CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53033 – netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
https://notcve.org/view.php?id=CVE-2023-53033
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area. Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of dou... • https://git.kernel.org/stable/c/f6ae9f120dada00abfb47313364c35118469455f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53032 – netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
https://notcve.org/view.php?id=CVE-2023-53032
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verificat... • https://git.kernel.org/stable/c/b9fed748185a96b7cfe74afac4bd228e8af16f01 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53031 – powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
https://notcve.org/view.php?id=CVE-2023-53031
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: # perf stat -e thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ sleep 5 Performance counter stats for 'sleep 5': 0 thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ 5.002117947 seconds time elapsed 0.000131000 seconds user 0.001063000 ... • https://git.kernel.org/stable/c/8f95faaac56c18b32d0e23ace55417a440abdb7e •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53028 – Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
https://notcve.org/view.php?id=CVE-2023-53028
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_destructor == ieee80211_if_free syzbot reported: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 PID... • https://git.kernel.org/stable/c/b2c0b94f48373ee743a4d63825a9d52364418837 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53026 – RDMA/core: Fix ib block iterator counter overflow
https://notcve.org/view.php?id=CVE-2023-53026
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the selected page size, DMA blocks. In given circumstances where the sg entry and page size fit certain sizes and the sg entry is not aligned to the selected page size, the total size of the aligned pages we need to cover the sg entry is... • https://git.kernel.org/stable/c/a808273a495c657e33281b181fd7fcc2bb28f662 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53024 – bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
https://notcve.org/view.php?id=CVE-2023-53024
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence instructions after 1) initializing a stack slot and 2) spilling a pointer to the stack. However, this does not cover cases where a stack slot is first initialized with a pointer (subject to sanitization) but then overwritten with a scala... • https://git.kernel.org/stable/c/872968502114d68c21419cf7eb5ab97717e7b803 •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2023-53023 – net: nfc: Fix use-after-free in local_cleanup()
https://notcve.org/view.php?id=CVE-2023-53023
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. When detaching an nfc device, local_cleanup() called from nfc_llcp_unregister_device() frees local->rx_pending and decreases local->ref by kref_put() in nfc_llcp_local_put(). In the terminating process, nfc daemon releases all socket... • https://git.kernel.org/stable/c/3536da06db0baa675f32de608c0a4c0f5ef0e9ff • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2023-53021 – net/sched: sch_taprio: fix possible use-after-free
https://notcve.org/view.php?id=CVE-2023-53021
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense until we got a repro. This repro installs a taprio qdisc, but providing an invalid TCA_RATE attribute. qdisc_create() has to destroy the just initialized taprio qdisc, and taprio_destroy() is called. However, the hrtimer used by taprio had already fired, therefore advance_sched() called __netif_schedule(). Then net... • https://git.kernel.org/stable/c/5a781ccbd19e4664babcbe4b4ead7aa2b9283d22 • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53020 – l2tp: close all race conditions in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53020
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. • https://git.kernel.org/stable/c/37159ef2c1ae1e696b24b260b241209a19f92c60 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53019 – net: mdio: validate parameter addr in mdiobus_get_phy()
https://notcve.org/view.php?id=CVE-2023-53019
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it. • https://git.kernel.org/stable/c/7f854420fbfe9d49afe2ffb1df052cfe8e215541 •