linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53844 | — | >= 5.14.0, < 5.15.121 | 5.15.121 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. Fix. | ||
| CVE-2023-53843 | — | >= 6.1.0, < 6.1.47 | 6.1.47 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) refactored the handling of pre-assigned ifindexes and let syzbot surface a latent p | ||
| CVE-2023-53842 | — | >= 5.14.0, < 5.15.123 | 5.15.123 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove The MBHC resources must be released on component probe failure and removal so can not be tied to the lifetime of the component device. This is | ||
| CVE-2023-53841 | — | >= 5.3.0, < 5.4.251 | 5.4.251 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: devlink: report devlink_port_type_warn source device devlink_port_type_warn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device ( | ||
| CVE-2023-53840 | — | >= 4.12.0, < 5.15.99 | 5.15.99 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is calle | ||
| CVE-2023-53839 | — | >= 2.6.14, < 4.14.323 | 4.14.323 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_ | ||
| CVE-2023-53838 | — | >= 5.19.0, < 6.1.18 | 6.1.18 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inode to be re-usable thoroughout the whole atomic file inode lifetime. | ||
| CVE-2023-53837 | — | >= 5.14.0, < 5.15.112 | 5.15.112 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on snapshot tear down In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. | ||
| CVE-2023-53836 | — | >= 5.13.0, < 5.15.189 | 5.15.189 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the sk_psock_backlog can be referenced after userspace side has already skb_consumed() the sk_buff and its refcnt dropped | ||
| CVE-2023-53834 | — | >= 4.5.0, < 5.15.127 | 5.15.127 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compat | ||
| CVE-2023-53833 | — | >= 5.16.0, < 6.1.30 | 6.1.30 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL ptr deref by checking new_crtc_state intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't obtained previously with intel_atomic_get_crtc_state, so we must check it for NU | ||
| CVE-2023-53832 | — | >= 3.10.0, < 4.19.283 | 4.19.283 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recove | ||
| CVE-2023-53831 | — | >= 2.6.33, < 4.14.326 | 4.14.326 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop() We have many more similar issues to fix. WARNIN | ||
| CVE-2023-53830 | — | >= 5.14.0, < 5.15.107 | 5.15.107 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmi_setting(), the result has to be freed using kfree(). In current_value_show() however, malformed item | ||
| CVE-2023-53829 | — | >= 3.8.0, < 6.1.54 | 6.1.54 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f | ||
| CVE-2023-53828 | — | >= 6.0.0, < 6.1.53 | 6.1.53 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() KSAN reports use-after-free in hci_add_adv_monitor(). While adding an adv monitor, hci_add_adv_monitor() calls -> msft_add_mon | ||
| CVE-2023-53827 | — | >= 3.5.0, < 4.14.313 | 4.14.313 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to preve | ||
| CVE-2023-53826 | — | >= 2.6.22, < 4.14.308 | 4.14.308 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Wear-leveling entry could be freed in error path, which may be accessed again in eraseblk_count_seq_show(), for example: __erase_worker | ||
| CVE-2023-53825 | — | >= 4.6.0, < 4.14.326 | 4.14.326 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating | ||
| CVE-2023-53824 | — | >= 3.15.0, < 5.10.218 | 5.10.218 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs pr |
- CVE-2023-53844Dec 9, 2025affected >= 5.14.0, < 5.15.121fixed 5.15.121
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. Fix.
- CVE-2023-53843Dec 9, 2025affected >= 6.1.0, < 6.1.47fixed 6.1.47
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) refactored the handling of pre-assigned ifindexes and let syzbot surface a latent p
- CVE-2023-53842Dec 9, 2025affected >= 5.14.0, < 5.15.123fixed 5.15.123
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove The MBHC resources must be released on component probe failure and removal so can not be tied to the lifetime of the component device. This is
- CVE-2023-53841Dec 9, 2025affected >= 5.3.0, < 5.4.251fixed 5.4.251
In the Linux kernel, the following vulnerability has been resolved: devlink: report devlink_port_type_warn source device devlink_port_type_warn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device (
- CVE-2023-53840Dec 9, 2025affected >= 4.12.0, < 5.15.99fixed 5.15.99
In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is calle
- CVE-2023-53839Dec 9, 2025affected >= 2.6.14, < 4.14.323fixed 4.14.323
In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_
- CVE-2023-53838Dec 9, 2025affected >= 5.19.0, < 6.1.18fixed 6.1.18
In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inode to be re-usable thoroughout the whole atomic file inode lifetime.
- CVE-2023-53837Dec 9, 2025affected >= 5.14.0, < 5.15.112fixed 5.15.112
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on snapshot tear down In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL.
- CVE-2023-53836Dec 9, 2025affected >= 5.13.0, < 5.15.189fixed 5.15.189
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the sk_psock_backlog can be referenced after userspace side has already skb_consumed() the sk_buff and its refcnt dropped
- CVE-2023-53834Dec 9, 2025affected >= 4.5.0, < 5.15.127fixed 5.15.127
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compat
- CVE-2023-53833Dec 9, 2025affected >= 5.16.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL ptr deref by checking new_crtc_state intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't obtained previously with intel_atomic_get_crtc_state, so we must check it for NU
- CVE-2023-53832Dec 9, 2025affected >= 3.10.0, < 4.19.283fixed 4.19.283
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recove
- CVE-2023-53831Dec 9, 2025affected >= 2.6.33, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop() We have many more similar issues to fix. WARNIN
- CVE-2023-53830Dec 9, 2025affected >= 5.14.0, < 5.15.107fixed 5.15.107
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmi_setting(), the result has to be freed using kfree(). In current_value_show() however, malformed item
- CVE-2023-53829Dec 9, 2025affected >= 3.8.0, < 6.1.54fixed 6.1.54
In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f
- CVE-2023-53828Dec 9, 2025affected >= 6.0.0, < 6.1.53fixed 6.1.53
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() KSAN reports use-after-free in hci_add_adv_monitor(). While adding an adv monitor, hci_add_adv_monitor() calls -> msft_add_mon
- CVE-2023-53827Dec 9, 2025affected >= 3.5.0, < 4.14.313fixed 4.14.313
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to preve
- CVE-2023-53826Dec 9, 2025affected >= 2.6.22, < 4.14.308fixed 4.14.308
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Wear-leveling entry could be freed in error path, which may be accessed again in eraseblk_count_seq_show(), for example: __erase_worker
- CVE-2023-53825Dec 9, 2025affected >= 4.6.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating
- CVE-2023-53824Dec 9, 2025affected >= 3.15.0, < 5.10.218fixed 5.10.218
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs pr
Page 60 of 88