CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53033 – netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
https://notcve.org/view.php?id=CVE-2023-53033
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area. Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of dou... • https://git.kernel.org/stable/c/f6ae9f120dada00abfb47313364c35118469455f •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53032 – netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
https://notcve.org/view.php?id=CVE-2023-53032
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verificat... • https://git.kernel.org/stable/c/b9fed748185a96b7cfe74afac4bd228e8af16f01 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53031 – powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
https://notcve.org/view.php?id=CVE-2023-53031
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: # perf stat -e thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ sleep 5 Performance counter stats for 'sleep 5': 0 thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ 5.002117947 seconds time elapsed 0.000131000 seconds user 0.001063000 ... • https://git.kernel.org/stable/c/8f95faaac56c18b32d0e23ace55417a440abdb7e •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53030 – octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
https://notcve.org/view.php?id=CVE-2023-53030
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 [ 32.550883] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 [ 32.558707] preempt_count: 1, expected: 0 [ 32.562710] RCU nest depth: 0, expected: 0 [ 32.... • https://git.kernel.org/stable/c/6ea5273c71dd2d07c0a2459594eb34bc087939f7 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53029 – octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
https://notcve.org/view.php?id=CVE-2023-53029
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_freeptr() callback, but it also unnecessarily disable the preemption for the blockable memory allocation. The commit 87b93b678e95 ("octeontx2-pf: Avoid use of GFP_KERNEL in atomic context") tried to fix these sleep inside atomic warnin... • https://git.kernel.org/stable/c/6ea5273c71dd2d07c0a2459594eb34bc087939f7 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53028 – Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
https://notcve.org/view.php?id=CVE-2023-53028
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_destructor == ieee80211_if_free syzbot reported: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 PID... • https://git.kernel.org/stable/c/b2c0b94f48373ee743a4d63825a9d52364418837 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2023-53027 – erofs: fix kvcalloc() misuse with __GFP_NOFAIL
https://notcve.org/view.php?id=CVE-2023-53027
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix kvcalloc() misuse with __GFP_NOFAIL As reported by syzbot [1], kvcalloc() cannot work with __GFP_NOFAIL. Let's use kcalloc() instead. [1] https://lore.kernel.org/r/0000000000007796bd05f1852ec2@google.com • https://git.kernel.org/stable/c/4f05687fd7036473605a161ca47a2cf9fd3cbfc5 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53026 – RDMA/core: Fix ib block iterator counter overflow
https://notcve.org/view.php?id=CVE-2023-53026
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the selected page size, DMA blocks. In given circumstances where the sg entry and page size fit certain sizes and the sg entry is not aligned to the selected page size, the total size of the aligned pages we need to cover the sg entry is... • https://git.kernel.org/stable/c/a808273a495c657e33281b181fd7fcc2bb28f662 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2023-53025 – NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
https://notcve.org/view.php?id=CVE-2023-53025
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free in nfsd4_ssc_setup_dul() If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue. • https://git.kernel.org/stable/c/f4e44b393389c77958f7c58bf4415032b4cda15b • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53024 – bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
https://notcve.org/view.php?id=CVE-2023-53024
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence instructions after 1) initializing a stack slot and 2) spilling a pointer to the stack. However, this does not cover cases where a stack slot is first initialized with a pointer (subject to sanitization) but then overwritten with a scala... • https://git.kernel.org/stable/c/872968502114d68c21419cf7eb5ab97717e7b803 •