CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2023-53140 – scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
https://notcve.org/view.php?id=CVE-2023-53140
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06 ("[SCSI] fix /proc memory leak in the SCSI core"). Fix the following kernel warning: proc_dir_entry 'scsi/scsi_debug' already registered WARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_... • https://git.kernel.org/stable/c/77c019768f0607c36e25bec11ce3e1eabef09277 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53139 – nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
https://notcve.org/view.php?id=CVE-2023-53139
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds ... • https://git.kernel.org/stable/c/a06347c04c13e380afce0c9816df51f00b83faf1 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53138 – net: caif: Fix use-after-free in cfusbl_device_notify()
https://notcve.org/view.php?id=CVE-2023-53138
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. This causes a stack trace like below: BUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138 Read of size 8 at addr ffff88807ac4e6f0 by task kworker/u4:6/1214 CPU: 0 PID: 1214 Comm: kworker/u4:6 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 Hardware name: Google Google Compute Engine... • https://git.kernel.org/stable/c/7ad65bf68d705b445ef10b77ab50dab22be185ee •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53137 – ext4: Fix possible corruption when moving a directory
https://notcve.org/view.php?id=CVE-2023-53137
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory. In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/32f7f22c0b52e8189fef83986b16dc7abe95f2c4 •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2023-53130 – block: fix wrong mode for blkdev_put() from disk_scan_partitions()
https://notcve.org/view.php?id=CVE-2023-53130
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for blkdev_put() from disk_scan_partitions() If disk_scan_partitions() is called with 'FMODE_EXCL', blkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow blkdev_put() is still called with 'FMODE_EXCL', which will cause 'bd_holders' counter to leak. Fix the problem by using the right mode for blkdev_put(). In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for bl... • https://git.kernel.org/stable/c/428913bce1e67ccb4dae317fd0332545bf8c9233 •
CVSS: 5.6EPSS: %CPEs: 1EXPL: 0CVE-2023-53129 – ext4: Fix deadlock during directory rename
https://notcve.org/view.php?id=CVE-2023-53129
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: Fix deadlock during directory rename As lockdep properly warns, we should not be locking i_rwsem while having transactions started as the proper lock ordering used by all directory handling operations is i_rwsem -> transaction start. Fix the lock ordering by moving the locking of the directory earlier in ext4_rename(). In the Linux kernel, the following vulnerability has been resolved: ext4: Fix deadlock during directory rename As loc... • https://git.kernel.org/stable/c/3c92792da8506a295afb6d032b4476e46f979725 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53125 – net: usb: smsc75xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53125
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socke... • https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2023-53122 – RISC-V: fix taking the text_mutex twice during sifive errata patching
https://notcve.org/view.php?id=CVE-2023-53122
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: RISC-V: fix taking the text_mutex twice during sifive errata patching Chris pointed out that some bonehead, *cough* me *cough*, added two mutex_locks() to the SiFive errata patching. The second was meant to have been a mutex_unlock(). This results in errors such as Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Oops [#1] Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-rc1-starlight-0007... • https://git.kernel.org/stable/c/bf89b7ee52af5a5944fa3539e86089f72475055b •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53121 – tcp: tcp_make_synack() can be called from process context
https://notcve.org/view.php?id=CVE-2023-53121
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG: BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464 caller is tcp_make_synack+... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •
CVSS: 8.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53117 – fs: prevent out-of-bounds array speculation when closing a file descriptor
https://notcve.org/view.php?id=CVE-2023-53117
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 • https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b •