_limit * jiffy_elapsed_rnd\u0027 might overflow. Fix the problem by\ncalling mul_u64_u64_div_u64() instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:32.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19c010ae44f0ce52b5436080492a61a092ee0cf4"
},
{
"url": "https://git.kernel.org/stable/c/70b2adb1d698fbc63d3b3848c452524dc15872c5"
},
{
"url": "https://git.kernel.org/stable/c/cc6f0855bf8d9b729df28ff443ced7350c380dbd"
},
{
"url": "https://git.kernel.org/stable/c/ca67b0563b39e79290c23e509319c178b9ca9104"
},
{
"url": "https://git.kernel.org/stable/c/8d6bbaada2e0a65f9012ac4c2506460160e7237a"
}
],
"title": "blk-throttle: prevent overflow while calculating wait time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50580",
"datePublished": "2025-10-22T13:23:32.808Z",
"dateReserved": "2025-10-22T13:20:23.762Z",
"dateUpdated": "2025-10-22T13:23:32.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53707 (GCVE-0-2023-53707)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
The type of size is unsigned int, if size is 0x40000000, there will
be an integer overflow, size will be zero after size *= sizeof(uint32_t),
will cause uninitialized memory to be referenced later.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f55d300541cb5b435984d269087810581580b00",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c3deb091398e9e469d08dd1599b6d76fd6b29df8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87c2213e85bd81e4a9a4d0880c256568794ae388",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:43.822Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f55d300541cb5b435984d269087810581580b00"
},
{
"url": "https://git.kernel.org/stable/c/c3deb091398e9e469d08dd1599b6d76fd6b29df8"
},
{
"url": "https://git.kernel.org/stable/c/87c2213e85bd81e4a9a4d0880c256568794ae388"
}
],
"title": "drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53707",
"datePublished": "2025-10-22T13:23:43.822Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:43.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53722 (GCVE-0-2023-53722)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: raid1: fix potential OOB in raid1_remove_disk()
If rddev->raid_disk is greater than mddev->raid_disks, there will be
an out-of-bounds in raid1_remove_disk(). We have already found
similar reports as follows:
1) commit d17f744e883b ("md-raid10: fix KASAN warning")
2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk")
Fix this bug by checking whether the "number" variable is
valid.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "beedf40f73939f248c81802eda08a2a8148ea13e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "91fbd4e75cb573f44d2619a9dc2f9ba927040760",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "25a68f2286be56fb3a6f9fa0e269c04b5e6c6e24",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7993cfc041481a3a9cd4a3858088fc846b8ccaf7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f96c0665f9f4cf70130c9757750dc43dc679c82",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f7d853b4590fc20e90dd50e346c02811a8c5b08",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4bdb92eaf645e312975357adc3c4e9523b6e67f1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b0472b50bcf0f19a5119b00a53b63579c8e1e4d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.326",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.295",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.257",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:53.329Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/beedf40f73939f248c81802eda08a2a8148ea13e"
},
{
"url": "https://git.kernel.org/stable/c/91fbd4e75cb573f44d2619a9dc2f9ba927040760"
},
{
"url": "https://git.kernel.org/stable/c/25a68f2286be56fb3a6f9fa0e269c04b5e6c6e24"
},
{
"url": "https://git.kernel.org/stable/c/7993cfc041481a3a9cd4a3858088fc846b8ccaf7"
},
{
"url": "https://git.kernel.org/stable/c/4f96c0665f9f4cf70130c9757750dc43dc679c82"
},
{
"url": "https://git.kernel.org/stable/c/4f7d853b4590fc20e90dd50e346c02811a8c5b08"
},
{
"url": "https://git.kernel.org/stable/c/4bdb92eaf645e312975357adc3c4e9523b6e67f1"
},
{
"url": "https://git.kernel.org/stable/c/8b0472b50bcf0f19a5119b00a53b63579c8e1e4d"
}
],
"title": "md: raid1: fix potential OOB in raid1_remove_disk()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53722",
"datePublished": "2025-10-22T13:23:53.329Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50562 (GCVE-0-2022-50562)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: acpi: Call acpi_put_table() to fix memory leak
The start and length of the event log area are obtained from
TPM2 or TCPA table, so we call acpi_get_table() to get the
ACPI information, but the acpi_get_table() should be coupled with
acpi_put_table() to release the ACPI memory, add the acpi_put_table()
properly to fix the memory leak.
While we are at it, remove the redundant empty line at the
end of the tpm_read_log_acpi().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/eventlog/acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ddc48068ac85740d3d5f9f3b0b323e733a35b33",
"status": "affected",
"version": "0bfb23746052168620c5b52f49d8a47c3bb022fa",
"versionType": "git"
},
{
"lessThan": "638cd298dfebce46919cbd6cf1884701215f506d",
"status": "affected",
"version": "0bfb23746052168620c5b52f49d8a47c3bb022fa",
"versionType": "git"
},
{
"lessThan": "694a3d66f493afd77c704c6de91d9be4d6e004e4",
"status": "affected",
"version": "0bfb23746052168620c5b52f49d8a47c3bb022fa",
"versionType": "git"
},
{
"lessThan": "bf31e3f8077af539feaf4e9bbf82e8eb51e7e5a8",
"status": "affected",
"version": "0bfb23746052168620c5b52f49d8a47c3bb022fa",
"versionType": "git"
},
{
"lessThan": "8740a12ca2e2959531ad253bac99ada338b33d80",
"status": "affected",
"version": "0bfb23746052168620c5b52f49d8a47c3bb022fa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/eventlog/acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.87",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.17",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: acpi: Call acpi_put_table() to fix memory leak\n\nThe start and length of the event log area are obtained from\nTPM2 or TCPA table, so we call acpi_get_table() to get the\nACPI information, but the acpi_get_table() should be coupled with\nacpi_put_table() to release the ACPI memory, add the acpi_put_table()\nproperly to fix the memory leak.\n\nWhile we are at it, remove the redundant empty line at the\nend of the tpm_read_log_acpi()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:21.421Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ddc48068ac85740d3d5f9f3b0b323e733a35b33"
},
{
"url": "https://git.kernel.org/stable/c/638cd298dfebce46919cbd6cf1884701215f506d"
},
{
"url": "https://git.kernel.org/stable/c/694a3d66f493afd77c704c6de91d9be4d6e004e4"
},
{
"url": "https://git.kernel.org/stable/c/bf31e3f8077af539feaf4e9bbf82e8eb51e7e5a8"
},
{
"url": "https://git.kernel.org/stable/c/8740a12ca2e2959531ad253bac99ada338b33d80"
}
],
"title": "tpm: acpi: Call acpi_put_table() to fix memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50562",
"datePublished": "2025-10-22T13:23:21.421Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:21.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50556 (GCVE-0-2022-50556)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drmm_mode_config_init() will call drm_mode_create_standard_properties()
and won't check the ret value. When drm_mode_create_standard_properties()
failed due to alloc, property will be a NULL pointer and may causes the
null-ptr-deref. Fix the null-ptr-deref by adding the ret value check.
Found null-ptr-deref while testing insert module bochs:
general protection fault, probably for non-canonical address
0xdffffc000000000c: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
CPU: 3 PID: 249 Comm: modprobe Not tainted 6.1.0-rc1+ #364
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:drm_object_attach_property+0x73/0x3c0 [drm]
Call Trace:
<TASK>
__drm_connector_init+0xb6c/0x1100 [drm]
bochs_pci_probe.cold.11+0x4cb/0x7fe [bochs]
pci_device_probe+0x17d/0x340
really_probe+0x1db/0x5d0
__driver_probe_device+0x1e7/0x250
driver_probe_device+0x4a/0x120
__driver_attach+0xcd/0x2c0
bus_for_each_dev+0x11a/0x1b0
bus_add_driver+0x3d7/0x500
driver_register+0x18e/0x320
do_one_initcall+0xc4/0x3e0
do_init_module+0x1b4/0x630
load_module+0x5dca/0x7230
__do_sys_finit_module+0x100/0x170
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff65af9f839
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_mode_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ae70041a6d7de62a0cdb2bbcfe0c9cf753035d0",
"status": "affected",
"version": "6b4959f43a04e12d39c5700607727f2cbcfeac31",
"versionType": "git"
},
{
"lessThan": "d06e827a65a6bcd2e329045d891d0739cec1cf4a",
"status": "affected",
"version": "6b4959f43a04e12d39c5700607727f2cbcfeac31",
"versionType": "git"
},
{
"lessThan": "b14147464251f66e38fa39f0aae9780466db8610",
"status": "affected",
"version": "6b4959f43a04e12d39c5700607727f2cbcfeac31",
"versionType": "git"
},
{
"lessThan": "961620ad67611a7320a49f4b6f3c5e2906833a03",
"status": "affected",
"version": "6b4959f43a04e12d39c5700607727f2cbcfeac31",
"versionType": "git"
},
{
"lessThan": "834c23e4f798dcdc8af251b3c428ceef94741991",
"status": "affected",
"version": "6b4959f43a04e12d39c5700607727f2cbcfeac31",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_mode_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref due to drmm_mode_config_init()\n\ndrmm_mode_config_init() will call drm_mode_create_standard_properties()\nand won\u0027t check the ret value. When drm_mode_create_standard_properties()\nfailed due to alloc, property will be a NULL pointer and may causes the\nnull-ptr-deref. Fix the null-ptr-deref by adding the ret value check.\n\nFound null-ptr-deref while testing insert module bochs:\ngeneral protection fault, probably for non-canonical address\n 0xdffffc000000000c: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]\nCPU: 3 PID: 249 Comm: modprobe Not tainted 6.1.0-rc1+ #364\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:drm_object_attach_property+0x73/0x3c0 [drm]\nCall Trace:\n \u003cTASK\u003e\n __drm_connector_init+0xb6c/0x1100 [drm]\n bochs_pci_probe.cold.11+0x4cb/0x7fe [bochs]\n pci_device_probe+0x17d/0x340\n really_probe+0x1db/0x5d0\n __driver_probe_device+0x1e7/0x250\n driver_probe_device+0x4a/0x120\n __driver_attach+0xcd/0x2c0\n bus_for_each_dev+0x11a/0x1b0\n bus_add_driver+0x3d7/0x500\n driver_register+0x18e/0x320\n do_one_initcall+0xc4/0x3e0\n do_init_module+0x1b4/0x630\n load_module+0x5dca/0x7230\n __do_sys_finit_module+0x100/0x170\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ff65af9f839"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:17.527Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ae70041a6d7de62a0cdb2bbcfe0c9cf753035d0"
},
{
"url": "https://git.kernel.org/stable/c/d06e827a65a6bcd2e329045d891d0739cec1cf4a"
},
{
"url": "https://git.kernel.org/stable/c/b14147464251f66e38fa39f0aae9780466db8610"
},
{
"url": "https://git.kernel.org/stable/c/961620ad67611a7320a49f4b6f3c5e2906833a03"
},
{
"url": "https://git.kernel.org/stable/c/834c23e4f798dcdc8af251b3c428ceef94741991"
}
],
"title": "drm: Fix potential null-ptr-deref due to drmm_mode_config_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50556",
"datePublished": "2025-10-22T13:23:17.527Z",
"dateReserved": "2025-10-22T13:20:23.758Z",
"dateUpdated": "2025-10-22T13:23:17.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50577 (GCVE-0-2022-50577)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix memory leak in __ima_inode_hash()
Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets
measurement or audit happen even if the file digest cannot be calculated.
As a result, iint->ima_hash could have been allocated despite
ima_collect_measurement() returning an error.
Since ima_hash belongs to a temporary inode metadata structure, declared
at the beginning of __ima_inode_hash(), just add a kfree() call if
ima_collect_measurement() returns an error different from -ENOMEM (in that
case, ima_hash should not have been allocated).
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4df8cb38f139ed9f4296868c0a6f15a26e8c491",
"status": "affected",
"version": "280fe8367b0dc45b6ac5e04fad03e16e99540c0c",
"versionType": "git"
},
{
"lessThan": "f375bcf69f58fd0744c9dfd1b6b891a27301d67b",
"status": "affected",
"version": "280fe8367b0dc45b6ac5e04fad03e16e99540c0c",
"versionType": "git"
},
{
"lessThan": "8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8",
"status": "affected",
"version": "280fe8367b0dc45b6ac5e04fad03e16e99540c0c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix memory leak in __ima_inode_hash()\n\nCommit f3cc6b25dcc5 (\"ima: always measure and audit files in policy\") lets\nmeasurement or audit happen even if the file digest cannot be calculated.\n\nAs a result, iint-\u003eima_hash could have been allocated despite\nima_collect_measurement() returning an error.\n\nSince ima_hash belongs to a temporary inode metadata structure, declared\nat the beginning of __ima_inode_hash(), just add a kfree() call if\nima_collect_measurement() returns an error different from -ENOMEM (in that\ncase, ima_hash should not have been allocated)."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:30.910Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4df8cb38f139ed9f4296868c0a6f15a26e8c491"
},
{
"url": "https://git.kernel.org/stable/c/f375bcf69f58fd0744c9dfd1b6b891a27301d67b"
},
{
"url": "https://git.kernel.org/stable/c/8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8"
}
],
"title": "ima: Fix memory leak in __ima_inode_hash()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50577",
"datePublished": "2025-10-22T13:23:30.910Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53710 (GCVE-0-2023-53710)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
Kernel NULL pointer dereference when ACPI SAR table isn't implemented well.
Fix the error code of return to mark the ACPI SAR table as invalid.
[ 5.077128] mt7921e 0000:06:00.0: sar cnt = 0
[ 5.077381] BUG: kernel NULL pointer dereference, address:
0000000000000004
[ 5.077630] #PF: supervisor read access in kernel mode
[ 5.077883] #PF: error_code(0x0000) - not-present page
[ 5.078138] PGD 0 P4D 0
[ 5.078398] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 5.079202] RIP: 0010:mt7921_init_acpi_sar+0x106/0x220
[mt7921_common]
...
[ 5.080786] Call Trace:
[ 5.080786] <TASK>
[ 5.080786] mt7921_register_device+0x37d/0x490 [mt7921_common]
[ 5.080786] mt7921_pci_probe.part.0+0x2ee/0x310 [mt7921e]
[ 5.080786] mt7921_pci_probe+0x52/0x70 [mt7921e]
[ 5.080786] local_pci_probe+0x47/0x90
[ 5.080786] pci_call_probe+0x55/0x190
[ 5.080786] pci_device_probe+0x84/0x120
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2a9a5f88e0da71c8e4f30aacbda45b1a1af5469d",
"status": "affected",
"version": "f965333e491e36adb0fa91e389fba8685b704fb6",
"versionType": "git"
},
{
"lessThan": "59c2b0aec7a5aa350aa3edfb4363b19348c2269f",
"status": "affected",
"version": "f965333e491e36adb0fa91e389fba8685b704fb6",
"versionType": "git"
},
{
"lessThan": "888d89034f9eaeab9b5b75f13dbe35376c7dd471",
"status": "affected",
"version": "f965333e491e36adb0fa91e389fba8685b704fb6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix error code of return in mt7921_acpi_read\n\nKernel NULL pointer dereference when ACPI SAR table isn\u0027t implemented well.\nFix the error code of return to mark the ACPI SAR table as invalid.\n\n[ 5.077128] mt7921e 0000:06:00.0: sar cnt = 0\n[ 5.077381] BUG: kernel NULL pointer dereference, address:\n0000000000000004\n[ 5.077630] #PF: supervisor read access in kernel mode\n[ 5.077883] #PF: error_code(0x0000) - not-present page\n[ 5.078138] PGD 0 P4D 0\n[ 5.078398] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 5.079202] RIP: 0010:mt7921_init_acpi_sar+0x106/0x220\n[mt7921_common]\n...\n[ 5.080786] Call Trace:\n[ 5.080786] \u003cTASK\u003e\n[ 5.080786] mt7921_register_device+0x37d/0x490 [mt7921_common]\n[ 5.080786] mt7921_pci_probe.part.0+0x2ee/0x310 [mt7921e]\n[ 5.080786] mt7921_pci_probe+0x52/0x70 [mt7921e]\n[ 5.080786] local_pci_probe+0x47/0x90\n[ 5.080786] pci_call_probe+0x55/0x190\n[ 5.080786] pci_device_probe+0x84/0x120"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:45.785Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a9a5f88e0da71c8e4f30aacbda45b1a1af5469d"
},
{
"url": "https://git.kernel.org/stable/c/59c2b0aec7a5aa350aa3edfb4363b19348c2269f"
},
{
"url": "https://git.kernel.org/stable/c/888d89034f9eaeab9b5b75f13dbe35376c7dd471"
}
],
"title": "wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53710",
"datePublished": "2025-10-22T13:23:45.785Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:45.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53718 (GCVE-0-2023-53718)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Do not swap cpu_buffer during resize process
When ring_buffer_swap_cpu was called during resize process,
the cpu buffer was swapped in the middle, resulting in incorrect state.
Continuing to run in the wrong state will result in oops.
This issue can be easily reproduced using the following two scripts:
/tmp # cat test1.sh
//#! /bin/sh
for i in `seq 0 100000`
do
echo 2000 > /sys/kernel/debug/tracing/buffer_size_kb
sleep 0.5
echo 5000 > /sys/kernel/debug/tracing/buffer_size_kb
sleep 0.5
done
/tmp # cat test2.sh
//#! /bin/sh
for i in `seq 0 100000`
do
echo irqsoff > /sys/kernel/debug/tracing/current_tracer
sleep 1
echo nop > /sys/kernel/debug/tracing/current_tracer
sleep 1
done
/tmp # ./test1.sh &
/tmp # ./test2.sh &
A typical oops log is as follows, sometimes with other different oops logs.
[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8
[ 231.713375] Modules linked in:
[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15
[ 231.716750] Hardware name: linux,dummy-virt (DT)
[ 231.718152] Workqueue: events update_pages_handler
[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 231.721171] pc : rb_update_pages+0x378/0x3f8
[ 231.722212] lr : rb_update_pages+0x25c/0x3f8
[ 231.723248] sp : ffff800082b9bd50
[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000
[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0
[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a
[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000
[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510
[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002
[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558
[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001
[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000
[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208
[ 231.744196] Call trace:
[ 231.744892] rb_update_pages+0x378/0x3f8
[ 231.745893] update_pages_handler+0x1c/0x38
[ 231.746893] process_one_work+0x1f0/0x468
[ 231.747852] worker_thread+0x54/0x410
[ 231.748737] kthread+0x124/0x138
[ 231.749549] ret_from_fork+0x10/0x20
[ 231.750434] ---[ end trace 0000000000000000 ]---
[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 233.721696] Mem abort info:
[ 233.721935] ESR = 0x0000000096000004
[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits
[ 233.722596] SET = 0, FnV = 0
[ 233.722805] EA = 0, S1PTW = 0
[ 233.723026] FSC = 0x04: level 0 translation fault
[ 233.723458] Data abort info:
[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000
[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 233.726720] Modules linked in:
[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15
[ 233.727777] Hardware name: linux,dummy-virt (DT)
[ 233.728225] Workqueue: events update_pages_handler
[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8
[ 233.729334] lr : rb_update_pages+0x154/0x3f8
[ 233.729592] sp : ffff800082b9bd50
[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000
---truncated---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c",
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66a3b2a121386702663065d5c9e5a33c03d3f4a2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49b830d75f03d5dd41146d10e4d3e2a8211c4b94",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "128c06a34cfe55212632533a706b050d54552741",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02e52d7daaa3f0f48819f198092cf4871065bbf7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a96c0288d0737ad77882024974c075345c72011",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c",
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.192",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:50.809Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66a3b2a121386702663065d5c9e5a33c03d3f4a2"
},
{
"url": "https://git.kernel.org/stable/c/49b830d75f03d5dd41146d10e4d3e2a8211c4b94"
},
{
"url": "https://git.kernel.org/stable/c/128c06a34cfe55212632533a706b050d54552741"
},
{
"url": "https://git.kernel.org/stable/c/02e52d7daaa3f0f48819f198092cf4871065bbf7"
},
{
"url": "https://git.kernel.org/stable/c/8a96c0288d0737ad77882024974c075345c72011"
}
],
"title": "ring-buffer: Do not swap cpu_buffer during resize process",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53718",
"datePublished": "2025-10-22T13:23:50.809Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:50.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50574 (GCVE-0-2022-50574)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/omap: dss: Fix refcount leak bugs
In dss_init_ports() and __dss_uninit_ports(), we should call
of_node_put() for the reference returned by of_graph_get_port_by_id()
in fail path or when it is not used anymore.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 Version: 09bffa6e519256c6fa1552d6ba1f5d594337a464 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/omapdrm/dss/dss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d7af9b1624dd70b67354972d7297429e6372091",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
},
{
"lessThan": "1f340e1c1c74d11c45a6e32663829b26acd4f47b",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
},
{
"lessThan": "a5ce83e85d795ec98697039ecc518b21d5810adc",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
},
{
"lessThan": "e55261beb86a15c190b2ff9090cb47bc06765353",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
},
{
"lessThan": "8f7c4114db841497e1148598e22548dd1f700b22",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
},
{
"lessThan": "8b42057e62120813ebe9274f508fa785b7cab33a",
"status": "affected",
"version": "09bffa6e519256c6fa1552d6ba1f5d594337a464",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/omapdrm/dss/dss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.220",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.220",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/omap: dss: Fix refcount leak bugs\n\nIn dss_init_ports() and __dss_uninit_ports(), we should call\nof_node_put() for the reference returned by of_graph_get_port_by_id()\nin fail path or when it is not used anymore."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:29.027Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d7af9b1624dd70b67354972d7297429e6372091"
},
{
"url": "https://git.kernel.org/stable/c/1f340e1c1c74d11c45a6e32663829b26acd4f47b"
},
{
"url": "https://git.kernel.org/stable/c/a5ce83e85d795ec98697039ecc518b21d5810adc"
},
{
"url": "https://git.kernel.org/stable/c/e55261beb86a15c190b2ff9090cb47bc06765353"
},
{
"url": "https://git.kernel.org/stable/c/8f7c4114db841497e1148598e22548dd1f700b22"
},
{
"url": "https://git.kernel.org/stable/c/8b42057e62120813ebe9274f508fa785b7cab33a"
}
],
"title": "drm/omap: dss: Fix refcount leak bugs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50574",
"datePublished": "2025-10-22T13:23:29.027Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:29.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53699 (GCVE-0-2023-53699)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: move memblock_allow_resize() after linear mapping is ready
The initial memblock metadata is accessed from kernel image mapping. The
regions arrays need to "reallocated" from memblock and accessed through
linear mapping to cover more memblock regions. So the resizing should
not be allowed until linear mapping is ready. Note that there are
memblock allocations when building linear mapping.
