CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2023-53032 – netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
https://notcve.org/view.php?id=CVE-2023-53032
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verificat... • https://git.kernel.org/stable/c/b9fed748185a96b7cfe74afac4bd228e8af16f01 •
CVSS: 6.3EPSS: %CPEs: 5EXPL: 0CVE-2023-53031 – powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
https://notcve.org/view.php?id=CVE-2023-53031
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: # perf stat -e thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ sleep 5 Performance counter stats for 'sleep 5': 0 thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ 5.002117947 seconds time elapsed 0.000131000 seconds user 0.001063000 ... • https://git.kernel.org/stable/c/8f95faaac56c18b32d0e23ace55417a440abdb7e •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2023-53024 – bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
https://notcve.org/view.php?id=CVE-2023-53024
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence instructions after 1) initializing a stack slot and 2) spilling a pointer to the stack. However, this does not cover cases where a stack slot is first initialized with a pointer (subject to sanitization) but then overwritten with a scala... • https://git.kernel.org/stable/c/872968502114d68c21419cf7eb5ab97717e7b803 •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2023-53023 – net: nfc: Fix use-after-free in local_cleanup()
https://notcve.org/view.php?id=CVE-2023-53023
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. When detaching an nfc device, local_cleanup() called from nfc_llcp_unregister_device() frees local->rx_pending and decreases local->ref by kref_put() in nfc_llcp_local_put(). In the terminating process, nfc daemon releases all socket... • https://git.kernel.org/stable/c/3536da06db0baa675f32de608c0a4c0f5ef0e9ff • CWE-416: Use After Free •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2023-53020 – l2tp: close all race conditions in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53020
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. • https://git.kernel.org/stable/c/37159ef2c1ae1e696b24b260b241209a19f92c60 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53019 – net: mdio: validate parameter addr in mdiobus_get_phy()
https://notcve.org/view.php?id=CVE-2023-53019
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it. In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in... • https://git.kernel.org/stable/c/7f854420fbfe9d49afe2ffb1df052cfe8e215541 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2023-53015 – HID: betop: check shape of output reports
https://notcve.org/view.php?id=CVE-2023-53015
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play(). In the Linux kernel, the following vulnerability has been resolved: HID: betop: ch... • https://git.kernel.org/stable/c/52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2023-53010 – bnxt: Do not read past the end of test names
https://notcve.org/view.php?id=CVE-2023-53010
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen [...] Call Trace: bnxt_ethtool_init.cold+0x18/0x18 Refactor struct hwrm_selftest_qlist_output to use an actual array, and adjust the concatenation to use snprintf() rather than a series of strncat() calls. In the Linux kernel... • https://git.kernel.org/stable/c/eb51365846bc418687af4c4f41b68b6e84cdd449 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2023-53009 – drm/amdkfd: Add sync after creating vram bo
https://notcve.org/view.php?id=CVE-2023-53009
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization completion is to resolve this issue. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initializa... • https://git.kernel.org/stable/c/92af2d3b57a1afdfdcafb1c6a07ffd89cf3e98fb •
CVSS: 5.6EPSS: %CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •