VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2023-54295Dec 30, 2025
    affected >= 4.20.0, < 5.10.173fixed 5.10.173

    In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_type() was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was

  • CVE-2023-54294Dec 30, 2025
    affected >= 4.16.0, < 4.19.283fixed 4.19.283

    In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setti

  • CVE-2023-54293Dec 30, 2025
    affected >= 5.7.0, < 5.10.188fixed 5.10.188

    In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btree_cache_wait list damage We get a kernel crash about "list_add corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct list

  • CVE-2023-54292Dec 30, 2025
    affected >= 5.14.0, < 5.15.124fixed 5.15.124

    In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqp_request->request_done memory location which is accessed locklessly in irdma_handle_cqp_op while being updated in irdma_cqp_ce_handl

  • CVE-2023-54291Dec 30, 2025
    affected >= 6.4.0, < 6.4.4fixed 6.4.4

    In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set al

  • CVE-2023-54289Dec 30, 2025
    affected >= 4.11.0, < 5.4.251fixed 5.4.251

    In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been all

  • CVE-2023-54288Dec 30, 2025
    affected < 6.1.30fixed 6.1.30

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211_tx_dequeue() there is a particular locking sequence: begin: spin_lock(&local->queue_stop_reason_lock); q_stopped =

  • CVE-2023-54287Dec 30, 2025
    affected >= 4.3.0, < 5.15.99fixed 5.15.99

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Un

  • CVE-2023-54286Dec 30, 2025
    affected >= 3.1.0, < 4.14.316fixed 4.14.316

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over over

  • CVE-2023-54284Dec 30, 2025
    affected >= 2.6.31, < 4.14.315fixed 4.14.315

    In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len -

  • CVE-2023-54283Dec 30, 2025
    affected >= 4.10.0, < 4.14.322fixed 4.14.322

    In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE()

  • CVE-2023-54282Dec 30, 2025
    affected >= 4.2.0, < 4.14.326fixed 4.14.326

    In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tu

  • CVE-2023-54281Dec 30, 2025
    affected >= 4.18.0, < 5.10.197fixed 5.10.197

    In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget

  • CVE-2023-54280Dec 30, 2025
    affected >= 5.16.0, < 6.2.15fixed 6.2.15

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tr

  • CVE-2023-54279Dec 30, 2025
    affected >= 3.10.0, < 4.14.315fixed 4.14.315

    In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr

  • CVE-2023-54278Dec 30, 2025
    affected >= 6.3.0, < 6.4.10fixed 6.4.10

    In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init:

  • CVE-2023-54277Dec 30, 2025
    affected < 5.4.244fixed 5.4.244

    In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid

  • CVE-2023-54276Dec 30, 2025
    affected >= 6.3.0, < 6.4.4fixed 6.4.4

    In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd s

  • CVE-2023-54275Dec 30, 2025
    affected >= 5.7.0, < 5.10.173fixed 5.10.173

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add mi

  • CVE-2023-54274Dec 30, 2025
    affected >= 3.3.0, < 5.10.180fixed 5.10.180

    In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad

Page 23 of 88