This patch is similar to 24cc61d8cb5a ("arm64: memblock: don't permit
memblock resizing until linear mapping is up").
In following log, many memblock regions are reserved before
create_linear_mapping_page_table(). And then it triggered reallocation
of memblock.reserved.regions and memcpy the old array in kernel image
mapping to the new array in linear mapping which caused a page fault.
[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6
[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000
[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae
[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c
[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128
[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]
[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000
[ 0.000000] Oops [#1]
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66
[ 0.000000] Hardware name: riscv-virtio,qemu (DT)
[ 0.000000] epc : __memcpy+0x60/0xf8
[ 0.000000] ra : memblock_double_array+0x192/0x248
[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0
[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000
[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60
[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8
[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000
[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000
[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00
[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000
[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000
[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000
[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000
[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f
[ 0.000000] [<fff
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/mm/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a4284246fca2ef482a8fcf5ad7d2c33a45b41e9c",
"status": "affected",
"version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
"versionType": "git"
},
{
"lessThan": "0a1b80ff4f721c4be98707bfe9d20238df133eb8",
"status": "affected",
"version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
"versionType": "git"
},
{
"lessThan": "ba11f4e59509538810e5c44578fc73984acdf1d7",
"status": "affected",
"version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
"versionType": "git"
},
{
"lessThan": "85fadc0d04119c2fe4a20287767ab904c6d21ba1",
"status": "affected",
"version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/mm/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.121",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:38.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4284246fca2ef482a8fcf5ad7d2c33a45b41e9c"
},
{
"url": "https://git.kernel.org/stable/c/0a1b80ff4f721c4be98707bfe9d20238df133eb8"
},
{
"url": "https://git.kernel.org/stable/c/ba11f4e59509538810e5c44578fc73984acdf1d7"
},
{
"url": "https://git.kernel.org/stable/c/85fadc0d04119c2fe4a20287767ab904c6d21ba1"
}
],
"title": "riscv: move memblock_allow_resize() after linear mapping is ready",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53699",
"datePublished": "2025-10-22T13:23:38.981Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:38.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53732 (GCVE-0-2023-53732)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-30 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix NULL dereference in ni_write_inode
Syzbot reports a NULL dereference in ni_write_inode.
When creating a new inode, if allocation fails in mi_init function
(called in mi_format_new function), mi->mrec is set to NULL.
In the error path of this inode creation, mi->mrec is later
dereferenced in ni_write_inode.
Add a NULL check to prevent NULL dereference.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/frecord.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4b74482529516477cf7b12502538e51827c699f",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "b3152afc0eb864f7c6ecad134a15b577ef7aec77",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "b1135fbaf8ebef93df326761ac70ebcc3c2e3d63",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "8dae4f6341e335a09575be60b4fdf697c732a470",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/frecord.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.113",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.4",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix NULL dereference in ni_write_inode\n\nSyzbot reports a NULL dereference in ni_write_inode.\nWhen creating a new inode, if allocation fails in mi_init function\n(called in mi_format_new function), mi-\u003emrec is set to NULL.\nIn the error path of this inode creation, mi-\u003emrec is later\ndereferenced in ni_write_inode.\n\nAdd a NULL check to prevent NULL dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:33:09.452Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4b74482529516477cf7b12502538e51827c699f"
},
{
"url": "https://git.kernel.org/stable/c/b3152afc0eb864f7c6ecad134a15b577ef7aec77"
},
{
"url": "https://git.kernel.org/stable/c/b1135fbaf8ebef93df326761ac70ebcc3c2e3d63"
},
{
"url": "https://git.kernel.org/stable/c/8dae4f6341e335a09575be60b4fdf697c732a470"
}
],
"title": "fs/ntfs3: Fix NULL dereference in ni_write_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53732",
"datePublished": "2025-10-22T13:23:59.630Z",
"dateReserved": "2025-10-22T13:21:37.350Z",
"dateUpdated": "2025-10-30T19:33:09.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53712 (GCVE-0-2023-53712)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9317/1: kexec: Make smp stop calls asynchronous
If a panic is triggered by a hrtimer interrupt all online cpus will be
notified and set offline. But as highlighted by commit 19dbdcb8039c
("smp: Warn on function calls from softirq context") this call should
not be made synchronous with disabled interrupts:
softdog: Initiating panic
Kernel panic - not syncing: Software Watchdog Timer expired
WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp_call_function_many_cond
unwind_backtrace:
show_stack
dump_stack_lvl
__warn
warn_slowpath_fmt
smp_call_function_many_cond
smp_call_function
crash_smp_send_stop.part.0
machine_crash_shutdown
__crash_kexec
panic
softdog_fire
__hrtimer_run_queues
hrtimer_interrupt
Make the smp call for machine_crash_nonpanic_core() asynchronous.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/kernel/machine_kexec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46870eea5496ff277e86187a49ac5a667cfe60c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee378f45a70d09b51373ba495d30d99ef12219c1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5590ba4560eefbd19a4ed07c7e7c8e4c51ffc628",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8922ba71c969d2a0c01a94372a71477d879470de",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/kernel/machine_kexec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9317/1: kexec: Make smp stop calls asynchronous\n\nIf a panic is triggered by a hrtimer interrupt all online cpus will be\nnotified and set offline. But as highlighted by commit 19dbdcb8039c\n(\"smp: Warn on function calls from softirq context\") this call should\nnot be made synchronous with disabled interrupts:\n\n softdog: Initiating panic\n Kernel panic - not syncing: Software Watchdog Timer expired\n WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp_call_function_many_cond\n unwind_backtrace:\n show_stack\n dump_stack_lvl\n __warn\n warn_slowpath_fmt\n smp_call_function_many_cond\n smp_call_function\n crash_smp_send_stop.part.0\n machine_crash_shutdown\n __crash_kexec\n panic\n softdog_fire\n __hrtimer_run_queues\n hrtimer_interrupt\n\nMake the smp call for machine_crash_nonpanic_core() asynchronous."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:47.100Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46870eea5496ff277e86187a49ac5a667cfe60c4"
},
{
"url": "https://git.kernel.org/stable/c/ee378f45a70d09b51373ba495d30d99ef12219c1"
},
{
"url": "https://git.kernel.org/stable/c/5590ba4560eefbd19a4ed07c7e7c8e4c51ffc628"
},
{
"url": "https://git.kernel.org/stable/c/8922ba71c969d2a0c01a94372a71477d879470de"
}
],
"title": "ARM: 9317/1: kexec: Make smp stop calls asynchronous",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53712",
"datePublished": "2025-10-22T13:23:47.100Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:47.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53714 (GCVE-0-2023-53714)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/stm: ltdc: fix late dereference check
In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a
container_of() before the pointer check. This could cause a kernel panic.
Fix this smatch warning:
drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/stm/ltdc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "340dba127bbed51e8425cd8e097aacfadd175462",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04fe3b82528232aa85a6c45464906d0727ef4f20",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "898a9e3f56db9860ab091d4bf41b6caa99aafc3d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/stm/ltdc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/stm: ltdc: fix late dereference check\n\nIn ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a\ncontainer_of() before the pointer check. This could cause a kernel panic.\n\nFix this smatch warning:\ndrivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check \u0027crtc\u0027 (see line 1119)"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:48.341Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/340dba127bbed51e8425cd8e097aacfadd175462"
},
{
"url": "https://git.kernel.org/stable/c/04fe3b82528232aa85a6c45464906d0727ef4f20"
},
{
"url": "https://git.kernel.org/stable/c/898a9e3f56db9860ab091d4bf41b6caa99aafc3d"
}
],
"title": "drm/stm: ltdc: fix late dereference check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53714",
"datePublished": "2025-10-22T13:23:48.341Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:48.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50578 (GCVE-0-2022-50578)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
class: fix possible memory leak in __class_register()
If class_add_groups() returns error, the 'cp->subsys' need be
unregister, and the 'cp' need be freed.
We can not call kset_unregister() here, because the 'cls' will
be freed in callback function class_release() and it's also
freed in caller's error path, it will cause double free.
So fix this by calling kobject_del() and kfree_const(name) to
cleanup kobject. Besides, call kfree() to free the 'cp'.
Fault injection test can trigger this:
unreferenced object 0xffff888102fa8190 (size 8):
comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
hex dump (first 8 bytes):
70 6b 74 63 64 76 64 00 pktcdvd.
backtrace:
[<00000000e7c7703d>] __kmalloc_track_caller+0x1ae/0x320
[<000000005e4d70bc>] kstrdup+0x3a/0x70
[<00000000c2e5e85a>] kstrdup_const+0x68/0x80
[<000000000049a8c7>] kvasprintf_const+0x10b/0x190
[<0000000029123163>] kobject_set_name_vargs+0x56/0x150
[<00000000747219c9>] kobject_set_name+0xab/0xe0
[<0000000005f1ea4e>] __class_register+0x15c/0x49a
unreferenced object 0xffff888037274000 (size 1024):
comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
hex dump (first 32 bytes):
00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@'7.....@'7....
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
backtrace:
[<00000000151f9600>] kmem_cache_alloc_trace+0x17c/0x2f0
[<00000000ecf3dd95>] __class_register+0x86/0x49a
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 Version: ced6473e7486702f530a49f886b73195e4977734 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4efa5443817c1b6de22d401aeca5b2481e835f8c",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "3bb9c92c27624ad076419a70f2b1a30cd1f8bbbd",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "3e0efc3f3f5e5c73996782f8db69963e501bb878",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "18a7200646958cf8e1b8a933de08122fc50676cd",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "417ef049e3fd3b0d2593c1d5ffa3d0d5d0a018a7",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "e764ad5918a099ebeb909ccff83893a714e497e1",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "abaedb68a769e6bf36836b55a2f49b531c5f3f7b",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
},
{
"lessThan": "8c3e8a6bdb5253b97ad532570f8b5db5f7a06407",
"status": "affected",
"version": "ced6473e7486702f530a49f886b73195e4977734",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix possible memory leak in __class_register()\n\nIf class_add_groups() returns error, the \u0027cp-\u003esubsys\u0027 need be\nunregister, and the \u0027cp\u0027 need be freed.\n\nWe can not call kset_unregister() here, because the \u0027cls\u0027 will\nbe freed in callback function class_release() and it\u0027s also\nfreed in caller\u0027s error path, it will cause double free.\n\nSo fix this by calling kobject_del() and kfree_const(name) to\ncleanup kobject. Besides, call kfree() to free the \u0027cp\u0027.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff888102fa8190 (size 8):\n comm \"modprobe\", pid 502, jiffies 4294906074 (age 49.296s)\n hex dump (first 8 bytes):\n 70 6b 74 63 64 76 64 00 pktcdvd.\n backtrace:\n [\u003c00000000e7c7703d\u003e] __kmalloc_track_caller+0x1ae/0x320\n [\u003c000000005e4d70bc\u003e] kstrdup+0x3a/0x70\n [\u003c00000000c2e5e85a\u003e] kstrdup_const+0x68/0x80\n [\u003c000000000049a8c7\u003e] kvasprintf_const+0x10b/0x190\n [\u003c0000000029123163\u003e] kobject_set_name_vargs+0x56/0x150\n [\u003c00000000747219c9\u003e] kobject_set_name+0xab/0xe0\n [\u003c0000000005f1ea4e\u003e] __class_register+0x15c/0x49a\n\nunreferenced object 0xffff888037274000 (size 1024):\n comm \"modprobe\", pid 502, jiffies 4294906074 (age 49.296s)\n hex dump (first 32 bytes):\n 00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@\u00277.....@\u00277....\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n backtrace:\n [\u003c00000000151f9600\u003e] kmem_cache_alloc_trace+0x17c/0x2f0\n [\u003c00000000ecf3dd95\u003e] __class_register+0x86/0x49a"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:31.565Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4efa5443817c1b6de22d401aeca5b2481e835f8c"
},
{
"url": "https://git.kernel.org/stable/c/3bb9c92c27624ad076419a70f2b1a30cd1f8bbbd"
},
{
"url": "https://git.kernel.org/stable/c/3e0efc3f3f5e5c73996782f8db69963e501bb878"
},
{
"url": "https://git.kernel.org/stable/c/18a7200646958cf8e1b8a933de08122fc50676cd"
},
{
"url": "https://git.kernel.org/stable/c/417ef049e3fd3b0d2593c1d5ffa3d0d5d0a018a7"
},
{
"url": "https://git.kernel.org/stable/c/e764ad5918a099ebeb909ccff83893a714e497e1"
},
{
"url": "https://git.kernel.org/stable/c/abaedb68a769e6bf36836b55a2f49b531c5f3f7b"
},
{
"url": "https://git.kernel.org/stable/c/8c3e8a6bdb5253b97ad532570f8b5db5f7a06407"
}
],
"title": "class: fix possible memory leak in __class_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50578",
"datePublished": "2025-10-22T13:23:31.565Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50564 (GCVE-0-2022-50564)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/netiucv: Fix return type of netiucv_tx()
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = netiucv_tx,
^~~~~~~~~~
->ndo_start_xmit() in 'struct net_device_ops' expects a return type of
'netdev_tx_t', not 'int'. Adjust the return type of netiucv_tx() to
match the prototype's to resolve the warning and potential CFI failure,
should s390 select ARCH_SUPPORTS_CFI_CLANG in the future.
Additionally, while in the area, remove a comment block that is no
longer relevant.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/netiucv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f13d870fce90f01cf930bfaffecc8185ae0be21c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eccc88c0efe407e579291792ad07a7dedc0f63f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85d392710275355425df8618ccbebbc336f5acc5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4bee3c75d5bf7c2b5dc0b520410eb40449e5da31",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ac0217ca9186c2f9af9a0113a331a42aa847894",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dfbf0122ea1b9b3e73fa22c8ff6bd888935c54fc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e7a849f740e3576e79cba403697e916f4c3a6f12",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d034fa43af92fc46a81d882f46d9cc3e4ffdbbcc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88d86d18d7cf7e9137c95f9d212bb9fff8a1b4be",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/netiucv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/netiucv: Fix return type of netiucv_tx()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = netiucv_tx,\n ^~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of netiucv_tx() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future.\n\nAdditionally, while in the area, remove a comment block that is no\nlonger relevant."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:22.703Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f13d870fce90f01cf930bfaffecc8185ae0be21c"
},
{
"url": "https://git.kernel.org/stable/c/eccc88c0efe407e579291792ad07a7dedc0f63f0"
},
{
"url": "https://git.kernel.org/stable/c/85d392710275355425df8618ccbebbc336f5acc5"
},
{
"url": "https://git.kernel.org/stable/c/4bee3c75d5bf7c2b5dc0b520410eb40449e5da31"
},
{
"url": "https://git.kernel.org/stable/c/3ac0217ca9186c2f9af9a0113a331a42aa847894"
},
{
"url": "https://git.kernel.org/stable/c/dfbf0122ea1b9b3e73fa22c8ff6bd888935c54fc"
},
{
"url": "https://git.kernel.org/stable/c/e7a849f740e3576e79cba403697e916f4c3a6f12"
},
{
"url": "https://git.kernel.org/stable/c/d034fa43af92fc46a81d882f46d9cc3e4ffdbbcc"
},
{
"url": "https://git.kernel.org/stable/c/88d86d18d7cf7e9137c95f9d212bb9fff8a1b4be"
}
],
"title": "s390/netiucv: Fix return type of netiucv_tx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50564",
"datePublished": "2025-10-22T13:23:22.703Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:22.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50579 (GCVE-0-2022-50579)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: ftrace: fix module PLTs with mcount
Li Huafei reports that mcount-based ftrace with module PLTs was broken
by commit:
a6253579977e4c6f ("arm64: ftrace: consistently handle PLTs.")
When a module PLTs are used and a module is loaded sufficiently far away
from the kernel, we'll create PLTs for any branches which are
out-of-range. These are separate from the special ftrace trampoline
PLTs, which the module PLT code doesn't directly manipulate.
When mcount is in use this is a problem, as each mcount callsite in a
module will be initialized to point to a module PLT, but since commit
a6253579977e4c6f ftrace_make_nop() will assume that the callsite has
been initialized to point to the special ftrace trampoline PLT, and
ftrace_find_callable_addr() rejects other cases.
This means that when ftrace tries to initialize a callsite via
ftrace_make_nop(), the call to ftrace_find_callable_addr() will find
that the `_mcount` stub is out-of-range and is not handled by the ftrace
PLT, resulting in a splat:
| ftrace_test: loading out-of-tree module taints kernel.
| ftrace: no module PLT for _mcount
| ------------[ ftrace bug ]------------
| ftrace failed to modify
| [<ffff800029180014>] 0xffff800029180014
| actual: 44:00:00:94
| Initializing ftrace call sites
| ftrace record flags: 2000000
| (0)
| expected tramp: ffff80000802eb3c
| ------------[ cut here ]------------
| WARNING: CPU: 3 PID: 157 at kernel/trace/ftrace.c:2120 ftrace_bug+0x94/0x270
| Modules linked in:
| CPU: 3 PID: 157 Comm: insmod Tainted: G O 6.0.0-rc6-00151-gcd722513a189-dirty #22
| Hardware name: linux,dummy-virt (DT)
| pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : ftrace_bug+0x94/0x270
| lr : ftrace_bug+0x21c/0x270
| sp : ffff80000b2bbaf0
| x29: ffff80000b2bbaf0 x28: 0000000000000000 x27: ffff0000c4d38000
| x26: 0000000000000001 x25: ffff800009d7e000 x24: ffff0000c4d86e00
| x23: 0000000002000000 x22: ffff80000a62b000 x21: ffff8000098ebea8
| x20: ffff0000c4d38000 x19: ffff80000aa24158 x18: ffffffffffffffff
| x17: 0000000000000000 x16: 0a0d2d2d2d2d2d2d x15: ffff800009aa9118
| x14: 0000000000000000 x13: 6333626532303830 x12: 3030303866666666
| x11: 203a706d61727420 x10: 6465746365707865 x9 : 3362653230383030
| x8 : c0000000ffffefff x7 : 0000000000017fe8 x6 : 000000000000bff4
| x5 : 0000000000057fa8 x4 : 0000000000000000 x3 : 0000000000000001
| x2 : ad2cb14bb5438900 x1 : 0000000000000000 x0 : 0000000000000022
| Call trace:
| ftrace_bug+0x94/0x270
| ftrace_process_locs+0x308/0x430
| ftrace_module_init+0x44/0x60
| load_module+0x15b4/0x1ce8
| __do_sys_init_module+0x1ec/0x238
| __arm64_sys_init_module+0x24/0x30
| invoke_syscall+0x54/0x118
| el0_svc_common.constprop.4+0x84/0x100
| do_el0_svc+0x3c/0xd0
| el0_svc+0x1c/0x50
| el0t_64_sync_handler+0x90/0xb8
| el0t_64_sync+0x15c/0x160
| ---[ end trace 0000000000000000 ]---
| ---------test_init-----------
Fix this by reverting to the old behaviour of ignoring the old
instruction when initialising an mcount callsite in a module, which was
the behaviour prior to commit a6253579977e4c6f.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bc28fde90937a920f7714ec4408269cac744f796 Version: db73aa9466338ec821ed2a0b01721fe4d06876b1 Version: a6253579977e4c6f7818eeb05bf2bc65678a7187 Version: a6253579977e4c6f7818eeb05bf2bc65678a7187 Version: a6253579977e4c6f7818eeb05bf2bc65678a7187 Version: dcecc96ed16f73417de5550f384e348c9d56f279 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "657de36c72f57fa172a66b06f826b3f5bc56f42e",
"status": "affected",
"version": "bc28fde90937a920f7714ec4408269cac744f796",
"versionType": "git"
},
{
"lessThan": "6c93b683cedaef745884cb9d554d02ed6266b897",
"status": "affected",
"version": "db73aa9466338ec821ed2a0b01721fe4d06876b1",
"versionType": "git"
},
{
"lessThan": "0f77b6b2ba70d7c9d69ef39694e283ded9f8b5f2",
"status": "affected",
"version": "a6253579977e4c6f7818eeb05bf2bc65678a7187",
"versionType": "git"
},
{
"lessThan": "985432303cf7d4804fb2c2fdfbf0466a796d68c3",
"status": "affected",
"version": "a6253579977e4c6f7818eeb05bf2bc65678a7187",
"versionType": "git"
},
{
"lessThan": "8cfb08575c6d4585f1ce0deeb189e5c824776b04",
"status": "affected",
"version": "a6253579977e4c6f7818eeb05bf2bc65678a7187",
"versionType": "git"
},
{
"status": "affected",
"version": "dcecc96ed16f73417de5550f384e348c9d56f279",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"versionStartIncluding": "5.10.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"versionStartIncluding": "5.15.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ftrace: fix module PLTs with mcount\n\nLi Huafei reports that mcount-based ftrace with module PLTs was broken\nby commit:\n\n a6253579977e4c6f (\"arm64: ftrace: consistently handle PLTs.\")\n\nWhen a module PLTs are used and a module is loaded sufficiently far away\nfrom the kernel, we\u0027ll create PLTs for any branches which are\nout-of-range. These are separate from the special ftrace trampoline\nPLTs, which the module PLT code doesn\u0027t directly manipulate.\n\nWhen mcount is in use this is a problem, as each mcount callsite in a\nmodule will be initialized to point to a module PLT, but since commit\na6253579977e4c6f ftrace_make_nop() will assume that the callsite has\nbeen initialized to point to the special ftrace trampoline PLT, and\nftrace_find_callable_addr() rejects other cases.\n\nThis means that when ftrace tries to initialize a callsite via\nftrace_make_nop(), the call to ftrace_find_callable_addr() will find\nthat the `_mcount` stub is out-of-range and is not handled by the ftrace\nPLT, resulting in a splat:\n\n| ftrace_test: loading out-of-tree module taints kernel.\n| ftrace: no module PLT for _mcount\n| ------------[ ftrace bug ]------------\n| ftrace failed to modify\n| [\u003cffff800029180014\u003e] 0xffff800029180014\n| actual: 44:00:00:94\n| Initializing ftrace call sites\n| ftrace record flags: 2000000\n| (0)\n| expected tramp: ffff80000802eb3c\n| ------------[ cut here ]------------\n| WARNING: CPU: 3 PID: 157 at kernel/trace/ftrace.c:2120 ftrace_bug+0x94/0x270\n| Modules linked in:\n| CPU: 3 PID: 157 Comm: insmod Tainted: G O 6.0.0-rc6-00151-gcd722513a189-dirty #22\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : ftrace_bug+0x94/0x270\n| lr : ftrace_bug+0x21c/0x270\n| sp : ffff80000b2bbaf0\n| x29: ffff80000b2bbaf0 x28: 0000000000000000 x27: ffff0000c4d38000\n| x26: 0000000000000001 x25: ffff800009d7e000 x24: ffff0000c4d86e00\n| x23: 0000000002000000 x22: ffff80000a62b000 x21: ffff8000098ebea8\n| x20: ffff0000c4d38000 x19: ffff80000aa24158 x18: ffffffffffffffff\n| x17: 0000000000000000 x16: 0a0d2d2d2d2d2d2d x15: ffff800009aa9118\n| x14: 0000000000000000 x13: 6333626532303830 x12: 3030303866666666\n| x11: 203a706d61727420 x10: 6465746365707865 x9 : 3362653230383030\n| x8 : c0000000ffffefff x7 : 0000000000017fe8 x6 : 000000000000bff4\n| x5 : 0000000000057fa8 x4 : 0000000000000000 x3 : 0000000000000001\n| x2 : ad2cb14bb5438900 x1 : 0000000000000000 x0 : 0000000000000022\n| Call trace:\n| ftrace_bug+0x94/0x270\n| ftrace_process_locs+0x308/0x430\n| ftrace_module_init+0x44/0x60\n| load_module+0x15b4/0x1ce8\n| __do_sys_init_module+0x1ec/0x238\n| __arm64_sys_init_module+0x24/0x30\n| invoke_syscall+0x54/0x118\n| el0_svc_common.constprop.4+0x84/0x100\n| do_el0_svc+0x3c/0xd0\n| el0_svc+0x1c/0x50\n| el0t_64_sync_handler+0x90/0xb8\n| el0t_64_sync+0x15c/0x160\n| ---[ end trace 0000000000000000 ]---\n| ---------test_init-----------\n\nFix this by reverting to the old behaviour of ignoring the old\ninstruction when initialising an mcount callsite in a module, which was\nthe behaviour prior to commit a6253579977e4c6f."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:32.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/657de36c72f57fa172a66b06f826b3f5bc56f42e"
},
{
"url": "https://git.kernel.org/stable/c/6c93b683cedaef745884cb9d554d02ed6266b897"
},
{
"url": "https://git.kernel.org/stable/c/0f77b6b2ba70d7c9d69ef39694e283ded9f8b5f2"
},
{
"url": "https://git.kernel.org/stable/c/985432303cf7d4804fb2c2fdfbf0466a796d68c3"
},
{
"url": "https://git.kernel.org/stable/c/8cfb08575c6d4585f1ce0deeb189e5c824776b04"
}
],
"title": "arm64: ftrace: fix module PLTs with mcount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50579",
"datePublished": "2025-10-22T13:23:32.242Z",
"dateReserved": "2025-10-22T13:20:23.762Z",
"dateUpdated": "2025-10-22T13:23:32.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53705 (GCVE-0-2023-53705)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
optlen is fetched without checking whether there is more than one byte to parse.
