linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53996 | — | >= 5.16.0, < 6.1.53 | 6.1.53 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make enc_dec_hypercall() accept a size instead of npages enc_dec_hypercall() accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused p | ||
| CVE-2023-53995 | — | >= 2.6.15, < 5.4.257 | 5.4.257 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 | ||
| CVE-2023-53994 | — | >= 5.4.0, < 5.4.251 | 5.4.251 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARN_ON to prevent panic_on_warn Remove unnecessary early code development check and the WARN_ON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have | ||
| CVE-2023-53993 | — | >= 6.0.0, < 6.1.24 | 6.1.24 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y After a pci_doe_task completes, its work_struct needs to be destroyed to avoid a memory leak with CONFIG_DEBUG_OBJECTS=y. | ||
| CVE-2023-53992 | — | >= 3.19.0, < 6.1.55 | 6.1.55 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check. | ||
| CVE-2023-53991 | — | >= 5.7.0, < 5.10.173 | 5.10.173 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg | ||
| CVE-2023-53990 | — | < 5.15.111 | 5.15.111 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifs_del_deferred_close function has a critical section which modifies the deferred close file list. We must acquire deferred_lock before calling cifs | ||
| CVE-2023-53989 | — | >= 5.4.0, < 5.4.251 | 5.4.251 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapping_prot() sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears t | ||
| CVE-2023-53988 | — | >= 5.15.0, < 5.15.111 | 5.15.111 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff8880 | ||
| CVE-2023-53987 | — | >= 6.0.0, < 6.1.24 | 6.1.24 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to av | ||
| CVE-2023-53986 | — | >= 4.19.0, < 5.4.240 | 5.4.240 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: [ 3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform [ | ||
| CVE-2023-53867 | — | >= 2.6.34, < 6.1.28 | 6.1.28 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and | ||
| CVE-2022-50711 | — | >= 5.19.0, < 6.0.6 | 6.0.6 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() If mtk_wed_add_hw() has been called, mtk_wed_exit() needs be called in error path or removing module to free the memory allocated in mtk_wed_a | ||
| CVE-2022-50710 | — | >= 5.14.0, < 5.15.75 | 5.15.75 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: set tx_tstamps when creating new Tx rings via ethtool When the user changes the number of queues via ethtool, the driver allocates new rings. This allocation did not initialize tx_tstamps. This results in | ||
| CVE-2022-50709 | — | >= 2.6.35, < 4.14.296 | 4.14.296 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with pkt_len = 0 but | ||
| CVE-2022-50708 | — | >= 3.16.0, < 5.19.17 | 5.19.17 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() ssip_pn_open() claims the HSI client's port with hsi_claim_port(). When hsi_register_port_event() gets some error and returns a negetive value, t | ||
| CVE-2022-50707 | — | >= 5.19.0, < 6.0.19 | 6.0.19 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error | ||
| CVE-2022-50706 | — | < 5.4.220 | 5.4.220 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1], for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting __dev_queue_xmit( | ||
| CVE-2022-50705 | — | < 5.15.90 | 5.15.90 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the task_work for this request. That | ||
| CVE-2022-50704 | — | >= 4.20.0, < 6.0.16 | 6.0.16 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the ->pullup callback, or the hardware encounters a l |
- CVE-2023-53996Dec 24, 2025affected >= 5.16.0, < 6.1.53fixed 6.1.53
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make enc_dec_hypercall() accept a size instead of npages enc_dec_hypercall() accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused p
- CVE-2023-53995Dec 24, 2025affected >= 2.6.15, < 5.4.257fixed 5.4.257
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0
- CVE-2023-53994Dec 24, 2025affected >= 5.4.0, < 5.4.251fixed 5.4.251
In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARN_ON to prevent panic_on_warn Remove unnecessary early code development check and the WARN_ON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have
- CVE-2023-53993Dec 24, 2025affected >= 6.0.0, < 6.1.24fixed 6.1.24
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y After a pci_doe_task completes, its work_struct needs to be destroyed to avoid a memory leak with CONFIG_DEBUG_OBJECTS=y.
- CVE-2023-53992Dec 24, 2025affected >= 3.19.0, < 6.1.55fixed 6.1.55
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check.
- CVE-2023-53991Dec 24, 2025affected >= 5.7.0, < 5.10.173fixed 5.10.173
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg
- CVE-2023-53990Dec 24, 2025affected < 5.15.111fixed 5.15.111
In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifs_del_deferred_close function has a critical section which modifies the deferred close file list. We must acquire deferred_lock before calling cifs
- CVE-2023-53989Dec 24, 2025affected >= 5.4.0, < 5.4.251fixed 5.4.251
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapping_prot() sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears t
- CVE-2023-53988Dec 24, 2025affected >= 5.15.0, < 5.15.111fixed 5.15.111
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff8880
- CVE-2023-53987Dec 24, 2025affected >= 6.0.0, < 6.1.24fixed 6.1.24
In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to av
- CVE-2023-53986Dec 24, 2025affected >= 4.19.0, < 5.4.240fixed 5.4.240
In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: [ 3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform [
- CVE-2023-53867Dec 24, 2025affected >= 2.6.34, < 6.1.28fixed 6.1.28
In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and
- CVE-2022-50711Dec 24, 2025affected >= 5.19.0, < 6.0.6fixed 6.0.6
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() If mtk_wed_add_hw() has been called, mtk_wed_exit() needs be called in error path or removing module to free the memory allocated in mtk_wed_a
- CVE-2022-50710Dec 24, 2025affected >= 5.14.0, < 5.15.75fixed 5.15.75
In the Linux kernel, the following vulnerability has been resolved: ice: set tx_tstamps when creating new Tx rings via ethtool When the user changes the number of queues via ethtool, the driver allocates new rings. This allocation did not initialize tx_tstamps. This results in
- CVE-2022-50709Dec 24, 2025affected >= 2.6.35, < 4.14.296fixed 4.14.296
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with pkt_len = 0 but
- CVE-2022-50708Dec 24, 2025affected >= 3.16.0, < 5.19.17fixed 5.19.17
In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() ssip_pn_open() claims the HSI client's port with hsi_claim_port(). When hsi_register_port_event() gets some error and returns a negetive value, t
- CVE-2022-50707Dec 24, 2025affected >= 5.19.0, < 6.0.19fixed 6.0.19
In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error
- CVE-2022-50706Dec 24, 2025affected < 5.4.220fixed 5.4.220
In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1], for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting __dev_queue_xmit(
- CVE-2022-50705Dec 24, 2025affected < 5.15.90fixed 5.15.90
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the task_work for this request. That
- CVE-2022-50704Dec 24, 2025affected >= 4.20.0, < 6.0.16fixed 6.0.16
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the ->pullup callback, or the hardware encounters a l
Page 48 of 88