linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54063 | — | >= 5.15.0, < 5.15.111 | 5.15.111 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indx_insert_into_buffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff888 | ||
| CVE-2023-54062 | — | < 4.14.315 | 4.14.315 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the | ||
| CVE-2023-54060 | — | >= 6.2.0, < 6.4.8 | 6.4.8 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufd_ioas.mock_domain.access_domain_destory would blow | ||
| CVE-2023-54059 | — | >= 6.0.0, < 6.1.18 | 6.1.18 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset (like when is booted via kexec()), the peripheral might triger an IRQ before the data structures are initialised. [ 0.227 | ||
| CVE-2023-54058 | — | >= 5.15.0, < 5.15.114 | 5.15.114 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currently ffa_drv->remove() is called unconditionally from ffa_device_remove(). Since the driver registration doesn't check for it and a | ||
| CVE-2023-54057 | — | >= 4.7.0, < 5.4.237 | 5.4.237 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has | ||
| CVE-2023-54056 | — | >= 5.2.0, < 5.4.243 | 5.4.243 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination and source buffers. Defining kernel_headers_data as "char" would trip this check. Since t | ||
| CVE-2023-54055 | — | >= 5.14.0, < 5.15.108 | 5.15.108 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC obj | ||
| CVE-2023-54053 | — | >= 5.4.0, < 5.4.244 | 5.4.244 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans w | ||
| CVE-2023-54052 | — | >= 5.12.0, < 6.1.52 | 6.1.52 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily | ||
| CVE-2023-54051 | — | >= 4.8.0, < 4.14.324 | 4.14.324 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because thi | ||
| CVE-2023-54050 | — | >= 2.6.27, < 4.19.283 | 4.19.283 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (u | ||
| CVE-2023-54049 | — | >= 4.13.0, < 4.14.326 | 4.14.326 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2023-54048 | — | >= 4.11.0, < 5.15.124 | 5.15.124 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP | ||
| CVE-2023-54047 | — | >= 4.9.0, < 6.1.30 | 6.1.30 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The | ||
| CVE-2023-54046 | — | >= 5.4.0, < 5.4.235 | 5.4.235 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller | ||
| CVE-2023-54045 | — | >= 3.3.0, < 4.14.326 | 4.14.326 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && | ||
| CVE-2023-54044 | — | >= 3.15.0, < 4.14.315 | 4.14.315 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one suc | ||
| CVE-2023-54043 | — | >= 6.2.0, < 6.2.3 | 6.2.3 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twic | ||
| CVE-2022-50783 | — | >= 5.6.0, < 5.10.163 | 5.10.163 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks wi |
- CVE-2023-54063Dec 24, 2025affected >= 5.15.0, < 5.15.111fixed 5.15.111
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indx_insert_into_buffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff888
- CVE-2023-54062Dec 24, 2025affected < 4.14.315fixed 4.14.315
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the
- CVE-2023-54060Dec 24, 2025affected >= 6.2.0, < 6.4.8fixed 6.4.8
In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufd_ioas.mock_domain.access_domain_destory would blow
- CVE-2023-54059Dec 24, 2025affected >= 6.0.0, < 6.1.18fixed 6.1.18
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset (like when is booted via kexec()), the peripheral might triger an IRQ before the data structures are initialised. [ 0.227
- CVE-2023-54058Dec 24, 2025affected >= 5.15.0, < 5.15.114fixed 5.15.114
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currently ffa_drv->remove() is called unconditionally from ffa_device_remove(). Since the driver registration doesn't check for it and a
- CVE-2023-54057Dec 24, 2025affected >= 4.7.0, < 5.4.237fixed 5.4.237
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has
- CVE-2023-54056Dec 24, 2025affected >= 5.2.0, < 5.4.243fixed 5.4.243
In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination and source buffers. Defining kernel_headers_data as "char" would trip this check. Since t
- CVE-2023-54055Dec 24, 2025affected >= 5.14.0, < 5.15.108fixed 5.15.108
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC obj
- CVE-2023-54053Dec 24, 2025affected >= 5.4.0, < 5.4.244fixed 5.4.244
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans w
- CVE-2023-54052Dec 24, 2025affected >= 5.12.0, < 6.1.52fixed 6.1.52
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily
- CVE-2023-54051Dec 24, 2025affected >= 4.8.0, < 4.14.324fixed 4.14.324
In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because thi
- CVE-2023-54050Dec 24, 2025affected >= 2.6.27, < 4.19.283fixed 4.19.283
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (u
- CVE-2023-54049Dec 24, 2025affected >= 4.13.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
- CVE-2023-54048Dec 24, 2025affected >= 4.11.0, < 5.15.124fixed 5.15.124
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP
- CVE-2023-54047Dec 24, 2025affected >= 4.9.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The
- CVE-2023-54046Dec 24, 2025affected >= 5.4.0, < 5.4.235fixed 5.4.235
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller
- CVE-2023-54045Dec 24, 2025affected >= 3.3.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y &&
- CVE-2023-54044Dec 24, 2025affected >= 3.15.0, < 4.14.315fixed 4.14.315
In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one suc
- CVE-2023-54043Dec 24, 2025affected >= 6.2.0, < 6.2.3fixed 6.2.3
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twic
- CVE-2022-50783Dec 24, 2025affected >= 5.6.0, < 5.10.163fixed 5.10.163
In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks wi
Page 39 of 88