It can lead to out-of-bounds access.
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f Version: c61a404325093250b676f40ad8f4dd00f3bcab5f |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/exthdrs_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "59e656d0d4a84ea0ee9a39c6f69160a3effccc94",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "04bf69e3de435d793a203aacc4b774f8f9f2baeb",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "011f47c8b8389154f996f5f69da8efc3a3beefef",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "e5f82688ae10f5f386952e65e941bb8868ee54dc",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "9b92e2d0eb696d7586ba832c8854653b59887da0",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "91dd8aab9c9f193210681b86b6b92840ffe74f0c",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "ae68c0f7edbc9a294094ce03a0aaf45aa489ce40",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
},
{
"lessThan": "878ecb0897f4737a4c9401f3523fd49589025671",
"status": "affected",
"version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/exthdrs_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.19"
},
{
"lessThan": "2.6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.244",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.316",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.284",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.244",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.181",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.114",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.31",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "2.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix out-of-bounds access in ipv6_find_tlv()\n\noptlen is fetched without checking whether there is more than one byte to parse.\nIt can lead to out-of-bounds access.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:42.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/59e656d0d4a84ea0ee9a39c6f69160a3effccc94"
},
{
"url": "https://git.kernel.org/stable/c/04bf69e3de435d793a203aacc4b774f8f9f2baeb"
},
{
"url": "https://git.kernel.org/stable/c/011f47c8b8389154f996f5f69da8efc3a3beefef"
},
{
"url": "https://git.kernel.org/stable/c/e5f82688ae10f5f386952e65e941bb8868ee54dc"
},
{
"url": "https://git.kernel.org/stable/c/9b92e2d0eb696d7586ba832c8854653b59887da0"
},
{
"url": "https://git.kernel.org/stable/c/91dd8aab9c9f193210681b86b6b92840ffe74f0c"
},
{
"url": "https://git.kernel.org/stable/c/ae68c0f7edbc9a294094ce03a0aaf45aa489ce40"
},
{
"url": "https://git.kernel.org/stable/c/878ecb0897f4737a4c9401f3523fd49589025671"
}
],
"title": "ipv6: Fix out-of-bounds access in ipv6_find_tlv()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53705",
"datePublished": "2025-10-22T13:23:42.641Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:42.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50569 (GCVE-0-2022-50569)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Update ipcomp_scratches with NULL when freed
Currently if ipcomp_alloc_scratches() fails to allocate memory
ipcomp_scratches holds obsolete address. So when we try to free the
percpu scratches using ipcomp_free_scratches() it tries to vfree non
existent vm area. Described below:
static void * __percpu *ipcomp_alloc_scratches(void)
{
...
scratches = alloc_percpu(void *);
if (!scratches)
return NULL;
ipcomp_scratches does not know about this allocation failure.
Therefore holding the old obsolete address.
...
}
So when we free,
static void ipcomp_free_scratches(void)
{
...
scratches = ipcomp_scratches;
Assigning obsolete address from ipcomp_scratches
if (!scratches)
return;
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
Trying to free non existent page, causing warning: trying to vfree
existent vm area.
...
}
Fix this breakage by updating ipcomp_scrtches with NULL when scratches
is freed
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/xfrm/xfrm_ipcomp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "debca61df6bc2f65e020656c9c5b878d6b38d30f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a39f456d62810c0efb43cead22f98d95b53e4b1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1e8abde895b3ac6a368cbdb372e8800c49e73a28",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18373ed500f7cd53e24d9b0bd0f1c09d78dba87e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "be81c44242b20fc3bdcc73480ef8aaee56f5d0b6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "03155680191ef0f004b1d6a5714c5b8cd271ab61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f3bdba4440d82e0da2b1bfc35d3836c8a8e00677",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2c19945ce8095d065df550e7fe350cd5cc40c6e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a04d2fc700f717104bfb95b0f6694e448a4537f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/xfrm/xfrm_ipcomp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.220",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Update ipcomp_scratches with NULL when freed\n\nCurrently if ipcomp_alloc_scratches() fails to allocate memory\nipcomp_scratches holds obsolete address. So when we try to free the\npercpu scratches using ipcomp_free_scratches() it tries to vfree non\nexistent vm area. Described below:\n\nstatic void * __percpu *ipcomp_alloc_scratches(void)\n{\n ...\n scratches = alloc_percpu(void *);\n if (!scratches)\n return NULL;\nipcomp_scratches does not know about this allocation failure.\nTherefore holding the old obsolete address.\n ...\n}\n\nSo when we free,\n\nstatic void ipcomp_free_scratches(void)\n{\n ...\n scratches = ipcomp_scratches;\nAssigning obsolete address from ipcomp_scratches\n\n if (!scratches)\n return;\n\n for_each_possible_cpu(i)\n vfree(*per_cpu_ptr(scratches, i));\nTrying to free non existent page, causing warning: trying to vfree\nexistent vm area.\n ...\n}\n\nFix this breakage by updating ipcomp_scrtches with NULL when scratches\nis freed"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:25.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f"
},
{
"url": "https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a"
},
{
"url": "https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28"
},
{
"url": "https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e"
},
{
"url": "https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6"
},
{
"url": "https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61"
},
{
"url": "https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677"
},
{
"url": "https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6"
},
{
"url": "https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f"
}
],
"title": "xfrm: Update ipcomp_scratches with NULL when freed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50569",
"datePublished": "2025-10-22T13:23:25.810Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:25.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50557 (GCVE-0-2022-50557)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions()
The thunderbay_add_functions() will free memory of thunderbay_funcs
when everything is ok, but thunderbay_funcs will not be freed when
thunderbay_add_functions() fails, then there will be a memory leak,
so we need to add kfree() when thunderbay_add_functions() fails to
fix it.
In addition, doing some cleaner works, moving kfree(funcs) from
thunderbay_add_functions() to thunderbay_build_functions().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/pinctrl-thunderbay.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3650943bab29d03ef147290451237713ed1942cd",
"status": "affected",
"version": "12422af8194df85243d68b11f8783de9d01e58dc",
"versionType": "git"
},
{
"lessThan": "aae4846e8e49044cb51d0276bec2a3fc2d5cd8da",
"status": "affected",
"version": "12422af8194df85243d68b11f8783de9d01e58dc",
"versionType": "git"
},
{
"lessThan": "83e1bcaf8cef26edaaf2a6098ef760f563683483",
"status": "affected",
"version": "12422af8194df85243d68b11f8783de9d01e58dc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/pinctrl-thunderbay.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions()\n\nThe thunderbay_add_functions() will free memory of thunderbay_funcs\nwhen everything is ok, but thunderbay_funcs will not be freed when\nthunderbay_add_functions() fails, then there will be a memory leak,\nso we need to add kfree() when thunderbay_add_functions() fails to\nfix it.\n\nIn addition, doing some cleaner works, moving kfree(funcs) from\nthunderbay_add_functions() to thunderbay_build_functions()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:18.131Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3650943bab29d03ef147290451237713ed1942cd"
},
{
"url": "https://git.kernel.org/stable/c/aae4846e8e49044cb51d0276bec2a3fc2d5cd8da"
},
{
"url": "https://git.kernel.org/stable/c/83e1bcaf8cef26edaaf2a6098ef760f563683483"
}
],
"title": "pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50557",
"datePublished": "2025-10-22T13:23:18.131Z",
"dateReserved": "2025-10-22T13:20:23.758Z",
"dateUpdated": "2025-10-22T13:23:18.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53709 (GCVE-0-2023-53709)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Handle race between rb_move_tail and rb_check_pages
It seems a data race between ring_buffer writing and integrity check.
That is, RB_FLAG of head_page is been updating, while at same time
RB_FLAG was cleared when doing integrity check rb_check_pages():
rb_check_pages() rb_handle_head_page():
-------- --------
rb_head_page_deactivate()
rb_head_page_set_normal()
rb_head_page_activate()
We do intergrity test of the list to check if the list is corrupted and
it is still worth doing it. So, let's refactor rb_check_pages() such that
we no longer clear and set flag during the list sanity checking.
[1] and [2] are the test to reproduce and the crash report respectively.
1:
``` read_trace.sh
while true;
do
# the "trace" file is closed after read
head -1 /sys/kernel/tracing/trace > /dev/null
done
```
``` repro.sh
sysctl -w kernel.panic_on_warn=1
# function tracer will writing enough data into ring_buffer
echo function > /sys/kernel/tracing/current_tracer
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
./read_trace.sh &
```
2:
------------[ cut here ]------------
WARNING: CPU: 9 PID: 62 at kernel/trace/ring_buffer.c:2653
rb_move_tail+0x450/0x470
Modules linked in:
CPU: 9 PID: 62 Comm: ksoftirqd/9 Tainted: G W 6.2.0-rc6+
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:rb_move_tail+0x450/0x470
Code: ff ff 4c 89 c8 f0 4d 0f b1 02 48 89 c2 48 83 e2 fc 49 39 d0 75 24
83 e0 03 83 f8 02 0f 84 e1 fb ff ff 48 8b 57 10 f0 ff 42 08 <0f> 0b 83
f8 02 0f 84 ce fb ff ff e9 db
RSP: 0018:ffffb5564089bd00 EFLAGS: 00000203
RAX: 0000000000000000 RBX: ffff9db385a2bf81 RCX: ffffb5564089bd18
RDX: ffff9db281110100 RSI: 0000000000000fe4 RDI: ffff9db380145400
RBP: ffff9db385a2bf80 R08: ffff9db385a2bfc0 R09: ffff9db385a2bfc2
R10: ffff9db385a6c000 R11: ffff9db385a2bf80 R12: 0000000000000000
R13: 00000000000003e8 R14: ffff9db281110100 R15: ffffffffbb006108
FS: 0000000000000000(0000) GS:ffff9db3bdcc0000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005602323024c8 CR3: 0000000022e0c000 CR4: 00000000000006e0
Call Trace:
<TASK>
ring_buffer_lock_reserve+0x136/0x360
? __do_softirq+0x287/0x2df
? __pfx_rcu_softirq_qs+0x10/0x10
trace_function+0x21/0x110
? __pfx_rcu_softirq_qs+0x10/0x10
? __do_softirq+0x287/0x2df
function_trace_call+0xf6/0x120
0xffffffffc038f097
? rcu_softirq_qs+0x5/0x140
rcu_softirq_qs+0x5/0x140
__do_softirq+0x287/0x2df
run_ksoftirqd+0x2a/0x30
smpboot_thread_fn+0x188/0x220
? __pfx_smpboot_thread_fn+0x10/0x10
kthread+0xe7/0x110
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
</TASK>
---[ end trace 0000000000000000 ]---
[ crash report and test reproducer credit goes to Zheng Yejian]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e02a43acd0691791df79ce538f2dd497a6c9b76",
"status": "affected",
"version": "1039221cc2787dee51a7ffbf9b0e79d192dadf76",
"versionType": "git"
},
{
"lessThan": "d41db100bc386b9433a3fc87026f5e8b453653e3",
"status": "affected",
"version": "1039221cc2787dee51a7ffbf9b0e79d192dadf76",
"versionType": "git"
},
{
"lessThan": "9674390ac540ed06768e3fbc2dba553929fbd736",
"status": "affected",
"version": "1039221cc2787dee51a7ffbf9b0e79d192dadf76",
"versionType": "git"
},
{
"lessThan": "09b1bf25f7f7a8f2bf8cd4278bba9c3172db8013",
"status": "affected",
"version": "1039221cc2787dee51a7ffbf9b0e79d192dadf76",
"versionType": "git"
},
{
"lessThan": "8843e06f67b14f71c044bf6267b2387784c7e198",
"status": "affected",
"version": "1039221cc2787dee51a7ffbf9b0e79d192dadf76",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Handle race between rb_move_tail and rb_check_pages\n\nIt seems a data race between ring_buffer writing and integrity check.\nThat is, RB_FLAG of head_page is been updating, while at same time\nRB_FLAG was cleared when doing integrity check rb_check_pages():\n\n rb_check_pages() rb_handle_head_page():\n -------- --------\n rb_head_page_deactivate()\n rb_head_page_set_normal()\n rb_head_page_activate()\n\nWe do intergrity test of the list to check if the list is corrupted and\nit is still worth doing it. So, let\u0027s refactor rb_check_pages() such that\nwe no longer clear and set flag during the list sanity checking.\n\n[1] and [2] are the test to reproduce and the crash report respectively.\n\n1:\n``` read_trace.sh\n while true;\n do\n # the \"trace\" file is closed after read\n head -1 /sys/kernel/tracing/trace \u003e /dev/null\n done\n```\n``` repro.sh\n sysctl -w kernel.panic_on_warn=1\n # function tracer will writing enough data into ring_buffer\n echo function \u003e /sys/kernel/tracing/current_tracer\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n ./read_trace.sh \u0026\n```\n\n2:\n------------[ cut here ]------------\nWARNING: CPU: 9 PID: 62 at kernel/trace/ring_buffer.c:2653\nrb_move_tail+0x450/0x470\nModules linked in:\nCPU: 9 PID: 62 Comm: ksoftirqd/9 Tainted: G W 6.2.0-rc6+\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:rb_move_tail+0x450/0x470\nCode: ff ff 4c 89 c8 f0 4d 0f b1 02 48 89 c2 48 83 e2 fc 49 39 d0 75 24\n83 e0 03 83 f8 02 0f 84 e1 fb ff ff 48 8b 57 10 f0 ff 42 08 \u003c0f\u003e 0b 83\nf8 02 0f 84 ce fb ff ff e9 db\nRSP: 0018:ffffb5564089bd00 EFLAGS: 00000203\nRAX: 0000000000000000 RBX: ffff9db385a2bf81 RCX: ffffb5564089bd18\nRDX: ffff9db281110100 RSI: 0000000000000fe4 RDI: ffff9db380145400\nRBP: ffff9db385a2bf80 R08: ffff9db385a2bfc0 R09: ffff9db385a2bfc2\nR10: ffff9db385a6c000 R11: ffff9db385a2bf80 R12: 0000000000000000\nR13: 00000000000003e8 R14: ffff9db281110100 R15: ffffffffbb006108\nFS: 0000000000000000(0000) GS:ffff9db3bdcc0000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005602323024c8 CR3: 0000000022e0c000 CR4: 00000000000006e0\nCall Trace:\n \u003cTASK\u003e\n ring_buffer_lock_reserve+0x136/0x360\n ? __do_softirq+0x287/0x2df\n ? __pfx_rcu_softirq_qs+0x10/0x10\n trace_function+0x21/0x110\n ? __pfx_rcu_softirq_qs+0x10/0x10\n ? __do_softirq+0x287/0x2df\n function_trace_call+0xf6/0x120\n 0xffffffffc038f097\n ? rcu_softirq_qs+0x5/0x140\n rcu_softirq_qs+0x5/0x140\n __do_softirq+0x287/0x2df\n run_ksoftirqd+0x2a/0x30\n smpboot_thread_fn+0x188/0x220\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0xe7/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\n[ crash report and test reproducer credit goes to Zheng Yejian]"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:45.155Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e02a43acd0691791df79ce538f2dd497a6c9b76"
},
{
"url": "https://git.kernel.org/stable/c/d41db100bc386b9433a3fc87026f5e8b453653e3"
},
{
"url": "https://git.kernel.org/stable/c/9674390ac540ed06768e3fbc2dba553929fbd736"
},
{
"url": "https://git.kernel.org/stable/c/09b1bf25f7f7a8f2bf8cd4278bba9c3172db8013"
},
{
"url": "https://git.kernel.org/stable/c/8843e06f67b14f71c044bf6267b2387784c7e198"
}
],
"title": "ring-buffer: Handle race between rb_move_tail and rb_check_pages",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53709",
"datePublished": "2025-10-22T13:23:45.155Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:45.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53706 (GCVE-0-2023-53706)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/vmemmap/devdax: fix kernel crash when probing devdax devices
commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for
compound devmaps") added support for using optimized vmmemap for devdax
devices. But how vmemmap mappings are created are architecture specific.
For example, powerpc with hash translation doesn't have vmemmap mappings
in init_mm page table instead they are bolted table entries in the
hardware page table
vmemmap_populate_compound_pages() used by vmemmap optimization code is not
aware of these architecture-specific mapping. Hence allow architecture to
opt for this feature. I selected architectures supporting
HUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature.
This patch fixes the below crash on ppc64.
BUG: Unable to handle kernel data access on write at 0xc00c000100400038
Faulting instruction address: 0xc000000001269d90
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a
Hardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries
NIP: c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000
REGS: c000000003632c30 TRAP: 0300 Not tainted (6.3.0-rc5-150500.34-default+)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24842228 XER: 00000000
CFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0
....
NIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c
LR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0
Call Trace:
[c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable)
[c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250
[c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0
[c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0
[c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0
[c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140
[c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520
[c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230
[c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120
[c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0
[c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130
[c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250
[c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110
[c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10
[c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530
[c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270
[c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70
[c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0
[c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520
[c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230
[c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120
[c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240
[c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130
[c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50
[c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300
[c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0
[c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100
[c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48
[c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320
[c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400
[c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0
[c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/mm.h",
"mm/mm_init.c",
"mm/sparse-vmemmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f4603588acf5807aa1f1b4b1ea2b0365acd71f0",
"status": "affected",
"version": "4917f55b4ef963e2d2288fe4eb651728be8db406",
"versionType": "git"
},
{
"lessThan": "87a7ae75d7383afa998f57656d1d14e2a730cc47",
"status": "affected",
"version": "4917f55b4ef963e2d2288fe4eb651728be8db406",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/mm.h",
"mm/mm_init.c",
"mm/sparse-vmemmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.5",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmemmap/devdax: fix kernel crash when probing devdax devices\n\ncommit 4917f55b4ef9 (\"mm/sparse-vmemmap: improve memory savings for\ncompound devmaps\") added support for using optimized vmmemap for devdax\ndevices. But how vmemmap mappings are created are architecture specific. \nFor example, powerpc with hash translation doesn\u0027t have vmemmap mappings\nin init_mm page table instead they are bolted table entries in the\nhardware page table\n\nvmemmap_populate_compound_pages() used by vmemmap optimization code is not\naware of these architecture-specific mapping. Hence allow architecture to\nopt for this feature. I selected architectures supporting\nHUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature.\n\nThis patch fixes the below crash on ppc64.\n\nBUG: Unable to handle kernel data access on write at 0xc00c000100400038\nFaulting instruction address: 0xc000000001269d90\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in:\nCPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a\nHardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries\nNIP: c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000\nREGS: c000000003632c30 TRAP: 0300 Not tainted (6.3.0-rc5-150500.34-default+)\nMSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 24842228 XER: 00000000\nCFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0\n....\nNIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c\nLR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0\nCall Trace:\n[c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable)\n[c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250\n[c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0\n[c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0\n[c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0\n[c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140\n[c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520\n[c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120\n[c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0\n[c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130\n[c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250\n[c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110\n[c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10\n[c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530\n[c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270\n[c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70\n[c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0\n[c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520\n[c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120\n[c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240\n[c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130\n[c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50\n[c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300\n[c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0\n[c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100\n[c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48\n[c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320\n[c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400\n[c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0\n[c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:43.228Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f4603588acf5807aa1f1b4b1ea2b0365acd71f0"
},
{
"url": "https://git.kernel.org/stable/c/87a7ae75d7383afa998f57656d1d14e2a730cc47"
}
],
"title": "mm/vmemmap/devdax: fix kernel crash when probing devdax devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53706",
"datePublished": "2025-10-22T13:23:43.228Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:43.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53700 (GCVE-0-2023-53700)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: max9286: Fix memleak in max9286_v4l2_register()
There is a kmemleak when testing the media/i2c/max9286.c with bpf mock
device:
kmemleak: 5 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
unreferenced object 0xffff88810defc400 (size 256):
comm "python3", pid 278, jiffies 4294737563 (age 31.978s)
hex dump (first 32 bytes):
28 06 a7 0a 81 88 ff ff 00 fe 22 12 81 88 ff ff (.........".....
