deb package
ubuntu/linux-oem-6.5
pkg:deb/ubuntu/linux-oem-6.5
Vulnerabilities (122)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52583 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used | ||
| CVE-2024-26620 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP c | ||
| CVE-2024-26618 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and | ||
| CVE-2024-26616 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" err | ||
| CVE-2024-26615 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1 | ||
| CVE-2024-26614 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: | ||
| CVE-2024-26612 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference. | ||
| CVE-2024-26610 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the | ||
| CVE-2024-26608 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds r | ||
| CVE-2023-52498 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because async_schedule_dev() executes its argument function | ||
| CVE-2023-52497 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I | ||
| CVE-2023-52495 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting | ||
| CVE-2023-52494 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointe | ||
| CVE-2023-52493 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to clie | ||
| CVE-2023-52492 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When d | ||
| CVE-2023-52491 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if | ||
| CVE-2023-52490 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual | ||
| CVE-2023-52489 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMA | ||
| CVE-2023-52488 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO d | ||
| CVE-2023-52487 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP flag when list of peer flows has become empty. However, if any concurrent user holds a referenc |
- CVE-2023-52583Mar 6, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used
- CVE-2024-26620Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP c
- CVE-2024-26618Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and
- CVE-2024-26616Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" err
- CVE-2024-26615Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1
- CVE-2024-26614Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU:
- CVE-2024-26612Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference.
- CVE-2024-26610Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the
- CVE-2024-26608Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds r
- CVE-2023-52498Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because async_schedule_dev() executes its argument function
- CVE-2023-52497Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I
- CVE-2023-52495Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting
- CVE-2023-52494Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointe
- CVE-2023-52493Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to clie
- CVE-2023-52492Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When d
- CVE-2023-52491Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if
- CVE-2023-52490Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual
- CVE-2023-52489Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMA
- CVE-2023-52488Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO d
- CVE-2023-52487Feb 29, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP flag when list of peer flows has become empty. However, if any concurrent user holds a referenc
Page 4 of 7