linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54295 | — | >= 4.20.0, < 5.10.173 | 5.10.173 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_type() was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was | ||
| CVE-2023-54294 | — | >= 4.16.0, < 4.19.283 | 4.19.283 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setti | ||
| CVE-2023-54293 | — | >= 5.7.0, < 5.10.188 | 5.10.188 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btree_cache_wait list damage We get a kernel crash about "list_add corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct list | ||
| CVE-2023-54292 | — | >= 5.14.0, < 5.15.124 | 5.15.124 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqp_request->request_done memory location which is accessed locklessly in irdma_handle_cqp_op while being updated in irdma_cqp_ce_handl | ||
| CVE-2023-54291 | — | >= 6.4.0, < 6.4.4 | 6.4.4 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set al | ||
| CVE-2023-54289 | — | >= 4.11.0, < 5.4.251 | 5.4.251 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been all | ||
| CVE-2023-54288 | — | < 6.1.30 | 6.1.30 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211_tx_dequeue() there is a particular locking sequence: begin: spin_lock(&local->queue_stop_reason_lock); q_stopped = | ||
| CVE-2023-54287 | — | >= 4.3.0, < 5.15.99 | 5.15.99 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Un | ||
| CVE-2023-54286 | — | >= 3.1.0, < 4.14.316 | 4.14.316 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over over | ||
| CVE-2023-54284 | — | >= 2.6.31, < 4.14.315 | 4.14.315 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - | ||
| CVE-2023-54283 | — | >= 4.10.0, < 4.14.322 | 4.14.322 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() | ||
| CVE-2023-54282 | — | >= 4.2.0, < 4.14.326 | 4.14.326 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tu | ||
| CVE-2023-54281 | — | >= 4.18.0, < 5.10.197 | 5.10.197 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget | ||
| CVE-2023-54280 | — | >= 5.16.0, < 6.2.15 | 6.2.15 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tr | ||
| CVE-2023-54279 | — | >= 3.10.0, < 4.14.315 | 4.14.315 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr | ||
| CVE-2023-54278 | — | >= 6.3.0, < 6.4.10 | 6.4.10 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: | ||
| CVE-2023-54277 | — | < 5.4.244 | 5.4.244 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid | ||
| CVE-2023-54276 | — | >= 6.3.0, < 6.4.4 | 6.4.4 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd s | ||
| CVE-2023-54275 | — | >= 5.7.0, < 5.10.173 | 5.10.173 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add mi | ||
| CVE-2023-54274 | — | >= 3.3.0, < 5.10.180 | 5.10.180 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad |
- CVE-2023-54295Dec 30, 2025affected >= 4.20.0, < 5.10.173fixed 5.10.173
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_type() was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was
- CVE-2023-54294Dec 30, 2025affected >= 4.16.0, < 4.19.283fixed 4.19.283
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setti
- CVE-2023-54293Dec 30, 2025affected >= 5.7.0, < 5.10.188fixed 5.10.188
In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btree_cache_wait list damage We get a kernel crash about "list_add corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct list
- CVE-2023-54292Dec 30, 2025affected >= 5.14.0, < 5.15.124fixed 5.15.124
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqp_request->request_done memory location which is accessed locklessly in irdma_handle_cqp_op while being updated in irdma_cqp_ce_handl
- CVE-2023-54291Dec 30, 2025affected >= 6.4.0, < 6.4.4fixed 6.4.4
In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set al
- CVE-2023-54289Dec 30, 2025affected >= 4.11.0, < 5.4.251fixed 5.4.251
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been all
- CVE-2023-54288Dec 30, 2025affected < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211_tx_dequeue() there is a particular locking sequence: begin: spin_lock(&local->queue_stop_reason_lock); q_stopped =
- CVE-2023-54287Dec 30, 2025affected >= 4.3.0, < 5.15.99fixed 5.15.99
In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Un
- CVE-2023-54286Dec 30, 2025affected >= 3.1.0, < 4.14.316fixed 4.14.316
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over over
- CVE-2023-54284Dec 30, 2025affected >= 2.6.31, < 4.14.315fixed 4.14.315
In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len -
- CVE-2023-54283Dec 30, 2025affected >= 4.10.0, < 4.14.322fixed 4.14.322
In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE()
- CVE-2023-54282Dec 30, 2025affected >= 4.2.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tu
- CVE-2023-54281Dec 30, 2025affected >= 4.18.0, < 5.10.197fixed 5.10.197
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget
- CVE-2023-54280Dec 30, 2025affected >= 5.16.0, < 6.2.15fixed 6.2.15
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tr
- CVE-2023-54279Dec 30, 2025affected >= 3.10.0, < 4.14.315fixed 4.14.315
In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr
- CVE-2023-54278Dec 30, 2025affected >= 6.3.0, < 6.4.10fixed 6.4.10
In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init:
- CVE-2023-54277Dec 30, 2025affected < 5.4.244fixed 5.4.244
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid
- CVE-2023-54276Dec 30, 2025affected >= 6.3.0, < 6.4.4fixed 6.4.4
In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd s
- CVE-2023-54275Dec 30, 2025affected >= 5.7.0, < 5.10.173fixed 5.10.173
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add mi
- CVE-2023-54274Dec 30, 2025affected >= 3.3.0, < 5.10.180fixed 5.10.180
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad
Page 23 of 88