10 c4 ef 0d 81 88 ff ff 10 c4 ef 0d 81 88 ff ff ................
backtrace:
[<00000000191de6a7>] __kmalloc_node+0x44/0x1b0
[<000000002f4912b7>] kvmalloc_node+0x34/0x180
[<0000000057dc4cae>] v4l2_ctrl_new+0x325/0x10f0 [videodev]
[<0000000026030272>] v4l2_ctrl_new_std+0x16f/0x210 [videodev]
[<00000000f0d9ea2f>] max9286_probe+0x76e/0xbff [max9286]
[<00000000ea8f6455>] i2c_device_probe+0x28d/0x680
[<0000000087529af3>] really_probe+0x17c/0x3f0
[<00000000b08be526>] __driver_probe_device+0xe3/0x170
[<000000004382edea>] driver_probe_device+0x49/0x120
[<000000007bde528a>] __device_attach_driver+0xf7/0x150
[<000000009f9c6ab4>] bus_for_each_drv+0x114/0x180
[<00000000c8aaf588>] __device_attach+0x1e5/0x2d0
[<0000000041cc06b9>] bus_probe_device+0x126/0x140
[<000000002309860d>] device_add+0x810/0x1130
[<000000002827bf98>] i2c_new_client_device+0x359/0x4f0
[<00000000593bdc85>] of_i2c_register_device+0xf1/0x110
max9286_v4l2_register() calls v4l2_ctrl_new_std(), but won't free the
created v412_ctrl when fwnode_graph_get_endpoint_by_id() failed, which
causes the memleak. Call v4l2_ctrl_handler_free() to free the v412_ctrl.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/max9286.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "505ff3a0c5951684c3a43094ca4c1a74683d5681",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "5897fe3ebe8252993579e1bee715ebfe5504e052",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "724039e013b34f46344abdbf8c74e6a65a828327",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "5e31213fa017c20ccc989033a5f4a626473aa2ca",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "8636c5fc7658c7c6299fb8b352d24ea4b9ba99e2",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/max9286.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: max9286: Fix memleak in max9286_v4l2_register()\n\nThere is a kmemleak when testing the media/i2c/max9286.c with bpf mock\ndevice:\n\nkmemleak: 5 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n\nunreferenced object 0xffff88810defc400 (size 256):\n comm \"python3\", pid 278, jiffies 4294737563 (age 31.978s)\n hex dump (first 32 bytes):\n 28 06 a7 0a 81 88 ff ff 00 fe 22 12 81 88 ff ff (.........\".....\n 10 c4 ef 0d 81 88 ff ff 10 c4 ef 0d 81 88 ff ff ................\n backtrace:\n [\u003c00000000191de6a7\u003e] __kmalloc_node+0x44/0x1b0\n [\u003c000000002f4912b7\u003e] kvmalloc_node+0x34/0x180\n [\u003c0000000057dc4cae\u003e] v4l2_ctrl_new+0x325/0x10f0 [videodev]\n [\u003c0000000026030272\u003e] v4l2_ctrl_new_std+0x16f/0x210 [videodev]\n [\u003c00000000f0d9ea2f\u003e] max9286_probe+0x76e/0xbff [max9286]\n [\u003c00000000ea8f6455\u003e] i2c_device_probe+0x28d/0x680\n [\u003c0000000087529af3\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000b08be526\u003e] __driver_probe_device+0xe3/0x170\n [\u003c000000004382edea\u003e] driver_probe_device+0x49/0x120\n [\u003c000000007bde528a\u003e] __device_attach_driver+0xf7/0x150\n [\u003c000000009f9c6ab4\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000c8aaf588\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000041cc06b9\u003e] bus_probe_device+0x126/0x140\n [\u003c000000002309860d\u003e] device_add+0x810/0x1130\n [\u003c000000002827bf98\u003e] i2c_new_client_device+0x359/0x4f0\n [\u003c00000000593bdc85\u003e] of_i2c_register_device+0xf1/0x110\n\nmax9286_v4l2_register() calls v4l2_ctrl_new_std(), but won\u0027t free the\ncreated v412_ctrl when fwnode_graph_get_endpoint_by_id() failed, which\ncauses the memleak. Call v4l2_ctrl_handler_free() to free the v412_ctrl."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:39.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/505ff3a0c5951684c3a43094ca4c1a74683d5681"
},
{
"url": "https://git.kernel.org/stable/c/5897fe3ebe8252993579e1bee715ebfe5504e052"
},
{
"url": "https://git.kernel.org/stable/c/724039e013b34f46344abdbf8c74e6a65a828327"
},
{
"url": "https://git.kernel.org/stable/c/5e31213fa017c20ccc989033a5f4a626473aa2ca"
},
{
"url": "https://git.kernel.org/stable/c/8636c5fc7658c7c6299fb8b352d24ea4b9ba99e2"
}
],
"title": "media: max9286: Fix memleak in max9286_v4l2_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53700",
"datePublished": "2025-10-22T13:23:39.560Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:39.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53697 (GCVE-0-2023-53697)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()
Memory pointed by 'nd_pmu->pmu.attr_groups' is allocated in function
'register_nvdimm_pmu' and is lost after 'kfree(nd_pmu)' call in function
'unregister_nvdimm_pmu'.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvdimm/nd_perf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "500a6ff9c2a81348fe0f04e2deb758145e8ab94e",
"status": "affected",
"version": "0fab1ba6ad6ba1f76380f92ead95c6e861ef8116",
"versionType": "git"
},
{
"lessThan": "4999f2ec5fde7c45e3ecafda5b78560cc1c7bdb5",
"status": "affected",
"version": "0fab1ba6ad6ba1f76380f92ead95c6e861ef8116",
"versionType": "git"
},
{
"lessThan": "16259c80542ee8945aaa39cfc6a1809bcdc08ffe",
"status": "affected",
"version": "0fab1ba6ad6ba1f76380f92ead95c6e861ef8116",
"versionType": "git"
},
{
"lessThan": "85ae42c72142346645e63c33835da947dfa008b3",
"status": "affected",
"version": "0fab1ba6ad6ba1f76380f92ead95c6e861ef8116",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvdimm/nd_perf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.53",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.16",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:37.757Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/500a6ff9c2a81348fe0f04e2deb758145e8ab94e"
},
{
"url": "https://git.kernel.org/stable/c/4999f2ec5fde7c45e3ecafda5b78560cc1c7bdb5"
},
{
"url": "https://git.kernel.org/stable/c/16259c80542ee8945aaa39cfc6a1809bcdc08ffe"
},
{
"url": "https://git.kernel.org/stable/c/85ae42c72142346645e63c33835da947dfa008b3"
}
],
"title": "nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53697",
"datePublished": "2025-10-22T13:23:37.757Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:37.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50566 (GCVE-0-2022-50566)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix device name leak when register device failed in add_mtd_device()
There is a kmemleak when register device failed:
unreferenced object 0xffff888101aab550 (size 8):
comm "insmod", pid 3922, jiffies 4295277753 (age 925.408s)
hex dump (first 8 bytes):
6d 74 64 30 00 88 ff ff mtd0....
backtrace:
[<00000000bde26724>] __kmalloc_node_track_caller+0x4e/0x150
[<000000003c32b416>] kvasprintf+0xb0/0x130
[<000000001f7a8f15>] kobject_set_name_vargs+0x2f/0xb0
[<000000006e781163>] dev_set_name+0xab/0xe0
[<00000000e30d0c78>] add_mtd_device+0x4bb/0x700
[<00000000f3d34de7>] mtd_device_parse_register+0x2ac/0x3f0
[<00000000c0d88488>] 0xffffffffa0238457
[<00000000b40d0922>] 0xffffffffa02a008f
[<0000000023d17b9d>] do_one_initcall+0x87/0x2a0
[<00000000770f6ca6>] do_init_module+0xdf/0x320
[<000000007b6768fe>] load_module+0x2f98/0x3330
[<00000000346bed5a>] __do_sys_finit_module+0x113/0x1b0
[<00000000674c2290>] do_syscall_64+0x35/0x80
[<000000004c6a8d97>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
If register device failed, should call put_device() to give up the
reference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 Version: 1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtdcore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a75f45afa932bfb24a2603ebcea5efd2e7cdcfd6",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "2302e2dc42b1f84f951c725ce742fc21c5a1e151",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "db07fe76df01f40cb897d6e9066b84e46957beb3",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "fa0d32ab8407d7481450c664fd0de64f2dae9489",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "330bc5533e8a8ed69cb951d5a8edce9bddb9db21",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "71212d73184845c944ef1b43f092e643e5bde003",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "1b172fb05d6315ecec082fd7544a3390e96f0d7e",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "bcabe1dc2a344adbb3382930a23e273ba9382277",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
},
{
"lessThan": "895d68a39481a75c680aa421546931fb11942fa6",
"status": "affected",
"version": "1f24b5a8ecbb2a3c7080f418974d40e3ffedb221",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtdcore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix device name leak when register device failed in add_mtd_device()\n\nThere is a kmemleak when register device failed:\n unreferenced object 0xffff888101aab550 (size 8):\n comm \"insmod\", pid 3922, jiffies 4295277753 (age 925.408s)\n hex dump (first 8 bytes):\n 6d 74 64 30 00 88 ff ff mtd0....\n backtrace:\n [\u003c00000000bde26724\u003e] __kmalloc_node_track_caller+0x4e/0x150\n [\u003c000000003c32b416\u003e] kvasprintf+0xb0/0x130\n [\u003c000000001f7a8f15\u003e] kobject_set_name_vargs+0x2f/0xb0\n [\u003c000000006e781163\u003e] dev_set_name+0xab/0xe0\n [\u003c00000000e30d0c78\u003e] add_mtd_device+0x4bb/0x700\n [\u003c00000000f3d34de7\u003e] mtd_device_parse_register+0x2ac/0x3f0\n [\u003c00000000c0d88488\u003e] 0xffffffffa0238457\n [\u003c00000000b40d0922\u003e] 0xffffffffa02a008f\n [\u003c0000000023d17b9d\u003e] do_one_initcall+0x87/0x2a0\n [\u003c00000000770f6ca6\u003e] do_init_module+0xdf/0x320\n [\u003c000000007b6768fe\u003e] load_module+0x2f98/0x3330\n [\u003c00000000346bed5a\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000674c2290\u003e] do_syscall_64+0x35/0x80\n [\u003c000000004c6a8d97\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nIf register device failed, should call put_device() to give up the\nreference."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:23.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a75f45afa932bfb24a2603ebcea5efd2e7cdcfd6"
},
{
"url": "https://git.kernel.org/stable/c/2302e2dc42b1f84f951c725ce742fc21c5a1e151"
},
{
"url": "https://git.kernel.org/stable/c/db07fe76df01f40cb897d6e9066b84e46957beb3"
},
{
"url": "https://git.kernel.org/stable/c/fa0d32ab8407d7481450c664fd0de64f2dae9489"
},
{
"url": "https://git.kernel.org/stable/c/330bc5533e8a8ed69cb951d5a8edce9bddb9db21"
},
{
"url": "https://git.kernel.org/stable/c/71212d73184845c944ef1b43f092e643e5bde003"
},
{
"url": "https://git.kernel.org/stable/c/1b172fb05d6315ecec082fd7544a3390e96f0d7e"
},
{
"url": "https://git.kernel.org/stable/c/bcabe1dc2a344adbb3382930a23e273ba9382277"
},
{
"url": "https://git.kernel.org/stable/c/895d68a39481a75c680aa421546931fb11942fa6"
}
],
"title": "mtd: Fix device name leak when register device failed in add_mtd_device()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50566",
"datePublished": "2025-10-22T13:23:23.917Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:23.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50581 (GCVE-0-2022-50581)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix OOB Read in __hfs_brec_find
Syzbot reported a OOB read bug:
==================================================================
BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190
fs/hfs/string.c:84
Read of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted
6.1.0-rc6-syzkaller-00308-g644e9524388a #0
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:284
print_report+0x107/0x1f0 mm/kasan/report.c:395
kasan_report+0xcd/0x100 mm/kasan/report.c:495
hfs_strcmp+0x117/0x190 fs/hfs/string.c:84
__hfs_brec_find+0x213/0x5c0 fs/hfs/bfind.c:75
hfs_brec_find+0x276/0x520 fs/hfs/bfind.c:138
hfs_write_inode+0x34c/0xb40 fs/hfs/inode.c:462
write_inode fs/fs-writeback.c:1440 [inline]
If the input inode of hfs_write_inode() is incorrect:
struct inode
struct hfs_inode_info
struct hfs_cat_key
struct hfs_name
u8 len # len is greater than HFS_NAMELEN(31) which is the
maximum length of an HFS filename
OOB read occurred:
hfs_write_inode()
hfs_brec_find()
__hfs_brec_find()
hfs_cat_keycmp()
hfs_strcmp() # OOB read occurred due to len is too large
Fix this by adding a Check on len in hfs_write_inode() before calling
hfs_brec_find().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c40f2dbae603ef0bd21e87c63f54ec59fd88256",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c886c10a6eddb99923b315f42bf63f448883ef9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "90103ccb6e60aa4efe48993d23d6a528472f2233",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4fd3a11804c8877ff11fec59c5c53f1635331e3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "367296925c7625c3969d2a78d7a3e1dee161beb5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e9e692917c6e10a7066c7a6d092dcdc3d4e329f3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfc9d8f27f89717431a6aecce42ae230b437433f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d824e69d9f3fa3121b2dda25053bae71e2460d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix OOB Read in __hfs_brec_find\n\nSyzbot reported a OOB read bug:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190\nfs/hfs/string.c:84\nRead of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11\nCPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted\n6.1.0-rc6-syzkaller-00308-g644e9524388a #0\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_strcmp+0x117/0x190 fs/hfs/string.c:84\n __hfs_brec_find+0x213/0x5c0 fs/hfs/bfind.c:75\n hfs_brec_find+0x276/0x520 fs/hfs/bfind.c:138\n hfs_write_inode+0x34c/0xb40 fs/hfs/inode.c:462\n write_inode fs/fs-writeback.c:1440 [inline]\n\nIf the input inode of hfs_write_inode() is incorrect:\nstruct inode\n struct hfs_inode_info\n struct hfs_cat_key\n struct hfs_name\n u8 len # len is greater than HFS_NAMELEN(31) which is the\nmaximum length of an HFS filename\n\nOOB read occurred:\nhfs_write_inode()\n hfs_brec_find()\n __hfs_brec_find()\n hfs_cat_keycmp()\n hfs_strcmp() # OOB read occurred due to len is too large\n\nFix this by adding a Check on len in hfs_write_inode() before calling\nhfs_brec_find()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:33.421Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c40f2dbae603ef0bd21e87c63f54ec59fd88256"
},
{
"url": "https://git.kernel.org/stable/c/c886c10a6eddb99923b315f42bf63f448883ef9a"
},
{
"url": "https://git.kernel.org/stable/c/2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30"
},
{
"url": "https://git.kernel.org/stable/c/90103ccb6e60aa4efe48993d23d6a528472f2233"
},
{
"url": "https://git.kernel.org/stable/c/4fd3a11804c8877ff11fec59c5c53f1635331e3e"
},
{
"url": "https://git.kernel.org/stable/c/367296925c7625c3969d2a78d7a3e1dee161beb5"
},
{
"url": "https://git.kernel.org/stable/c/e9e692917c6e10a7066c7a6d092dcdc3d4e329f3"
},
{
"url": "https://git.kernel.org/stable/c/bfc9d8f27f89717431a6aecce42ae230b437433f"
},
{
"url": "https://git.kernel.org/stable/c/8d824e69d9f3fa3121b2dda25053bae71e2460d2"
}
],
"title": "hfs: fix OOB Read in __hfs_brec_find",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50581",
"datePublished": "2025-10-22T13:23:33.421Z",
"dateReserved": "2025-10-22T13:20:23.762Z",
"dateUpdated": "2025-10-22T13:23:33.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53701 (GCVE-0-2023-53701)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-10-23T05:46:23.597Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53701",
"datePublished": "2025-10-22T13:23:40.163Z",
"dateRejected": "2025-10-23T05:46:23.597Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-23T05:46:23.597Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53708 (GCVE-0-2023-53708)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`
objects while evaluating the AMD LPS0 _DSM, there will be a memory
leak. Explicitly guard against this.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/x86/s2idle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7b7964cd9db30bc84808a40d13a0633b4313f149",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ea7e47807279369c82718efd2677ea25c6579e3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9e8bbde9293151430884aed882a88eaa22298f72",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "883cf0d4cf288313b71146ddebdf5d647b76c78b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/x86/s2idle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:44.496Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7b7964cd9db30bc84808a40d13a0633b4313f149"
},
{
"url": "https://git.kernel.org/stable/c/1ea7e47807279369c82718efd2677ea25c6579e3"
},
{
"url": "https://git.kernel.org/stable/c/9e8bbde9293151430884aed882a88eaa22298f72"
},
{
"url": "https://git.kernel.org/stable/c/883cf0d4cf288313b71146ddebdf5d647b76c78b"
}
],
"title": "ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53708",
"datePublished": "2025-10-22T13:23:44.496Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:44.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53717 (GCVE-0-2023-53717)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
Fix a stack-out-of-bounds write that occurs in a WMI response callback
function that is called after a timeout occurs in ath9k_wmi_cmd().
The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that
could no longer be valid when a timeout occurs. Set wmi->last_seq_id to
0 when a timeout occurred.
Found by a modified version of syzkaller.
BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx
Write of size 4
Call Trace:
memcpy
ath9k_wmi_ctrl_rx
ath9k_htc_rx_msg
ath9k_hif_usb_reg_in_cb
__usb_hcd_giveback_urb
usb_hcd_giveback_urb
dummy_timer
call_timer_fn
run_timer_softirq
__do_softirq
irq_exit_rcu
sysvec_apic_timer_interrupt
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89a33c3c847b19b19205cde1d924df2a6c70d8eb",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "bf6dc175a2b53098a69db1236d9d53982f4b1bc0",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "78b56b0a613a87b61290b95be497fdfe2fe58aa6",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "1af7eacfad45149c54893a8a9df9e92ef89f0a90",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "8f28513d9520184059530c01a9f928a1b3809d3f",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "554048a72d7ecfdd58cc1bfb56e0a1864e64e82c",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "8a2f35b9830692f7a616f2f627f943bc748af13a",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.308",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.276",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.235",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi-\u003ecmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi-\u003elast_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:50.161Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89a33c3c847b19b19205cde1d924df2a6c70d8eb"
},
{
"url": "https://git.kernel.org/stable/c/ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc"
},
{
"url": "https://git.kernel.org/stable/c/bf6dc175a2b53098a69db1236d9d53982f4b1bc0"
},
{
"url": "https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6"
},
{
"url": "https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90"
},
{
"url": "https://git.kernel.org/stable/c/8f28513d9520184059530c01a9f928a1b3809d3f"
},
{
"url": "https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c"
},
{
"url": "https://git.kernel.org/stable/c/8a2f35b9830692f7a616f2f627f943bc748af13a"
}
],
"title": "wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53717",
"datePublished": "2025-10-22T13:23:50.161Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:50.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53704 (GCVE-0-2023-53704)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
Replace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()
which can automatically release the related memory when the device
or driver is removed or unloaded to avoid potential memory leak.
In this case, iounmap(anatop_base) in line 427,433 are removed
as manual release is not required.
Besides, referring to clk-imx8mq.c, check the return code of
of_clk_add_hw_provider, if it returns negtive, print error info
and unregister hws, which makes the program more robust.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 Version: 9c140d9926761b0f5d329ff6c09a1540f3d5e1d3 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/imx/clk-imx8mp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb047c13bbf9018693ae31f03a5a26b212d02f13",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
},
{
"lessThan": "bcea444ab4c045864b55d67313833d606676602a",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
},
{
"lessThan": "6317d0302655f7e854cd4f31e93b47d35cb058bb",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
},
{
"lessThan": "5bcf140e9e6cf76f1f1bd1f489a14ca4d49f9a1a",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
},
{
"lessThan": "92ce7629a11ae62292e1cfaa6132dab081fc80ee",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
},
{
"lessThan": "878b02d5f3b56cb090dbe2c70c89273be144087f",
"status": "affected",
"version": "9c140d9926761b0f5d329ff6c09a1540f3d5e1d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/imx/clk-imx8mp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.121",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:42.067Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb047c13bbf9018693ae31f03a5a26b212d02f13"
},
{
"url": "https://git.kernel.org/stable/c/bcea444ab4c045864b55d67313833d606676602a"
},
{
"url": "https://git.kernel.org/stable/c/6317d0302655f7e854cd4f31e93b47d35cb058bb"
},
{
"url": "https://git.kernel.org/stable/c/5bcf140e9e6cf76f1f1bd1f489a14ca4d49f9a1a"
},
{
"url": "https://git.kernel.org/stable/c/92ce7629a11ae62292e1cfaa6132dab081fc80ee"
},
{
"url": "https://git.kernel.org/stable/c/878b02d5f3b56cb090dbe2c70c89273be144087f"
}
],
"title": "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53704",
"datePublished": "2025-10-22T13:23:42.067Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:42.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53720 (GCVE-0-2023-53720)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Release the label when replacing existing ct entry
Cited commit doesn't release the label mapping when replacing existing ct
entry which leads to following memleak report:
unreferenced object 0xffff8881854cf280 (size 96):
comm "kworker/u48:74", pid 23093, jiffies 4296664564 (age 175.944s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000002722d368>] __kmalloc+0x4b/0x1c0
[<00000000cc44e18f>] mapping_add+0x6e8/0xc90 [mlx5_core]
[<000000003ad942a7>] mlx5_get_label_mapping+0x66/0xe0 [mlx5_core]
[<00000000266308ac>] mlx5_tc_ct_entry_create_mod_hdr+0x1c4/0xf50 [mlx5_core]
[<000000009a768b4f>] mlx5_tc_ct_entry_add_rule+0x16f/0xaf0 [mlx5_core]
[<00000000a178f3e5>] mlx5_tc_ct_block_flow_offload_add+0x10cb/0x1f90 [mlx5_core]
[<000000007b46c496>] mlx5_tc_ct_block_flow_offload+0x14a/0x630 [mlx5_core]
[<00000000a9a18ac5>] nf_flow_offload_tuple+0x1a3/0x390 [nf_flow_table]
[<00000000d0881951>] flow_offload_work_handler+0x257/0xd30 [nf_flow_table]
[<000000009e4935a4>] process_one_work+0x7c2/0x13e0
[<00000000f5cd36a7>] worker_thread+0x59d/0xec0
[<00000000baed1daf>] kthread+0x28f/0x330
[<0000000063d282a4>] ret_from_fork+0x1f/0x30
Fix the issue by correctly releasing the label mapping.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3db903a71f1f4bbf30baae166a4a49f2e8aceb61",
"status": "affected",
"version": "94ceffb48eac7692677d8093dcde6965b70c4b35",
"versionType": "git"
},
{
"lessThan": "8ac04a28144cfa89b61be518268233742c23d88d",
"status": "affected",
"version": "94ceffb48eac7692677d8093dcde6965b70c4b35",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Release the label when replacing existing ct entry\n\nCited commit doesn\u0027t release the label mapping when replacing existing ct\nentry which leads to following memleak report:\n\nunreferenced object 0xffff8881854cf280 (size 96):\n comm \"kworker/u48:74\", pid 23093, jiffies 4296664564 (age 175.944s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000002722d368\u003e] __kmalloc+0x4b/0x1c0\n [\u003c00000000cc44e18f\u003e] mapping_add+0x6e8/0xc90 [mlx5_core]\n [\u003c000000003ad942a7\u003e] mlx5_get_label_mapping+0x66/0xe0 [mlx5_core]\n [\u003c00000000266308ac\u003e] mlx5_tc_ct_entry_create_mod_hdr+0x1c4/0xf50 [mlx5_core]\n [\u003c000000009a768b4f\u003e] mlx5_tc_ct_entry_add_rule+0x16f/0xaf0 [mlx5_core]\n [\u003c00000000a178f3e5\u003e] mlx5_tc_ct_block_flow_offload_add+0x10cb/0x1f90 [mlx5_core]\n [\u003c000000007b46c496\u003e] mlx5_tc_ct_block_flow_offload+0x14a/0x630 [mlx5_core]\n [\u003c00000000a9a18ac5\u003e] nf_flow_offload_tuple+0x1a3/0x390 [nf_flow_table]\n [\u003c00000000d0881951\u003e] flow_offload_work_handler+0x257/0xd30 [nf_flow_table]\n [\u003c000000009e4935a4\u003e] process_one_work+0x7c2/0x13e0\n [\u003c00000000f5cd36a7\u003e] worker_thread+0x59d/0xec0\n [\u003c00000000baed1daf\u003e] kthread+0x28f/0x330\n [\u003c0000000063d282a4\u003e] ret_from_fork+0x1f/0x30\n\nFix the issue by correctly releasing the label mapping."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:52.123Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3db903a71f1f4bbf30baae166a4a49f2e8aceb61"
},
{
"url": "https://git.kernel.org/stable/c/8ac04a28144cfa89b61be518268233742c23d88d"
}
],
"title": "net/mlx5e: Release the label when replacing existing ct entry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53720",
"datePublished": "2025-10-22T13:23:52.123Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:52.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53721 (GCVE-0-2023-53721)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-30 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()
In ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly
used in memcpy(), which may lead to a NULL pointer dereference on
failure of kzalloc().
Fix this bug by adding a check of arg.extraie.ptr.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a263df398b581189fe632b4ab8440f3dd76c251",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "8ad314da54c6dd223a6b6cc85019160aa842f659",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.5",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:33:08.319Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a263df398b581189fe632b4ab8440f3dd76c251"
},
{
"url": "https://git.kernel.org/stable/c/8ad314da54c6dd223a6b6cc85019160aa842f659"
}
],
"title": "wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53721",
"datePublished": "2025-10-22T13:23:52.699Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-30T19:33:08.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53702 (GCVE-0-2023-53702)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/crypto: use vector instructions only if available for ChaCha20
Commit 349d03ffd5f6 ("crypto: s390 - add crypto library interface for
ChaCha20") added a library interface to the s390 specific ChaCha20
implementation. However no check was added to verify if the required
facilities are installed before branching into the assembler code.
If compiled into the kernel, this will lead to the following crash,
if vector instructions are not available:
data exception: 0007 ilc:3 [#1] SMP
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc7+ #11
Hardware name: IBM 3931 A01 704 (KVM/Linux)
Krnl PSW : 0704e00180000000 000000001857277a (chacha20_vx+0x32/0x818)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Krnl GPRS: 0000037f0000000a ffffffffffffff60 000000008184b000 0000000019f5c8e6
0000000000000109 0000037fffb13c58 0000037fffb13c78 0000000019bb1780
0000037fffb13c58 0000000019f5c8e6 000000008184b000 0000000000000109
00000000802d8000 0000000000000109 0000000018571ebc 0000037fffb13718
Krnl Code: 000000001857276a: c07000b1f80b larl %r7,0000000019bb1780
0000000018572770: a708000a lhi %r0,10
#0000000018572774: e78950000c36 vlm %v24,%v25,0(%r5),0
>000000001857277a: e7a060000806 vl %v26,0(%r6),0
0000000018572780: e7bf70004c36 vlm %v27,%v31,0(%r7),4
0000000018572786: e70b00000456 vlr %v0,%v27
000000001857278c: e71800000456 vlr %v1,%v24
0000000018572792: e74b00000456 vlr %v4,%v27
Call Trace:
[<000000001857277a>] chacha20_vx+0x32/0x818
Last Breaking-Event-Address:
[<0000000018571eb6>] chacha20_crypt_s390.constprop.0+0x6e/0xd8
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Fix this by adding a missing MACHINE_HAS_VX check.
[agordeev@linux.ibm.com: remove duplicates in commit message]
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/crypto/chacha-glue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25e8d30507aa2f251152df1af7809e85b5538f4a",
"status": "affected",
"version": "349d03ffd5f62c298fd667ffa397c3fdc5c6194b",
"versionType": "git"
},
{
"lessThan": "debb7797bba0caffdbdadc3e7968bb2c414f50da",
"status": "affected",
"version": "349d03ffd5f62c298fd667ffa397c3fdc5c6194b",
"versionType": "git"
},
{
"lessThan": "8703dd6b238da0ec6c276e53836f8200983d3d9b",
"status": "affected",
"version": "349d03ffd5f62c298fd667ffa397c3fdc5c6194b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/crypto/chacha-glue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.30",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.4",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/crypto: use vector instructions only if available for ChaCha20\n\nCommit 349d03ffd5f6 (\"crypto: s390 - add crypto library interface for\nChaCha20\") added a library interface to the s390 specific ChaCha20\nimplementation. However no check was added to verify if the required\nfacilities are installed before branching into the assembler code.\n\nIf compiled into the kernel, this will lead to the following crash,\nif vector instructions are not available:\n\ndata exception: 0007 ilc:3 [#1] SMP\nModules linked in:\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc7+ #11\nHardware name: IBM 3931 A01 704 (KVM/Linux)\nKrnl PSW : 0704e00180000000 000000001857277a (chacha20_vx+0x32/0x818)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000037f0000000a ffffffffffffff60 000000008184b000 0000000019f5c8e6\n 0000000000000109 0000037fffb13c58 0000037fffb13c78 0000000019bb1780\n 0000037fffb13c58 0000000019f5c8e6 000000008184b000 0000000000000109\n 00000000802d8000 0000000000000109 0000000018571ebc 0000037fffb13718\nKrnl Code: 000000001857276a: c07000b1f80b larl %r7,0000000019bb1780\n 0000000018572770: a708000a lhi %r0,10\n #0000000018572774: e78950000c36 vlm %v24,%v25,0(%r5),0\n \u003e000000001857277a: e7a060000806 vl %v26,0(%r6),0\n 0000000018572780: e7bf70004c36 vlm %v27,%v31,0(%r7),4\n 0000000018572786: e70b00000456 vlr %v0,%v27\n 000000001857278c: e71800000456 vlr %v1,%v24\n 0000000018572792: e74b00000456 vlr %v4,%v27\nCall Trace:\n [\u003c000000001857277a\u003e] chacha20_vx+0x32/0x818\nLast Breaking-Event-Address:\n [\u003c0000000018571eb6\u003e] chacha20_crypt_s390.constprop.0+0x6e/0xd8\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n\nFix this by adding a missing MACHINE_HAS_VX check.\n\n[agordeev@linux.ibm.com: remove duplicates in commit message]"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:40.798Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25e8d30507aa2f251152df1af7809e85b5538f4a"
},
{
"url": "https://git.kernel.org/stable/c/debb7797bba0caffdbdadc3e7968bb2c414f50da"
},
{
"url": "https://git.kernel.org/stable/c/8703dd6b238da0ec6c276e53836f8200983d3d9b"
}
],
"title": "s390/crypto: use vector instructions only if available for ChaCha20",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53702",
"datePublished": "2025-10-22T13:23:40.798Z",
"dateReserved": "2025-10-22T13:21:37.345Z",
"dateUpdated": "2025-10-22T13:23:40.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53727 (GCVE-0-2023-53727)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fq_pie: avoid stalls in fq_pie_timer()
When setting a high number of flows (limit being 65536),
fq_pie_timer() is currently using too much time as syzbot reported.
Add logic to yield the cpu every 2048 flows (less than 150 usec
on debug kernels).
It should also help by not blocking qdisc fast paths for too long.
Worst case (65536 flows) would need 31 jiffies for a complete scan.
Relevant extract from syzbot report:
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]
RIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236
Code: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 <a9> 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b
RSP: 0018:ffffc90000007bb8 EFLAGS: 00000206
RAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0
RDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415
fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94d527c3759d76c29220758362f622954612bea7",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "973a4c302d7f3804098ff9824d9f56926901f293",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "f39b49077abec4c9c3a4c2966532004851c51006",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "e093000e7d13569c9cb07d7500acd5142c3c43cb",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "8c21ab1bae945686c602c5bfa4e3f3352c2452c5",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.195",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.132",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.54",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:56.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94d527c3759d76c29220758362f622954612bea7"
},
{
"url": "https://git.kernel.org/stable/c/973a4c302d7f3804098ff9824d9f56926901f293"
},
{
"url": "https://git.kernel.org/stable/c/f39b49077abec4c9c3a4c2966532004851c51006"
},
{
"url": "https://git.kernel.org/stable/c/e093000e7d13569c9cb07d7500acd5142c3c43cb"
},
{
"url": "https://git.kernel.org/stable/c/8c21ab1bae945686c602c5bfa4e3f3352c2452c5"
}
],
"title": "net/sched: fq_pie: avoid stalls in fq_pie_timer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53727",
"datePublished": "2025-10-22T13:23:56.528Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:56.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53715 (GCVE-0-2023-53715)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
Apparently the hex passphrase mechanism does not work on newer
chips/firmware (e.g. BCM4387). It seems there was a simple way of
passing it in binary all along, so use that and avoid the hexification.
OpenBSD has been doing it like this from the beginning, so this should
work on all chips.
Also clear the structure before setting the PMK. This was leaking
uninitialized stack contents to the device.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1687845eb8f37360a9ee849a3587ab659b090773",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2bc34facb90ceeff6f8c17d2006575a6d07c3825",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56c7e9c39bd54fd753c0c4b1ed10278cbd3a5f02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e8dc0e5c7636efaadbd7e488acd34b4291c0431",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e242c66f7ecfe8f5b6eb308f4ea464fd8589c866",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f8a6c53ff1d91acd5a20eb627edbffd816eb9a4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2fa3a5226b05e0a797c68b9609dcebe0cd236b27",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89b89e52153fda2733562776c7c9d9d3ebf8dd6d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.244",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex\n\nApparently the hex passphrase mechanism does not work on newer\nchips/firmware (e.g. BCM4387). It seems there was a simple way of\npassing it in binary all along, so use that and avoid the hexification.\n\nOpenBSD has been doing it like this from the beginning, so this should\nwork on all chips.\n\nAlso clear the structure before setting the PMK. This was leaking\nuninitialized stack contents to the device."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:48.905Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1687845eb8f37360a9ee849a3587ab659b090773"
},
{
"url": "https://git.kernel.org/stable/c/2bc34facb90ceeff6f8c17d2006575a6d07c3825"
},
{
"url": "https://git.kernel.org/stable/c/56c7e9c39bd54fd753c0c4b1ed10278cbd3a5f02"
},
{
"url": "https://git.kernel.org/stable/c/4e8dc0e5c7636efaadbd7e488acd34b4291c0431"
},
{
"url": "https://git.kernel.org/stable/c/e242c66f7ecfe8f5b6eb308f4ea464fd8589c866"
},
{
"url": "https://git.kernel.org/stable/c/f8a6c53ff1d91acd5a20eb627edbffd816eb9a4e"
},
{
"url": "https://git.kernel.org/stable/c/2fa3a5226b05e0a797c68b9609dcebe0cd236b27"
},
{
"url": "https://git.kernel.org/stable/c/89b89e52153fda2733562776c7c9d9d3ebf8dd6d"
}
],
"title": "wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53715",
"datePublished": "2025-10-22T13:23:48.905Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:48.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50576 (GCVE-0-2022-50576)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: pch: Fix PCI device refcount leak in pch_request_dma()
As comment of pci_get_slot() says, it returns a pci_device with its
refcount increased. The caller must decrement the reference count by
calling pci_dev_put().
Since 'dma_dev' is only used to filter the channel in filter(), we can
call pci_dev_put() before exiting from pch_request_dma(). Add the
missing pci_dev_put() for the normal and error path.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da Version: 3c6a483275f47a2ef7119309ad3d791c10cf30da |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/pch_uart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90ff030ca10b69feeebda1427550ebf9ed2ad868",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "56e5a7c5ee3f0dc8978b5df2b1a98a1b060c5e2a",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "dfd15c5550b9190d5b0f9bcacb3e6436322f3854",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "d165388227aa7e46a9751b90bae6337b5335cdbb",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "07f4ca68b0f6bf84b6b391c14b59fd179fcde9c5",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "6f7d82380fbeaed3a940efc33c23f0c4bbd0fc02",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "4f5d28865c665c9064de631a518f9bc8099d9ce4",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "516614a371c26e3334625b4bca19a5362bf658d6",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
},
{
"lessThan": "8be3a7bf773700534a6e8f87f6ed2ed111254be5",
"status": "affected",
"version": "3c6a483275f47a2ef7119309ad3d791c10cf30da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/pch_uart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: pch: Fix PCI device refcount leak in pch_request_dma()\n\nAs comment of pci_get_slot() says, it returns a pci_device with its\nrefcount increased. The caller must decrement the reference count by\ncalling pci_dev_put().\n\nSince \u0027dma_dev\u0027 is only used to filter the channel in filter(), we can\ncall pci_dev_put() before exiting from pch_request_dma(). Add the\nmissing pci_dev_put() for the normal and error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:30.250Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90ff030ca10b69feeebda1427550ebf9ed2ad868"
},
{
"url": "https://git.kernel.org/stable/c/56e5a7c5ee3f0dc8978b5df2b1a98a1b060c5e2a"
},
{
"url": "https://git.kernel.org/stable/c/dfd15c5550b9190d5b0f9bcacb3e6436322f3854"
},
{
"url": "https://git.kernel.org/stable/c/d165388227aa7e46a9751b90bae6337b5335cdbb"
},
{
"url": "https://git.kernel.org/stable/c/07f4ca68b0f6bf84b6b391c14b59fd179fcde9c5"
},
{
"url": "https://git.kernel.org/stable/c/6f7d82380fbeaed3a940efc33c23f0c4bbd0fc02"
},
{
"url": "https://git.kernel.org/stable/c/4f5d28865c665c9064de631a518f9bc8099d9ce4"
},
{
"url": "https://git.kernel.org/stable/c/516614a371c26e3334625b4bca19a5362bf658d6"
},
{
"url": "https://git.kernel.org/stable/c/8be3a7bf773700534a6e8f87f6ed2ed111254be5"
}
],
"title": "serial: pch: Fix PCI device refcount leak in pch_request_dma()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50576",
"datePublished": "2025-10-22T13:23:30.250Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:30.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53724 (GCVE-0-2023-53724)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
`req` is allocated in pcf50633_adc_async_read(), but
adc_enqueue_request() could fail to insert the `req` into queue.
We need to check the return value and free it in the case of failure.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 Version: 08c3e06a5eb27d43b712adef18379f8464425e71 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mfd/pcf50633-adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66616eed76dfa6f3e442907760325a023c6da7e2",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "41cdf082ae006ea002135dfaf43b2897de3bded8",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "588edb4fb1f1e6487a0f60a5f7b9a24d2d0c9f8e",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "3ee13bdf0d25ae8752ae6185b6d13bbb0d5a8e30",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "6a8a02dcfae13ab07dc7bed2b409cec7f3d32e92",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "9cca3a4933ca365cc664d5eefb0f942374ea8b41",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "a62a5e79202967176a9c1a04e477860779accd6c",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
},
{
"lessThan": "8b450dcff23aa254844492831a8e2b508a9d522d",
"status": "affected",
"version": "08c3e06a5eb27d43b712adef18379f8464425e71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mfd/pcf50633-adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.308",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.235",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()\n\n`req` is allocated in pcf50633_adc_async_read(), but\nadc_enqueue_request() could fail to insert the `req` into queue.\nWe need to check the return value and free it in the case of failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:54.542Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66616eed76dfa6f3e442907760325a023c6da7e2"
},
{
"url": "https://git.kernel.org/stable/c/41cdf082ae006ea002135dfaf43b2897de3bded8"
},
{
"url": "https://git.kernel.org/stable/c/588edb4fb1f1e6487a0f60a5f7b9a24d2d0c9f8e"
},
{
"url": "https://git.kernel.org/stable/c/3ee13bdf0d25ae8752ae6185b6d13bbb0d5a8e30"
},
{
"url": "https://git.kernel.org/stable/c/6a8a02dcfae13ab07dc7bed2b409cec7f3d32e92"
},
{
"url": "https://git.kernel.org/stable/c/9cca3a4933ca365cc664d5eefb0f942374ea8b41"
},
{
"url": "https://git.kernel.org/stable/c/a62a5e79202967176a9c1a04e477860779accd6c"
},
{
"url": "https://git.kernel.org/stable/c/8b450dcff23aa254844492831a8e2b508a9d522d"
}
],
"title": "mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53724",
"datePublished": "2025-10-22T13:23:54.542Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:54.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50572 (GCVE-0-2022-50572)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
The of_get_next_child() returns a node with refcount incremented, and
decrements the refcount of prev. So in the error path of the while loop,
of_node_put() needs be called for cpu_ep.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fce9b90c1ab7e915553c57353355700c79b39c86 Version: fce9b90c1ab7e915553c57353355700c79b39c86 Version: fce9b90c1ab7e915553c57353355700c79b39c86 Version: fce9b90c1ab7e915553c57353355700c79b39c86 Version: fce9b90c1ab7e915553c57353355700c79b39c86 Version: fce9b90c1ab7e915553c57353355700c79b39c86 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/generic/audio-graph-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed1376f771404917c2ec3ebc617431ec01146134",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
},
{
"lessThan": "06c9d468c06806dab752eb8e72addbf3792c1023",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
},
{
"lessThan": "85eb5c952b7fe2d2059beaa4a4dd26688b25547b",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
},
{
"lessThan": "49dad92af6892f46851af989ef3aa7cd7316c389",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
},
{
"lessThan": "4cc8431ec77a43ea106d8bde0860c61cfdda1cd0",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
},
{
"lessThan": "8ab2d12c726f0fde0692fa5d81d8019b3dcd62d0",
"status": "affected",
"version": "fce9b90c1ab7e915553c57353355700c79b39c86",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/generic/audio-graph-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()\n\nThe of_get_next_child() returns a node with refcount incremented, and\ndecrements the refcount of prev. So in the error path of the while loop,\nof_node_put() needs be called for cpu_ep."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:27.813Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed1376f771404917c2ec3ebc617431ec01146134"
},
{
"url": "https://git.kernel.org/stable/c/06c9d468c06806dab752eb8e72addbf3792c1023"
},
{
"url": "https://git.kernel.org/stable/c/85eb5c952b7fe2d2059beaa4a4dd26688b25547b"
},
{
"url": "https://git.kernel.org/stable/c/49dad92af6892f46851af989ef3aa7cd7316c389"
},
{
"url": "https://git.kernel.org/stable/c/4cc8431ec77a43ea106d8bde0860c61cfdda1cd0"
},
{
"url": "https://git.kernel.org/stable/c/8ab2d12c726f0fde0692fa5d81d8019b3dcd62d0"
}
],
"title": "ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50572",
"datePublished": "2025-10-22T13:23:27.813Z",
"dateReserved": "2025-10-22T13:20:23.761Z",
"dateUpdated": "2025-10-22T13:23:27.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50561 (GCVE-0-2022-50561)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: fix memory leak in iio_device_register_eventset()
When iio_device_register_sysfs_group() returns failed,
iio_device_register_eventset() needs to free attrs array.
Otherwise, kmemleak would scan & report memory leak as below:
unreferenced object 0xffff88810a1cc3c0 (size 32):
comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s)
backtrace:
__kmalloc+0x46/0x1b0
iio_device_register_eventset at drivers/iio/industrialio-event.c:541
__iio_device_register at drivers/iio/industrialio-core.c:1959
__devm_iio_device_register at drivers/iio/industrialio-core.c:2040
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/industrialio-event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dc6afd6070f3a5b086c8c5cfa6ded63ae44494da",
"status": "affected",
"version": "32f171724e5cbecc80594fb6eced057cfdd6eb6f",
"versionType": "git"
},
{
"lessThan": "5de3add7509c95685f1185683b817dd206c4b1f1",
"status": "affected",
"version": "32f171724e5cbecc80594fb6eced057cfdd6eb6f",
"versionType": "git"
},
{
"lessThan": "a154b1c139fbf6a49762159be81d425d41ceec87",
"status": "affected",
"version": "32f171724e5cbecc80594fb6eced057cfdd6eb6f",
"versionType": "git"
},
{
"lessThan": "86fdd15e10e404e70ecb2a3bff24d70356d42b36",
"status": "affected",
"version": "32f171724e5cbecc80594fb6eced057cfdd6eb6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/industrialio-event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: fix memory leak in iio_device_register_eventset()\n\nWhen iio_device_register_sysfs_group() returns failed,\niio_device_register_eventset() needs to free attrs array.\n\nOtherwise, kmemleak would scan \u0026 report memory leak as below:\n\nunreferenced object 0xffff88810a1cc3c0 (size 32):\n comm \"100-i2c-vcnl302\", pid 728, jiffies 4295052307 (age 156.027s)\n backtrace:\n __kmalloc+0x46/0x1b0\n iio_device_register_eventset at drivers/iio/industrialio-event.c:541\n __iio_device_register at drivers/iio/industrialio-core.c:1959\n __devm_iio_device_register at drivers/iio/industrialio-core.c:2040"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:20.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dc6afd6070f3a5b086c8c5cfa6ded63ae44494da"
},
{
"url": "https://git.kernel.org/stable/c/5de3add7509c95685f1185683b817dd206c4b1f1"
},
{
"url": "https://git.kernel.org/stable/c/a154b1c139fbf6a49762159be81d425d41ceec87"
},
{
"url": "https://git.kernel.org/stable/c/86fdd15e10e404e70ecb2a3bff24d70356d42b36"
}
],
"title": "iio: fix memory leak in iio_device_register_eventset()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50561",
"datePublished": "2025-10-22T13:23:20.802Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:20.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50571 (GCVE-0-2022-50571)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure
Now that lockdep is staying enabled through our entire CI runs I started
seeing the following stack in generic/475
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0
CPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
Workqueue: btrfs-cache btrfs_work_helper
RIP: 0010:btrfs_discard_update_discardable+0x98/0xb0
RSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e
RBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010
R13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80
FS: 0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0
Call Trace:
__btrfs_remove_free_space_cache+0x27/0x30
load_free_space_cache+0xad2/0xaf0
caching_thread+0x40b/0x650
? lock_release+0x137/0x2d0
btrfs_work_helper+0xf2/0x3e0
? lock_is_held_type+0xe2/0x140
process_one_work+0x271/0x590
? process_one_work+0x590/0x590
worker_thread+0x52/0x3b0
? process_one_work+0x590/0x590
kthread+0xf0/0x120
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
This is the code
ctl = block_group->free_space_ctl;
discard_ctl = &block_group->fs_info->discard_ctl;
lockdep_assert_held(&ctl->tree_lock);
We have a temporary free space ctl for loading the free space cache in
order to avoid having allocations happening while we're loading the
cache. When we hit an error we free it all up, however this also calls
btrfs_discard_update_discardable, which requires
block_group->free_space_ctl->tree_lock to be held. However this is our
temporary ctl so this lock isn't held. Fix this by calling
__btrfs_remove_free_space_cache_locked instead so that we only clean up
the entries and do not mess with the discardable stats.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/free-space-cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "819a61301275dcc573e3f520be3dc2c8531bee2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a1ae2781dee9fc21ca82db682d37bea4bd074ad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/free-space-cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: call __btrfs_remove_free_space_cache_locked on cache load failure\n\nNow that lockdep is staying enabled through our entire CI runs I started\nseeing the following stack in generic/475\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0\nCPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\nWorkqueue: btrfs-cache btrfs_work_helper\nRIP: 0010:btrfs_discard_update_discardable+0x98/0xb0\nRSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e\nRBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010\nR13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80\nFS: 0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0\nCall Trace:\n\n __btrfs_remove_free_space_cache+0x27/0x30\n load_free_space_cache+0xad2/0xaf0\n caching_thread+0x40b/0x650\n ? lock_release+0x137/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_is_held_type+0xe2/0x140\n process_one_work+0x271/0x590\n ? process_one_work+0x590/0x590\n worker_thread+0x52/0x3b0\n ? process_one_work+0x590/0x590\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis is the code\n\n ctl = block_group-\u003efree_space_ctl;\n discard_ctl = \u0026block_group-\u003efs_info-\u003ediscard_ctl;\n\n lockdep_assert_held(\u0026ctl-\u003etree_lock);\n\nWe have a temporary free space ctl for loading the free space cache in\norder to avoid having allocations happening while we\u0027re loading the\ncache. When we hit an error we free it all up, however this also calls\nbtrfs_discard_update_discardable, which requires\nblock_group-\u003efree_space_ctl-\u003etree_lock to be held. However this is our\ntemporary ctl so this lock isn\u0027t held. Fix this by calling\n__btrfs_remove_free_space_cache_locked instead so that we only clean up\nthe entries and do not mess with the discardable stats."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:27.187Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/819a61301275dcc573e3f520be3dc2c8531bee2d"
},
{
"url": "https://git.kernel.org/stable/c/8a1ae2781dee9fc21ca82db682d37bea4bd074ad"
}
],
"title": "btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50571",
"datePublished": "2025-10-22T13:23:27.187Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:27.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53695 (GCVE-0-2023-53695)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: Detect system inodes linked into directory hierarchy
When UDF filesystem is corrupted, hidden system inodes can be linked
into directory hierarchy which is an avenue for further serious
corruption of the filesystem and kernel confusion as noticed by syzbot
fuzzed images. Refuse to access system inodes linked into directory
hierarchy and vice versa.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/udf/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1dc71eeb198a8daa17d0c995998a53b0b749a158",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d747b31e2925a2f384e7dd1901a2e5bc5f984ed8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a44ec34b90440ada190924f5908b97026504fdcd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "37e74003d81e79457535cbbdfa1603431c03fac0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1f328751b65c49c13a312d67a3bf27766b85baf7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9e3b5ef7d02eaa6553e79b4af9bd99227280f245",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85a37983ec69cc9fcd188bc37c4de15ee326355a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/udf/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Detect system inodes linked into directory hierarchy\n\nWhen UDF filesystem is corrupted, hidden system inodes can be linked\ninto directory hierarchy which is an avenue for further serious\ncorruption of the filesystem and kernel confusion as noticed by syzbot\nfuzzed images. Refuse to access system inodes linked into directory\nhierarchy and vice versa."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:36.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dc71eeb198a8daa17d0c995998a53b0b749a158"
},
{
"url": "https://git.kernel.org/stable/c/d747b31e2925a2f384e7dd1901a2e5bc5f984ed8"
},
{
"url": "https://git.kernel.org/stable/c/a44ec34b90440ada190924f5908b97026504fdcd"
},
{
"url": "https://git.kernel.org/stable/c/37e74003d81e79457535cbbdfa1603431c03fac0"
},
{
"url": "https://git.kernel.org/stable/c/1f328751b65c49c13a312d67a3bf27766b85baf7"
},
{
"url": "https://git.kernel.org/stable/c/9e3b5ef7d02eaa6553e79b4af9bd99227280f245"
},
{
"url": "https://git.kernel.org/stable/c/85a37983ec69cc9fcd188bc37c4de15ee326355a"
}
],
"title": "udf: Detect system inodes linked into directory hierarchy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53695",
"datePublished": "2025-10-22T13:23:36.524Z",
"dateReserved": "2025-10-22T13:21:37.344Z",
"dateUpdated": "2025-10-22T13:23:36.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50558 (GCVE-0-2022-50558)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode
Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq
types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq:
Deprecate type registers and virtual registers") suggested to replace
num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified
to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335:
Convert irq chip to config regs") removed the old num_type_reg property
from the WCD9335 driver's struct regmap_irq_chip, causing a null pointer
dereference in regmap_irq_set_type when it tried to index d->type_buf as
it was never allocated in regmap_add_irq_chip_fwnode:
[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 39.200006] Call trace:
[ 39.200014] regmap_irq_set_type+0x84/0x1c0
[ 39.200026] __irq_set_trigger+0x60/0x1c0
[ 39.200040] __setup_irq+0x2f4/0x78c
[ 39.200051] request_threaded_irq+0xe8/0x1a0
Use num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg,
and fall back to it if num_config_regs isn't defined to maintain backward
compatibility.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap-irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "57bb34330c0fc70bb4ab96399a3c1b80e73e9d49",
"status": "affected",
"version": "faa87ce9196dbb074d75bd4aecb8bacf18f19b4e",
"versionType": "git"
},
{
"lessThan": "961db32e52f4d34a9a95939a30393fd190397f84",
"status": "affected",
"version": "faa87ce9196dbb074d75bd4aecb8bacf18f19b4e",
"versionType": "git"
},
{
"lessThan": "84498d1fb35de6ab71bdfdb6270a464fb4a0951b",
"status": "affected",
"version": "faa87ce9196dbb074d75bd4aecb8bacf18f19b4e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap-irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode\n\nCommit faa87ce9196d (\"regmap-irq: Introduce config registers for irq\ntypes\") added the num_config_regs, then commit 9edd4f5aee84 (\"regmap-irq:\nDeprecate type registers and virtual registers\") suggested to replace\nnum_type_reg with it. However, regmap_add_irq_chip_fwnode wasn\u0027t modified\nto use the new property. Later on, commit 255a03bb1bb3 (\"ASoC: wcd9335:\nConvert irq chip to config regs\") removed the old num_type_reg property\nfrom the WCD9335 driver\u0027s struct regmap_irq_chip, causing a null pointer\ndereference in regmap_irq_set_type when it tried to index d-\u003etype_buf as\nit was never allocated in regmap_add_irq_chip_fwnode:\n\n[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n\n[ 39.200006] Call trace:\n[ 39.200014] regmap_irq_set_type+0x84/0x1c0\n[ 39.200026] __irq_set_trigger+0x60/0x1c0\n[ 39.200040] __setup_irq+0x2f4/0x78c\n[ 39.200051] request_threaded_irq+0xe8/0x1a0\n\nUse num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg,\nand fall back to it if num_config_regs isn\u0027t defined to maintain backward\ncompatibility."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:18.717Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/57bb34330c0fc70bb4ab96399a3c1b80e73e9d49"
},
{
"url": "https://git.kernel.org/stable/c/961db32e52f4d34a9a95939a30393fd190397f84"
},
{
"url": "https://git.kernel.org/stable/c/84498d1fb35de6ab71bdfdb6270a464fb4a0951b"
}
],
"title": "regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50558",
"datePublished": "2025-10-22T13:23:18.717Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:18.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53725 (GCVE-0-2023-53725)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
Smatch reports:
drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()
warn: 'timer_baseaddr' from of_iomap() not released on lines: 498,508,516.
timer_baseaddr may have the problem of not being released after use,
I replaced it with the devm_of_iomap() function and added the clk_put()
function to cleanup the "clk_ce" and "clk_cs".
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c Version: e932900a3279b5dbb6d8f43c7b369003620e137c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clocksource/timer-cadence-ttc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e0a9cc90ea44a50d76a84f9f9bf1703d31fe45e9",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "54cc10a0f4b01b522e9519014200f1b33bf7e4aa",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "ebdff0986513a29be242aace0ef89b6c105b0bf0",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "289e2054eeb63c9e133960731c342eeffad218d3",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "919dd531ebb7514f205ae7aab87994337ebce1f6",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "67d7eebbc424935dec61fb352d1ccae5d16cf429",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "99744200f28b2cf5f50767447e51b4b4a977d145",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
},
{
"lessThan": "8b5bf64c89c7100c921bd807ba39b2eb003061ab",
"status": "affected",
"version": "e932900a3279b5dbb6d8f43c7b369003620e137c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clocksource/timer-cadence-ttc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.291",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.251",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.121",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\"."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:55.200Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e0a9cc90ea44a50d76a84f9f9bf1703d31fe45e9"
},
{
"url": "https://git.kernel.org/stable/c/54cc10a0f4b01b522e9519014200f1b33bf7e4aa"
},
{
"url": "https://git.kernel.org/stable/c/ebdff0986513a29be242aace0ef89b6c105b0bf0"
},
{
"url": "https://git.kernel.org/stable/c/289e2054eeb63c9e133960731c342eeffad218d3"
},
{
"url": "https://git.kernel.org/stable/c/919dd531ebb7514f205ae7aab87994337ebce1f6"
},
{
"url": "https://git.kernel.org/stable/c/67d7eebbc424935dec61fb352d1ccae5d16cf429"
},
{
"url": "https://git.kernel.org/stable/c/99744200f28b2cf5f50767447e51b4b4a977d145"
},
{
"url": "https://git.kernel.org/stable/c/8b5bf64c89c7100c921bd807ba39b2eb003061ab"
}
],
"title": "clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53725",
"datePublished": "2025-10-22T13:23:55.200Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:55.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53696 (GCVE-0-2023-53696)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
There is a memory leak reported by kmemleak:
unreferenced object 0xffffc900003f0000 (size 12288):
comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110
[<0000000001906886>] __vmalloc_node+0xbd/0x150
[<000000005bb4dc34>] vmalloc+0x25/0x30
[<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]
[<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]
[<00000000641ccc04>] local_pci_probe+0xeb/0x1a0
The root cause is traced to an error-handling path in qla2x00_probe_one()
when the adapter "base_vha" initialize failed. The fab_scan_rp "scan.l" is
used to record the port information and it is allocated in
qla2x00_create_host(). However, it is not released in the error handling
path "probe_failed".
Fix this by freeing the memory of "scan.l" when an error occurs in the
adapter initialization process.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae73c4dd48f2c79d515d509a0cbe9efb0a197f44",
"status": "affected",
"version": "a4239945b8ad112fb914d0605c8f6c5fd3330f61",
"versionType": "git"
},
{
"lessThan": "44374911ac63f769c442f56fdfadea673c5f4425",
"status": "affected",
"version": "a4239945b8ad112fb914d0605c8f6c5fd3330f61",
"versionType": "git"
},
{
"lessThan": "582e35e97318ccd9c81774bac08938291679525f",
"status": "affected",
"version": "a4239945b8ad112fb914d0605c8f6c5fd3330f61",
"versionType": "git"
},
{
"lessThan": "85ade4010e13ef152ea925c74d94253db92e5428",
"status": "affected",
"version": "a4239945b8ad112fb914d0605c8f6c5fd3330f61",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.107",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.24",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.11",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in qla2x00_probe_one()\n\nThere is a memory leak reported by kmemleak:\n\n unreferenced object 0xffffc900003f0000 (size 12288):\n comm \"modprobe\", pid 19117, jiffies 4299751452 (age 42490.264s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000629261a8\u003e] __vmalloc_node_range+0xe56/0x1110\n [\u003c0000000001906886\u003e] __vmalloc_node+0xbd/0x150\n [\u003c000000005bb4dc34\u003e] vmalloc+0x25/0x30\n [\u003c00000000a2dc1194\u003e] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]\n [\u003c0000000062b14b47\u003e] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]\n [\u003c00000000641ccc04\u003e] local_pci_probe+0xeb/0x1a0\n\nThe root cause is traced to an error-handling path in qla2x00_probe_one()\nwhen the adapter \"base_vha\" initialize failed. The fab_scan_rp \"scan.l\" is\nused to record the port information and it is allocated in\nqla2x00_create_host(). However, it is not released in the error handling\npath \"probe_failed\".\n\nFix this by freeing the memory of \"scan.l\" when an error occurs in the\nadapter initialization process."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:37.110Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae73c4dd48f2c79d515d509a0cbe9efb0a197f44"
},
{
"url": "https://git.kernel.org/stable/c/44374911ac63f769c442f56fdfadea673c5f4425"
},
{
"url": "https://git.kernel.org/stable/c/582e35e97318ccd9c81774bac08938291679525f"
},
{
"url": "https://git.kernel.org/stable/c/85ade4010e13ef152ea925c74d94253db92e5428"
}
],
"title": "scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53696",
"datePublished": "2025-10-22T13:23:37.110Z",
"dateReserved": "2025-10-22T13:21:37.344Z",
"dateUpdated": "2025-10-22T13:23:37.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50559 (GCVE-0-2022-50559)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: scu: fix memleak on platform_device_add() fails
No error handling is performed when platform_device_add()
fails. Add error processing before return, and modified
the return value.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/imx/clk-scu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9209e6bab75d4008d9f4248c66008f3ffd24c931",
"status": "affected",
"version": "77d8f3068c63ee0983f0b5ba3207d3f7cce11be4",
"versionType": "git"
},
{
"lessThan": "43c589b7a187ef481b594317eaab8c8f269e4a68",
"status": "affected",
"version": "77d8f3068c63ee0983f0b5ba3207d3f7cce11be4",
"versionType": "git"
},
{
"lessThan": "05fe0b3d69b8e094db207648ab21cade56d71cd8",
"status": "affected",
"version": "77d8f3068c63ee0983f0b5ba3207d3f7cce11be4",
"versionType": "git"
},
{
"lessThan": "855ae87a2073ebf1b395e020de54fdf9ce7d166f",
"status": "affected",
"version": "77d8f3068c63ee0983f0b5ba3207d3f7cce11be4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/imx/clk-scu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: fix memleak on platform_device_add() fails\n\nNo error handling is performed when platform_device_add()\nfails. Add error processing before return, and modified\nthe return value."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:19.290Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9209e6bab75d4008d9f4248c66008f3ffd24c931"
},
{
"url": "https://git.kernel.org/stable/c/43c589b7a187ef481b594317eaab8c8f269e4a68"
},
{
"url": "https://git.kernel.org/stable/c/05fe0b3d69b8e094db207648ab21cade56d71cd8"
},
{
"url": "https://git.kernel.org/stable/c/855ae87a2073ebf1b395e020de54fdf9ce7d166f"
}
],
"title": "clk: imx: scu: fix memleak on platform_device_add() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50559",
"datePublished": "2025-10-22T13:23:19.290Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:19.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53726 (GCVE-0-2023-53726)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: csum: Fix OoB access in IP checksum code for negative lengths
Although commit c2c24edb1d9c ("arm64: csum: Fix pathological zero-length
calls") added an early return for zero-length input, syzkaller has
popped up with an example of a _negative_ length which causes an
undefined shift and an out-of-bounds read:
| BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39
| Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975
|
| CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0
| Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
| Call trace:
| dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
| show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
| __dump_stack lib/dump_stack.c:88 [inline]
| dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
| print_address_description mm/kasan/report.c:351 [inline]
| print_report+0x174/0x514 mm/kasan/report.c:462
| kasan_report+0xd4/0x130 mm/kasan/report.c:572
| kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187
| __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31
| do_csum+0x44/0x254 arch/arm64/lib/csum.c:39
| csum_partial+0x30/0x58 lib/checksum.c:128
| gso_make_checksum include/linux/skbuff.h:4928 [inline]
| __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332
| udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47
| ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119
| skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141
| __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401
| skb_gso_segment include/linux/netdevice.h:4859 [inline]
| validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659
| validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709
| sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327
| __dev_xmit_skb net/core/dev.c:3805 [inline]
| __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210
| dev_queue_xmit include/linux/netdevice.h:3085 [inline]
| packet_xmit+0x6c/0x318 net/packet/af_packet.c:276
| packet_snd net/packet/af_packet.c:3081 [inline]
| packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113
| sock_sendmsg_nosec net/socket.c:724 [inline]
| sock_sendmsg net/socket.c:747 [inline]
| __sys_sendto+0x3b4/0x538 net/socket.c:2144
Extend the early return to reject negative lengths as well, aligning our
implementation with the generic code in lib/checksum.c
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e Version: 5777eaed566a1d63e344d3dd8f2b5e33be20643e |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/lib/csum.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a85727239a23de1cc8d93985f1056308128f3e2",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
},
{
"lessThan": "9a43563cfd6b9200ff2f76b3f9fcdcb217ceb523",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
},
{
"lessThan": "ba0b46166b8e547024d02345a68b747841931ad2",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
},
{
"lessThan": "a5ad2f87d8e74e351d3f500ad9d5b3a5653e1c6f",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
},
{
"lessThan": "fcdf904e866de0e3715835e50409fda3b2590527",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
},
{
"lessThan": "8bd795fedb8450ecbef18eeadbd23ed8fc7630f5",
"status": "affected",
"version": "5777eaed566a1d63e344d3dd8f2b5e33be20643e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/lib/csum.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.195",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.132",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.53",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.16",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:55.896Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a85727239a23de1cc8d93985f1056308128f3e2"
},
{
"url": "https://git.kernel.org/stable/c/9a43563cfd6b9200ff2f76b3f9fcdcb217ceb523"
},
{
"url": "https://git.kernel.org/stable/c/ba0b46166b8e547024d02345a68b747841931ad2"
},
{
"url": "https://git.kernel.org/stable/c/a5ad2f87d8e74e351d3f500ad9d5b3a5653e1c6f"
},
{
"url": "https://git.kernel.org/stable/c/fcdf904e866de0e3715835e50409fda3b2590527"
},
{
"url": "https://git.kernel.org/stable/c/8bd795fedb8450ecbef18eeadbd23ed8fc7630f5"
}
],
"title": "arm64: csum: Fix OoB access in IP checksum code for negative lengths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53726",
"datePublished": "2025-10-22T13:23:55.896Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:55.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53692 (GCVE-0-2023-53692)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
Syzbot found the following issue:
loop0: detected capacity change from 0 to 2048
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.
==================================================================
BUG: KASAN: use-after-free in ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]
BUG: KASAN: use-after-free in ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931
Read of size 4 at addr ffff888073644750 by task syz-executor420/5067
CPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:306
print_report+0x107/0x1f0 mm/kasan/report.c:417
kasan_report+0xcd/0x100 mm/kasan/report.c:517
ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]
ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931
ext4_clu_mapped+0x117/0x970 fs/ext4/extents.c:5809
ext4_insert_delayed_block fs/ext4/inode.c:1696 [inline]
ext4_da_map_blocks fs/ext4/inode.c:1806 [inline]
ext4_da_get_block_prep+0x9e8/0x13c0 fs/ext4/inode.c:1870
ext4_block_write_begin+0x6a8/0x2290 fs/ext4/inode.c:1098
ext4_da_write_begin+0x539/0x760 fs/ext4/inode.c:3082
generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:285
ext4_file_write_iter+0x1d0/0x18f0
call_write_iter include/linux/fs.h:2186 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7dc/0xc50 fs/read_write.c:584
ksys_write+0x177/0x2a0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f4b7a9737b9
RSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9
RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004
RBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Above issue is happens when enable bigalloc and inline data feature. As
commit 131294c35ed6 fixed delayed allocation bug in ext4_clu_mapped for
bigalloc + inline. But it only resolved issue when has inline data, if
inline data has been converted to extent(ext4_da_convert_inline_data_to_extent)
before writepages, there is no EXT4_STATE_MAY_INLINE_DATA flag. However
i_data is still store inline data in this scene. Then will trigger UAF
when find extent.
To resolve above issue, there is need to add judge "ext4_has_inline_data(inode)"
in ext4_clu_mapped().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6f4200ec76a0d31200c308ec5a71c68df5417004 Version: 9404839e0c9db5a517ea83c0ca3388b39d105fdf Version: d440d6427a5e3a877c1c259b8d2b216ddb65e185 Version: 81b915181c630ee1cffa052e52874fe4e1ba91ac Version: 131294c35ed6f777bd4e79d42af13b5c41bf2775 Version: 131294c35ed6f777bd4e79d42af13b5c41bf2775 Version: 131294c35ed6f777bd4e79d42af13b5c41bf2775 Version: c0c8edbc8abbe8f16d80a1d794d1ba2c12b6f193 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a34f6dcb78c654ab905642c1b4e7e5fbb4f0babe",
"status": "affected",
"version": "6f4200ec76a0d31200c308ec5a71c68df5417004",
"versionType": "git"
},
{
"lessThan": "770b0613637f59f3091dda1ff0c23671a5326b9c",
"status": "affected",
"version": "9404839e0c9db5a517ea83c0ca3388b39d105fdf",
"versionType": "git"
},
{
"lessThan": "40566def189c513be2c694681256d7486cc6e368",
"status": "affected",
"version": "d440d6427a5e3a877c1c259b8d2b216ddb65e185",
"versionType": "git"
},
{
"lessThan": "96d440bee177669dc0acedca0abd73bae6a9be8b",
"status": "affected",
"version": "81b915181c630ee1cffa052e52874fe4e1ba91ac",
"versionType": "git"
},
{
"lessThan": "11c87c8df2cae1d6be83c07e59fef0792de73482",
"status": "affected",
"version": "131294c35ed6f777bd4e79d42af13b5c41bf2775",
"versionType": "git"
},
{
"lessThan": "14da044725a3ab10affa3566d29c15737c0e67a4",
"status": "affected",
"version": "131294c35ed6f777bd4e79d42af13b5c41bf2775",
"versionType": "git"
},
{
"lessThan": "835659598c67907b98cd2aa57bb951dfaf675c69",
"status": "affected",
"version": "131294c35ed6f777bd4e79d42af13b5c41bf2775",
"versionType": "git"
},
{
"status": "affected",
"version": "c0c8edbc8abbe8f16d80a1d794d1ba2c12b6f193",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.243",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.243",
"versionStartIncluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.180",
"versionStartIncluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.111",
"versionStartIncluding": "5.15.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.28",
"versionStartIncluding": "6.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.15",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free read in ext4_find_extent for bigalloc + inline\n\nSyzbot found the following issue:\nloop0: detected capacity change from 0 to 2048\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\n==================================================================\nBUG: KASAN: use-after-free in ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]\nBUG: KASAN: use-after-free in ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931\nRead of size 4 at addr ffff888073644750 by task syz-executor420/5067\n\nCPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:306\n print_report+0x107/0x1f0 mm/kasan/report.c:417\n kasan_report+0xcd/0x100 mm/kasan/report.c:517\n ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline]\n ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931\n ext4_clu_mapped+0x117/0x970 fs/ext4/extents.c:5809\n ext4_insert_delayed_block fs/ext4/inode.c:1696 [inline]\n ext4_da_map_blocks fs/ext4/inode.c:1806 [inline]\n ext4_da_get_block_prep+0x9e8/0x13c0 fs/ext4/inode.c:1870\n ext4_block_write_begin+0x6a8/0x2290 fs/ext4/inode.c:1098\n ext4_da_write_begin+0x539/0x760 fs/ext4/inode.c:3082\n generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:285\n ext4_file_write_iter+0x1d0/0x18f0\n call_write_iter include/linux/fs.h:2186 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f4b7a9737b9\nRSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9\nRDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004\nRBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000\nR10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAbove issue is happens when enable bigalloc and inline data feature. As\ncommit 131294c35ed6 fixed delayed allocation bug in ext4_clu_mapped for\nbigalloc + inline. But it only resolved issue when has inline data, if\ninline data has been converted to extent(ext4_da_convert_inline_data_to_extent)\nbefore writepages, there is no EXT4_STATE_MAY_INLINE_DATA flag. However\ni_data is still store inline data in this scene. Then will trigger UAF\nwhen find extent.\nTo resolve above issue, there is need to add judge \"ext4_has_inline_data(inode)\"\nin ext4_clu_mapped()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:34.702Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a34f6dcb78c654ab905642c1b4e7e5fbb4f0babe"
},
{
"url": "https://git.kernel.org/stable/c/770b0613637f59f3091dda1ff0c23671a5326b9c"
},
{
"url": "https://git.kernel.org/stable/c/40566def189c513be2c694681256d7486cc6e368"
},
{
"url": "https://git.kernel.org/stable/c/96d440bee177669dc0acedca0abd73bae6a9be8b"
},
{
"url": "https://git.kernel.org/stable/c/11c87c8df2cae1d6be83c07e59fef0792de73482"
},
{
"url": "https://git.kernel.org/stable/c/14da044725a3ab10affa3566d29c15737c0e67a4"
},
{
"url": "https://git.kernel.org/stable/c/835659598c67907b98cd2aa57bb951dfaf675c69"
}
],
"title": "ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53692",
"datePublished": "2025-10-22T13:23:34.702Z",
"dateReserved": "2025-10-22T13:21:37.344Z",
"dateUpdated": "2025-10-22T13:23:34.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50560 (GCVE-0-2022-50560)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/meson: explicitly remove aggregate driver at module unload time
Because component_master_del wasn't being called when unloading the
meson_drm module, the aggregate device would linger forever in the global
aggregate_devices list. That means when unloading and reloading the
meson_dw_hdmi module, component_add would call into
try_to_bring_up_aggregate_device and find the unbound meson_drm aggregate
device.
This would in turn dereference some of the aggregate_device's struct
entries which point to memory automatically freed by the devres API when
unbinding the aggregate device from meson_drv_unbind, and trigger an
use-after-free bug:
[ +0.000014] =============================================================
[ +0.000007] BUG: KASAN: use-after-free in find_components+0x468/0x500
[ +0.000017] Read of size 8 at addr ffff000006731688 by task modprobe/2536
[ +0.000018] CPU: 4 PID: 2536 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1
[ +0.000010] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ +0.000008] Call trace:
[ +0.000005] dump_backtrace+0x1ec/0x280
[ +0.000011] show_stack+0x24/0x80
[ +0.000007] dump_stack_lvl+0x98/0xd4
[ +0.000010] print_address_description.constprop.0+0x80/0x520
[ +0.000011] print_report+0x128/0x260
[ +0.000007] kasan_report+0xb8/0xfc
[ +0.000007] __asan_report_load8_noabort+0x3c/0x50
[ +0.000009] find_components+0x468/0x500
[ +0.000008] try_to_bring_up_aggregate_device+0x64/0x390
[ +0.000009] __component_add+0x1dc/0x49c
[ +0.000009] component_add+0x20/0x30
[ +0.000008] meson_dw_hdmi_probe+0x28/0x34 [meson_dw_hdmi]
[ +0.000013] platform_probe+0xd0/0x220
[ +0.000008] really_probe+0x3ac/0xa80
[ +0.000008] __driver_probe_device+0x1f8/0x400
[ +0.000008] driver_probe_device+0x68/0x1b0
[ +0.000008] __driver_attach+0x20c/0x480
[ +0.000009] bus_for_each_dev+0x114/0x1b0
[ +0.000007] driver_attach+0x48/0x64
[ +0.000009] bus_add_driver+0x390/0x564
[ +0.000007] driver_register+0x1a8/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000007] meson_dw_hdmi_platform_driver_init+0x30/0x1000 [meson_dw_hdmi]
[ +0.000014] do_one_initcall+0xc4/0x2b0
[ +0.000008] do_init_module+0x154/0x570
[ +0.000010] load_module+0x1a78/0x1ea4
[ +0.000008] __do_sys_init_module+0x184/0x1cc
[ +0.000008] __arm64_sys_init_module+0x78/0xb0
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000008] el0_svc+0x68/0x1a0
[ +0.000009] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000014] Allocated by task 902:
[ +0.000007] kasan_save_stack+0x2c/0x5c
[ +0.000009] __kasan_kmalloc+0x90/0xd0
[ +0.000007] __kmalloc_node+0x240/0x580
[ +0.000010] memcg_alloc_slab_cgroups+0xa4/0x1ac
[ +0.000010] memcg_slab_post_alloc_hook+0xbc/0x4c0
[ +0.000008] kmem_cache_alloc_node+0x1d0/0x490
[ +0.000009] __alloc_skb+0x1d4/0x310
[ +0.000010] alloc_skb_with_frags+0x8c/0x620
[ +0.000008] sock_alloc_send_pskb+0x5ac/0x6d0
[ +0.000010] unix_dgram_sendmsg+0x2e0/0x12f0
[ +0.000010] sock_sendmsg+0xcc/0x110
[ +0.000007] sock_write_iter+0x1d0/0x304
[ +0.000008] new_sync_write+0x364/0x460
[ +0.000007] vfs_write+0x420/0x5ac
[ +0.000008] ksys_write+0x19c/0x1f0
[ +0.000008] __arm64_sys_write+0x78/0xb0
[ +0.000007] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0x1a8/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000008] el0t_64_sync+0x18c/0x190
[ +0.000013] Freed by task 2509:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000007] kasan_set_track+0x2c/0x40
[ +0.000008] kasan_set_free_info+0x28/0x50
[ +0.000008] ____kasan_slab_free+0x128/0x1d4
[ +0.000008] __kasan_slab_free+0x18/0x24
[ +0.000007] slab_free_freelist_hook+0x108/0x230
[ +0.000010]
---truncated---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/meson/meson_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a427a22839daacd36531a62c83d5c9cd6f20657",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "587c7da877219e6185217bf64418e62e114dab1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f11aa996fc01888f870be0e79ba71526888c0d8a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6ef20de2fe0ee1decedbfabb17782897ca27bfe5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8616f2a0589a80e08434212324250eb22f6a66ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/meson/meson_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: explicitly remove aggregate driver at module unload time\n\nBecause component_master_del wasn\u0027t being called when unloading the\nmeson_drm module, the aggregate device would linger forever in the global\naggregate_devices list. That means when unloading and reloading the\nmeson_dw_hdmi module, component_add would call into\ntry_to_bring_up_aggregate_device and find the unbound meson_drm aggregate\ndevice.\n\nThis would in turn dereference some of the aggregate_device\u0027s struct\nentries which point to memory automatically freed by the devres API when\nunbinding the aggregate device from meson_drv_unbind, and trigger an\nuse-after-free bug:\n\n[ +0.000014] =============================================================\n[ +0.000007] BUG: KASAN: use-after-free in find_components+0x468/0x500\n[ +0.000017] Read of size 8 at addr ffff000006731688 by task modprobe/2536\n[ +0.000018] CPU: 4 PID: 2536 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1\n[ +0.000010] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[ +0.000008] Call trace:\n[ +0.000005] dump_backtrace+0x1ec/0x280\n[ +0.000011] show_stack+0x24/0x80\n[ +0.000007] dump_stack_lvl+0x98/0xd4\n[ +0.000010] print_address_description.constprop.0+0x80/0x520\n[ +0.000011] print_report+0x128/0x260\n[ +0.000007] kasan_report+0xb8/0xfc\n[ +0.000007] __asan_report_load8_noabort+0x3c/0x50\n[ +0.000009] find_components+0x468/0x500\n[ +0.000008] try_to_bring_up_aggregate_device+0x64/0x390\n[ +0.000009] __component_add+0x1dc/0x49c\n[ +0.000009] component_add+0x20/0x30\n[ +0.000008] meson_dw_hdmi_probe+0x28/0x34 [meson_dw_hdmi]\n[ +0.000013] platform_probe+0xd0/0x220\n[ +0.000008] really_probe+0x3ac/0xa80\n[ +0.000008] __driver_probe_device+0x1f8/0x400\n[ +0.000008] driver_probe_device+0x68/0x1b0\n[ +0.000008] __driver_attach+0x20c/0x480\n[ +0.000009] bus_for_each_dev+0x114/0x1b0\n[ +0.000007] driver_attach+0x48/0x64\n[ +0.000009] bus_add_driver+0x390/0x564\n[ +0.000007] driver_register+0x1a8/0x3e4\n[ +0.000009] __platform_driver_register+0x6c/0x94\n[ +0.000007] meson_dw_hdmi_platform_driver_init+0x30/0x1000 [meson_dw_hdmi]\n[ +0.000014] do_one_initcall+0xc4/0x2b0\n[ +0.000008] do_init_module+0x154/0x570\n[ +0.000010] load_module+0x1a78/0x1ea4\n[ +0.000008] __do_sys_init_module+0x184/0x1cc\n[ +0.000008] __arm64_sys_init_module+0x78/0xb0\n[ +0.000008] invoke_syscall+0x74/0x260\n[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260\n[ +0.000009] do_el0_svc+0x50/0x70\n[ +0.000008] el0_svc+0x68/0x1a0\n[ +0.000009] el0t_64_sync_handler+0x11c/0x150\n[ +0.000009] el0t_64_sync+0x18c/0x190\n\n[ +0.000014] Allocated by task 902:\n[ +0.000007] kasan_save_stack+0x2c/0x5c\n[ +0.000009] __kasan_kmalloc+0x90/0xd0\n[ +0.000007] __kmalloc_node+0x240/0x580\n[ +0.000010] memcg_alloc_slab_cgroups+0xa4/0x1ac\n[ +0.000010] memcg_slab_post_alloc_hook+0xbc/0x4c0\n[ +0.000008] kmem_cache_alloc_node+0x1d0/0x490\n[ +0.000009] __alloc_skb+0x1d4/0x310\n[ +0.000010] alloc_skb_with_frags+0x8c/0x620\n[ +0.000008] sock_alloc_send_pskb+0x5ac/0x6d0\n[ +0.000010] unix_dgram_sendmsg+0x2e0/0x12f0\n[ +0.000010] sock_sendmsg+0xcc/0x110\n[ +0.000007] sock_write_iter+0x1d0/0x304\n[ +0.000008] new_sync_write+0x364/0x460\n[ +0.000007] vfs_write+0x420/0x5ac\n[ +0.000008] ksys_write+0x19c/0x1f0\n[ +0.000008] __arm64_sys_write+0x78/0xb0\n[ +0.000007] invoke_syscall+0x74/0x260\n[ +0.000008] el0_svc_common.constprop.0+0x1a8/0x260\n[ +0.000009] do_el0_svc+0x50/0x70\n[ +0.000007] el0_svc+0x68/0x1a0\n[ +0.000008] el0t_64_sync_handler+0x11c/0x150\n[ +0.000008] el0t_64_sync+0x18c/0x190\n\n[ +0.000013] Freed by task 2509:\n[ +0.000008] kasan_save_stack+0x2c/0x5c\n[ +0.000007] kasan_set_track+0x2c/0x40\n[ +0.000008] kasan_set_free_info+0x28/0x50\n[ +0.000008] ____kasan_slab_free+0x128/0x1d4\n[ +0.000008] __kasan_slab_free+0x18/0x24\n[ +0.000007] slab_free_freelist_hook+0x108/0x230\n[ +0.000010] \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:20.117Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a427a22839daacd36531a62c83d5c9cd6f20657"
},
{
"url": "https://git.kernel.org/stable/c/587c7da877219e6185217bf64418e62e114dab1e"
},
{
"url": "https://git.kernel.org/stable/c/f11aa996fc01888f870be0e79ba71526888c0d8a"
},
{
"url": "https://git.kernel.org/stable/c/6ef20de2fe0ee1decedbfabb17782897ca27bfe5"
},
{
"url": "https://git.kernel.org/stable/c/8616f2a0589a80e08434212324250eb22f6a66ce"
}
],
"title": "drm/meson: explicitly remove aggregate driver at module unload time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50560",
"datePublished": "2025-10-22T13:23:20.117Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:20.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53711 (GCVE-0-2023-53711)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a potential data corruption
We must ensure that the subrequests are joined back into the head before
we can retransmit a request. If the head was not on the commit lists,
because the server wrote it synchronously, we still need to add it back
to the retransmission list.
Add a call that mirrors the effect of nfs_cancel_remove_inode() for
O_DIRECT.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4185605cd0f72ec8bf8b423aacd94cd5ee13bbcf",
"status": "affected",
"version": "ed5d588fe47feef290f271022820e255d8371561",
"versionType": "git"
},
{
"lessThan": "da302f1d476a44245823a74546debb5d160bf5bd",
"status": "affected",
"version": "ed5d588fe47feef290f271022820e255d8371561",
"versionType": "git"
},
{
"lessThan": "dac14a1dbe20e003215dacb8a3a1a7e4ca4e0ad0",
"status": "affected",
"version": "ed5d588fe47feef290f271022820e255d8371561",
"versionType": "git"
},
{
"lessThan": "0ec26716e45d615edfff46012e7dedcc0ac5f7ab",
"status": "affected",
"version": "ed5d588fe47feef290f271022820e255d8371561",
"versionType": "git"
},
{
"lessThan": "88975a55969e11f26fe3846bf4fbf8e7dc8cbbd4",
"status": "affected",
"version": "ed5d588fe47feef290f271022820e255d8371561",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.195",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.132",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.54",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:46.458Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4185605cd0f72ec8bf8b423aacd94cd5ee13bbcf"
},
{
"url": "https://git.kernel.org/stable/c/da302f1d476a44245823a74546debb5d160bf5bd"
},
{
"url": "https://git.kernel.org/stable/c/dac14a1dbe20e003215dacb8a3a1a7e4ca4e0ad0"
},
{
"url": "https://git.kernel.org/stable/c/0ec26716e45d615edfff46012e7dedcc0ac5f7ab"
},
{
"url": "https://git.kernel.org/stable/c/88975a55969e11f26fe3846bf4fbf8e7dc8cbbd4"
}
],
"title": "NFS: Fix a potential data corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53711",
"datePublished": "2025-10-22T13:23:46.458Z",
"dateReserved": "2025-10-22T13:21:37.346Z",
"dateUpdated": "2025-10-22T13:23:46.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50563 (GCVE-0-2022-50563)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm thin: Fix UAF in run_timer_softirq()
When dm_resume() and dm_destroy() are concurrent, it will
lead to UAF, as follows:
BUG: KASAN: use-after-free in __run_timers+0x173/0x710
Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0
<snip>
Call Trace:
<IRQ>
dump_stack_lvl+0x73/0x9f
print_report.cold+0x132/0xaa2
_raw_spin_lock_irqsave+0xcd/0x160
__run_timers+0x173/0x710
kasan_report+0xad/0x110
__run_timers+0x173/0x710
__asan_store8+0x9c/0x140
__run_timers+0x173/0x710
call_timer_fn+0x310/0x310
pvclock_clocksource_read+0xfa/0x250
kvm_clock_read+0x2c/0x70
kvm_clock_get_cycles+0xd/0x20
ktime_get+0x5c/0x110
lapic_next_event+0x38/0x50
clockevents_program_event+0xf1/0x1e0
run_timer_softirq+0x49/0x90
__do_softirq+0x16e/0x62c
__irq_exit_rcu+0x1fa/0x270
irq_exit_rcu+0x12/0x20
sysvec_apic_timer_interrupt+0x8e/0xc0
One of the concurrency UAF can be shown as below:
use free
do_resume |
__find_device_hash_cell |
dm_get |
atomic_inc(&md->holders) |
| dm_destroy
| __dm_destroy
| if (!dm_suspended_md(md))
| atomic_read(&md->holders)
| msleep(1)
dm_resume |
__dm_resume |
dm_table_resume_targets |
pool_resume |
do_waker #add delay work |
dm_put |
atomic_dec(&md->holders) |
| dm_table_destroy
| pool_dtr
| __pool_dec
| __pool_destroy
| destroy_workqueue
| kfree(pool) # free pool
time out
__do_softirq
run_timer_softirq # pool has already been freed
This can be easily reproduced using:
1. create thin-pool
2. dmsetup suspend pool
3. dmsetup resume pool
4. dmsetup remove_all # Concurrent with 3
The root cause of this UAF bug is that dm_resume() adds timer after
dm_destroy() skips cancelling the timer because of suspend status.
After timeout, it will call run_timer_softirq(), however pool has
already been freed. The concurrency UAF bug will happen.
Therefore, cancelling timer again in __pool_destroy().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 Version: 991d9fa02da0dd1f843dc011376965e0c8c6c9b5 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-thin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ee059d06a5d3c15465959e0472993e80fbe4e81",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "550a4fac7ecfee5bac6a0dd772456ca62fb72f46",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "e8b8e0d2bbf7d1172c4f435621418e29ee408d46",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "7ae6aa649394e1e7f6dafb55ce0d578c0572a280",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "34fe9c2251f19786a6689149a6212c6c0de1d63b",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "34cd15d83b7206188d440b29b68084fcafde9395",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "94e231c9d6f2648d2f1f68e7f476e050ee0a6159",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "d9971fa4d8bde63d49c743c1b32d12fbbd3a30bd",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
},
{
"lessThan": "88430ebcbc0ec637b710b947738839848c20feff",
"status": "affected",
"version": "991d9fa02da0dd1f843dc011376965e0c8c6c9b5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-thin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.87",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: Fix UAF in run_timer_softirq()\n\nWhen dm_resume() and dm_destroy() are concurrent, it will\nlead to UAF, as follows:\n\n BUG: KASAN: use-after-free in __run_timers+0x173/0x710\n Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0\n\u003csnip\u003e\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x73/0x9f\n print_report.cold+0x132/0xaa2\n _raw_spin_lock_irqsave+0xcd/0x160\n __run_timers+0x173/0x710\n kasan_report+0xad/0x110\n __run_timers+0x173/0x710\n __asan_store8+0x9c/0x140\n __run_timers+0x173/0x710\n call_timer_fn+0x310/0x310\n pvclock_clocksource_read+0xfa/0x250\n kvm_clock_read+0x2c/0x70\n kvm_clock_get_cycles+0xd/0x20\n ktime_get+0x5c/0x110\n lapic_next_event+0x38/0x50\n clockevents_program_event+0xf1/0x1e0\n run_timer_softirq+0x49/0x90\n __do_softirq+0x16e/0x62c\n __irq_exit_rcu+0x1fa/0x270\n irq_exit_rcu+0x12/0x20\n sysvec_apic_timer_interrupt+0x8e/0xc0\n\nOne of the concurrency UAF can be shown as below:\n\n use free\ndo_resume |\n __find_device_hash_cell |\n dm_get |\n atomic_inc(\u0026md-\u003eholders) |\n | dm_destroy\n | __dm_destroy\n | if (!dm_suspended_md(md))\n | atomic_read(\u0026md-\u003eholders)\n | msleep(1)\n dm_resume |\n __dm_resume |\n dm_table_resume_targets |\n pool_resume |\n do_waker #add delay work |\n dm_put |\n atomic_dec(\u0026md-\u003eholders) |\n | dm_table_destroy\n | pool_dtr\n | __pool_dec\n | __pool_destroy\n | destroy_workqueue\n | kfree(pool) # free pool\n time out\n__do_softirq\n run_timer_softirq # pool has already been freed\n\nThis can be easily reproduced using:\n 1. create thin-pool\n 2. dmsetup suspend pool\n 3. dmsetup resume pool\n 4. dmsetup remove_all # Concurrent with 3\n\nThe root cause of this UAF bug is that dm_resume() adds timer after\ndm_destroy() skips cancelling the timer because of suspend status.\nAfter timeout, it will call run_timer_softirq(), however pool has\nalready been freed. The concurrency UAF bug will happen.\n\nTherefore, cancelling timer again in __pool_destroy()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:22.080Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ee059d06a5d3c15465959e0472993e80fbe4e81"
},
{
"url": "https://git.kernel.org/stable/c/550a4fac7ecfee5bac6a0dd772456ca62fb72f46"
},
{
"url": "https://git.kernel.org/stable/c/e8b8e0d2bbf7d1172c4f435621418e29ee408d46"
},
{
"url": "https://git.kernel.org/stable/c/7ae6aa649394e1e7f6dafb55ce0d578c0572a280"
},
{
"url": "https://git.kernel.org/stable/c/34fe9c2251f19786a6689149a6212c6c0de1d63b"
},
{
"url": "https://git.kernel.org/stable/c/34cd15d83b7206188d440b29b68084fcafde9395"
},
{
"url": "https://git.kernel.org/stable/c/94e231c9d6f2648d2f1f68e7f476e050ee0a6159"
},
{
"url": "https://git.kernel.org/stable/c/d9971fa4d8bde63d49c743c1b32d12fbbd3a30bd"
},
{
"url": "https://git.kernel.org/stable/c/88430ebcbc0ec637b710b947738839848c20feff"
}
],
"title": "dm thin: Fix UAF in run_timer_softirq()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50563",
"datePublished": "2025-10-22T13:23:22.080Z",
"dateReserved": "2025-10-22T13:20:23.759Z",
"dateUpdated": "2025-10-22T13:23:22.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53713 (GCVE-0-2023-53713)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: sme: Use STR P to clear FFR context field in streaming SVE mode
The FFR is a predicate register which can vary between 16 and 256 bits
in size depending upon the configured vector length. When saving the
SVE state in streaming SVE mode, the FFR register is inaccessible and
so commit 9f5848665788 ("arm64/sve: Make access to FFR optional") simply
clears the FFR field of the in-memory context structure. Unfortunately,
it achieves this using an unconditional 8-byte store and so if the SME
vector length is anything other than 64 bytes in size we will either
fail to clear the entire field or, worse, we will corrupt memory
immediately following the structure. This has led to intermittent kfence
splats in CI [1] and can trigger kmalloc Redzone corruption messages
when running the 'fp-stress' kselftest:
| =============================================================================
| BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten
| -----------------------------------------------------------------------------
|
| 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc
| Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531
| __kmalloc+0x8c/0xcc
| do_sme_acc+0x9c/0x220
| ...
Replace the 8-byte store with a store of a predicate register which has
been zero-initialised with PFALSE, ensuring that the entire field is
cleared in memory.
[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/fpsimdmacros.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "97669214944e80d3756657c21c4f286f3da6a423",
"status": "affected",
"version": "9f5848665788a0f07bc175cb2cdd06d367b7556e",
"versionType": "git"
},
{
"lessThan": "8769a62faacbbb6cac5e35d9047ce445183d4e9f",
"status": "affected",
"version": "9f5848665788a0f07bc175cb2cdd06d367b7556e",
"versionType": "git"
},
{
"lessThan": "1403a899153a12d93fd510e463fd6d0eafba4336",
"status": "affected",
"version": "9f5848665788a0f07bc175cb2cdd06d367b7556e",
"versionType": "git"
},
{
"lessThan": "893b24181b4c4bf1fa2841b1ed192e5413a97cb1",
"status": "affected",
"version": "9f5848665788a0f07bc175cb2cdd06d367b7556e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/fpsimdmacros.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.39",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:47.720Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/97669214944e80d3756657c21c4f286f3da6a423"
},
{
"url": "https://git.kernel.org/stable/c/8769a62faacbbb6cac5e35d9047ce445183d4e9f"
},
{
"url": "https://git.kernel.org/stable/c/1403a899153a12d93fd510e463fd6d0eafba4336"
},
{
"url": "https://git.kernel.org/stable/c/893b24181b4c4bf1fa2841b1ed192e5413a97cb1"
}
],
"title": "arm64: sme: Use STR P to clear FFR context field in streaming SVE mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53713",
"datePublished": "2025-10-22T13:23:47.720Z",
"dateReserved": "2025-10-22T13:21:37.347Z",
"dateUpdated": "2025-10-22T13:23:47.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53723 (GCVE-0-2023-53723)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini,
driver unconditionally disables ecc_irq which is only enabled on
those asics enabling sdma ecc. This will introduce a warning in
suspend cycle on those chips with sdma ip v4.0, while without
sdma ecc. So this patch correct this.
[ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu]
[ 7283.167001] RSP: 0018:ffff9a5fc3967d08 EFLAGS: 00010246
[ 7283.167019] RAX: ffff98d88afd3770 RBX: 0000000000000001 RCX: 0000000000000000
[ 7283.167023] RDX: 0000000000000000 RSI: ffff98d89da30390 RDI: ffff98d89da20000
[ 7283.167025] RBP: ffff98d89da20000 R08: 0000000000036838 R09: 0000000000000006
[ 7283.167028] R10: ffffd5764243c008 R11: 0000000000000000 R12: ffff98d89da30390
[ 7283.167030] R13: ffff98d89da38978 R14: ffffffff999ae15a R15: ffff98d880130105
[ 7283.167032] FS: 0000000000000000(0000) GS:ffff98d996f00000(0000) knlGS:0000000000000000
[ 7283.167036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7283.167039] CR2: 00000000f7a9d178 CR3: 00000001c42ea000 CR4: 00000000003506e0
[ 7283.167041] Call Trace:
[ 7283.167046] <TASK>
[ 7283.167048] sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu]
[ 7283.167704] amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu]
[ 7283.168296] amdgpu_device_suspend+0x103/0x180 [amdgpu]
[ 7283.168875] amdgpu_pmops_freeze+0x21/0x60 [amdgpu]
[ 7283.169464] pci_pm_freeze+0x54/0xc0
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3decf3a750a924362bf4e2680dd3b07242fe56e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c1420276be7a98df0074584bb9c1709cbc1a9df5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "823787470e320f90372c3ef506769520026c571f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a179117a3b29e7136e4045c57090a05bb97f373",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71e1f44077db83e205db70a684c1f2c5d2247174",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c5123c193696bf97fdf259c825ebfac517b54e44",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b229ada2669b74fdae06c83fbfda5a5a99fc253",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.243",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend\n\nsdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini,\ndriver unconditionally disables ecc_irq which is only enabled on\nthose asics enabling sdma ecc. This will introduce a warning in\nsuspend cycle on those chips with sdma ip v4.0, while without\nsdma ecc. So this patch correct this.\n\n[ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu]\n[ 7283.167001] RSP: 0018:ffff9a5fc3967d08 EFLAGS: 00010246\n[ 7283.167019] RAX: ffff98d88afd3770 RBX: 0000000000000001 RCX: 0000000000000000\n[ 7283.167023] RDX: 0000000000000000 RSI: ffff98d89da30390 RDI: ffff98d89da20000\n[ 7283.167025] RBP: ffff98d89da20000 R08: 0000000000036838 R09: 0000000000000006\n[ 7283.167028] R10: ffffd5764243c008 R11: 0000000000000000 R12: ffff98d89da30390\n[ 7283.167030] R13: ffff98d89da38978 R14: ffffffff999ae15a R15: ffff98d880130105\n[ 7283.167032] FS: 0000000000000000(0000) GS:ffff98d996f00000(0000) knlGS:0000000000000000\n[ 7283.167036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7283.167039] CR2: 00000000f7a9d178 CR3: 00000001c42ea000 CR4: 00000000003506e0\n[ 7283.167041] Call Trace:\n[ 7283.167046] \u003cTASK\u003e\n[ 7283.167048] sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu]\n[ 7283.167704] amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu]\n[ 7283.168296] amdgpu_device_suspend+0x103/0x180 [amdgpu]\n[ 7283.168875] amdgpu_pmops_freeze+0x21/0x60 [amdgpu]\n[ 7283.169464] pci_pm_freeze+0x54/0xc0"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:53.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3decf3a750a924362bf4e2680dd3b07242fe56e8"
},
{
"url": "https://git.kernel.org/stable/c/c1420276be7a98df0074584bb9c1709cbc1a9df5"
},
{
"url": "https://git.kernel.org/stable/c/823787470e320f90372c3ef506769520026c571f"
},
{
"url": "https://git.kernel.org/stable/c/2a179117a3b29e7136e4045c57090a05bb97f373"
},
{
"url": "https://git.kernel.org/stable/c/71e1f44077db83e205db70a684c1f2c5d2247174"
},
{
"url": "https://git.kernel.org/stable/c/c5123c193696bf97fdf259c825ebfac517b54e44"
},
{
"url": "https://git.kernel.org/stable/c/8b229ada2669b74fdae06c83fbfda5a5a99fc253"
}
],
"title": "drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53723",
"datePublished": "2025-10-22T13:23:53.900Z",
"dateReserved": "2025-10-22T13:21:37.348Z",
"dateUpdated": "2025-10-22T13:23:53.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53694 (GCVE-0-2023-53694)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: ftrace: Fixup panic by disabling preemption
In RISCV, we must use an AUIPC + JALR pair to encode an immediate,
forming a jump that jumps to an address over 4K. This may cause errors
if we want to enable kernel preemption and remove dependency from
patching code with stop_machine(). For example, if a task was switched
out on auipc. And, if we changed the ftrace function before it was
switched back, then it would jump to an address that has updated 11:0
bits mixing with previous XLEN:12 part.
p: patched area performed by dynamic ftrace
ftrace_prologue:
p| REG_S ra, -SZREG(sp)
p| auipc ra, 0x? ------------> preempted
...
change ftrace function
...
p| jalr -?(ra) <------------- switched back
p| REG_L ra, -SZREG(sp)
func:
xxx
ret
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/Kconfig"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84cfcf240f4a577733b1d98fcd2611a611612b03",
"status": "affected",
"version": "afc76b8b80112189b6f11e67e19cf58301944814",
"versionType": "git"
},
{
"lessThan": "20a7510e781084364691b4962de31de758194cc9",
"status": "affected",
"version": "afc76b8b80112189b6f11e67e19cf58301944814",
"versionType": "git"
},
{
"lessThan": "8547649981e6631328cd64f583667501ae385531",
"status": "affected",
"version": "afc76b8b80112189b6f11e67e19cf58301944814",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/Kconfig"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.23",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: ftrace: Fixup panic by disabling preemption\n\nIn RISCV, we must use an AUIPC + JALR pair to encode an immediate,\nforming a jump that jumps to an address over 4K. This may cause errors\nif we want to enable kernel preemption and remove dependency from\npatching code with stop_machine(). For example, if a task was switched\nout on auipc. And, if we changed the ftrace function before it was\nswitched back, then it would jump to an address that has updated 11:0\nbits mixing with previous XLEN:12 part.\n\np: patched area performed by dynamic ftrace\nftrace_prologue:\np| REG_S ra, -SZREG(sp)\np| auipc ra, 0x? ------------\u003e preempted\n\t\t\t\t\t...\n\t\t\t\tchange ftrace function\n\t\t\t\t\t...\np| jalr -?(ra) \u003c------------- switched back\np| REG_L ra, -SZREG(sp)\nfunc:\n\txxx\n\tret"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:35.869Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84cfcf240f4a577733b1d98fcd2611a611612b03"
},
{
"url": "https://git.kernel.org/stable/c/20a7510e781084364691b4962de31de758194cc9"
},
{
"url": "https://git.kernel.org/stable/c/8547649981e6631328cd64f583667501ae385531"
}
],
"title": "riscv: ftrace: Fixup panic by disabling preemption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53694",
"datePublished": "2025-10-22T13:23:35.869Z",
"dateReserved": "2025-10-22T13:21:37.344Z",
"dateUpdated": "2025-10-22T13:23:35.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50568 (GCVE-0-2022-50568)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
The embedded struct cdev does not have its lifetime correctly tied to
the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
is held open while the gadget is deleted.
This can readily be replicated with libusbgx's example programs (for
conciseness - operating directly via configfs is equivalent):
gadget-hid
exec 3<> /dev/hidg0
gadget-vid-pid-remove
exec 3<&-
Pull the existing device up in to struct f_hidg and make use of the
cdev_device_{add,del}() helpers. This changes the lifetime of the
device object to match struct f_hidg, but note that it is still added
and deleted at the same time.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 Version: 71adf118946957839a13aa4d1094183e05c6c094 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_hid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1cd7f156f6389918f760687fbbf133c86da93162",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "c78c87c4e389b62f8892af7f59857447aa6d9797",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "1b6a53e447ec3d81623610c8c7ec5082b47dfdce",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "d3136b79705c2e3bba9c76adc5628af0215d798e",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "9e4b85d815b14bd4db2deea2a54264a23de8b896",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "9e08b7f5fa00e9d550851352bd0d1ba74ccffef2",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
},
{
"lessThan": "89ff3dfac604614287ad5aad9370c3f984ea3f4b",
"status": "affected",
"version": "71adf118946957839a13aa4d1094183e05c6c094",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_hid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_hid: fix f_hidg lifetime vs cdev\n\nThe embedded struct cdev does not have its lifetime correctly tied to\nthe enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN\nis held open while the gadget is deleted.\n\nThis can readily be replicated with libusbgx\u0027s example programs (for\nconciseness - operating directly via configfs is equivalent):\n\n\tgadget-hid\n\texec 3\u003c\u003e /dev/hidg0\n\tgadget-vid-pid-remove\n\texec 3\u003c\u0026-\n\nPull the existing device up in to struct f_hidg and make use of the\ncdev_device_{add,del}() helpers. This changes the lifetime of the\ndevice object to match struct f_hidg, but note that it is still added\nand deleted at the same time."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:25.136Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1cd7f156f6389918f760687fbbf133c86da93162"
},
{
"url": "https://git.kernel.org/stable/c/c78c87c4e389b62f8892af7f59857447aa6d9797"
},
{
"url": "https://git.kernel.org/stable/c/1b6a53e447ec3d81623610c8c7ec5082b47dfdce"
},
{
"url": "https://git.kernel.org/stable/c/d3136b79705c2e3bba9c76adc5628af0215d798e"
},
{
"url": "https://git.kernel.org/stable/c/9e4b85d815b14bd4db2deea2a54264a23de8b896"
},
{
"url": "https://git.kernel.org/stable/c/9e08b7f5fa00e9d550851352bd0d1ba74ccffef2"
},
{
"url": "https://git.kernel.org/stable/c/89ff3dfac604614287ad5aad9370c3f984ea3f4b"
}
],
"title": "usb: gadget: f_hid: fix f_hidg lifetime vs cdev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50568",
"datePublished": "2025-10-22T13:23:25.136Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:25.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50565 (GCVE-0-2022-50565)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx()
urbs does not be freed in exception paths in __lf_x_usb_enable_rx().
That will trigger memory leak. To fix it, add kfree() for urbs within
"error" label. Compile tested only.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/purelifi/plfxlc/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "286464463a05cb4bad80b134e24f8ffaab20bee4",
"status": "affected",
"version": "68d57a07bfe5bb29b80cd8b8fa24c9d1ea104124",
"versionType": "git"
},
{
"lessThan": "fce7e46273649d9cdcd98d89551975a65f206a14",
"status": "affected",
"version": "68d57a07bfe5bb29b80cd8b8fa24c9d1ea104124",
"versionType": "git"
},
{
"lessThan": "895b3b06efc285c1245242e9638b9ae251dc13ec",
"status": "affected",
"version": "68d57a07bfe5bb29b80cd8b8fa24c9d1ea104124",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/purelifi/plfxlc/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx()\n\nurbs does not be freed in exception paths in __lf_x_usb_enable_rx().\nThat will trigger memory leak. To fix it, add kfree() for urbs within\n\"error\" label. Compile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:23.335Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/286464463a05cb4bad80b134e24f8ffaab20bee4"
},
{
"url": "https://git.kernel.org/stable/c/fce7e46273649d9cdcd98d89551975a65f206a14"
},
{
"url": "https://git.kernel.org/stable/c/895b3b06efc285c1245242e9638b9ae251dc13ec"
}
],
"title": "wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50565",
"datePublished": "2025-10-22T13:23:23.335Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:23.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50567 (GCVE-0-2022-50567)
Vulnerability from cvelistv5
Published
2025-10-22 13:23
Modified
2025-10-22 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: jfs: fix shift-out-of-bounds in dbAllocAG
Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.
Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d3b486946a4e62c7ef6023f7d9c1d049051384ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3115313cf03113e87c87adee18ee49a20bbdb9ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eea87acb6027be3dd4d3c57186bb22800d57fdda",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "359616ce587e524107730504891afa4b1a8be58c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0536f76a2bca83d1a3740517ba22cc93a44b3099",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2c575c8905f7a8b32d5611b91856b69bac2a5bf1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67973caae78e21ee46a7281aaa8ca364eb9c444f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "898f706695682b9954f280d95e49fa86ffa55d08",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: jfs: fix shift-out-of-bounds in dbAllocAG\n\nSyzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The\nunderlying bug is the missing check of bmp-\u003edb_agl2size. The field can\nbe greater than 64 and trigger the shift-out-of-bounds.\n\nFix this bug by adding a check of bmp-\u003edb_agl2size in dbMount since this\nfield is used in many following functions. The upper bound for this\nfield is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.\nNote that, for maintenance, I reorganized error handling code of dbMount."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:24.508Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d3b486946a4e62c7ef6023f7d9c1d049051384ba"
},
{
"url": "https://git.kernel.org/stable/c/3115313cf03113e87c87adee18ee49a20bbdb9ba"
},
{
"url": "https://git.kernel.org/stable/c/eea87acb6027be3dd4d3c57186bb22800d57fdda"
},
{
"url": "https://git.kernel.org/stable/c/359616ce587e524107730504891afa4b1a8be58c"
},
{
"url": "https://git.kernel.org/stable/c/3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd"
},
{
"url": "https://git.kernel.org/stable/c/0536f76a2bca83d1a3740517ba22cc93a44b3099"
},
{
"url": "https://git.kernel.org/stable/c/2c575c8905f7a8b32d5611b91856b69bac2a5bf1"
},
{
"url": "https://git.kernel.org/stable/c/67973caae78e21ee46a7281aaa8ca364eb9c444f"
},
{
"url": "https://git.kernel.org/stable/c/898f706695682b9954f280d95e49fa86ffa55d08"
}
],
"title": "fs: jfs: fix shift-out-of-bounds in dbAllocAG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50567",
"datePublished": "2025-10-22T13:23:24.508Z",
"dateReserved": "2025-10-22T13:20:23.760Z",
"dateUpdated": "2025-10-22T13:23:24.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…