CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53500 – xfrm: fix slab-use-after-free in decode_session6
https://notcve.org/view.php?id=CVE-2023-53500
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decode_session6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when the xfrm device sends IPv6 packets. The stack information is as follows: BUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890 Read of size 1 at addr ffff8881111458ef by task swapper/3/0 CPU: 3 PID: 0 Comm: swapper/3 Not t... • https://git.kernel.org/stable/c/f855691975bb06373a98711e4cfe2c224244b536 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53499 – virtio_net: Fix error unwinding of XDP initialization
https://notcve.org/view.php?id=CVE-2023-53499
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding of XDP initialization When initializing XDP in virtnet_open(), some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled NAPI, which is not the expected behavior. Need to roll back the previous rq initialization to avoid leaks in error unwinding of init code. Also extract helper functions of disable and enable queue pairs. Use ne... • https://git.kernel.org/stable/c/754b8a21a96d5f11712245aef907149606b323ae •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53498 – drm/amd/display: Fix potential null dereference
https://notcve.org/view.php?id=CVE-2023-53498
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null dereference The adev->dm.dc pointer can be NULL and dereferenced in amdgpu_dm_fini() without checking. Add a NULL pointer check before calling dc_dmub_srv_destroy(). Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null dereference The adev->dm.dc pointer can be NULL and dereferenced in amdg... • https://git.kernel.org/stable/c/9a71c7d31734f74549ad2bcd652c403c71e7c8d1 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53497 – media: vsp1: Replace vb2_is_streaming() with vb2_start_streaming_called()
https://notcve.org/view.php?id=CVE-2023-53497
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2_is_streaming() with vb2_start_streaming_called() The vsp1 driver uses the vb2_is_streaming() function in its .buf_queue() handler to check if the .start_streaming() operation has been called, and decide whether to just add the buffer to an internal queue, or also trigger a hardware run. vb2_is_streaming() relies on the vb2_queue structure's streaming field, which used to be set only after calling the .start_streamin... • https://git.kernel.org/stable/c/a10b215325740376ed551814a37d1f8e9d6b1ced •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53496 – x86/platform/uv: Use alternate source for socket to node data
https://notcve.org/view.php?id=CVE-2023-53496
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Use alternate source for socket to node data The UV code attempts to build a set of tables to allow it to do bidirectional socket<=>node lookups. But when nr_cpus is set to a smaller number than actually present, the cpu_to_node() mapping information for unused CPUs is not available to build_socket_tables(). This results in skipping some nodes or sockets when creating the tables and leaving some -1's for later code to trip.... • https://git.kernel.org/stable/c/8a50c58519271dd24ba760bb282875f6ad66ee71 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53495 – net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
https://notcve.org/view.php?id=CVE-2023-53495
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in e... • https://git.kernel.org/stable/c/90b509b39ac9b09be88eb641c7a3abd8de06b698 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53494 – crypto: xts - Handle EBUSY correctly
https://notcve.org/view.php?id=CVE-2023-53494
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of xts may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handl... • https://git.kernel.org/stable/c/8083b1bf8163e7ae7d8c90f221106d96450b8aa8 • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53493 – accel/qaic: tighten bounds checking in decode_message()
https://notcve.org/view.php?id=CVE-2023-53493
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decode_message() Copy the bounds checking from encode_message() to decode_message(). This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later. if (msg_hdr_len < sizeof(*trans_hdr)) Ensure that we have enough space to read the next header from the msg->data. if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -E... • https://git.kernel.org/stable/c/129776ac2e38231fa9c02ce20e116c99de291666 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53492 – netfilter: nf_tables: do not ignore genmask when looking up chain by id
https://notcve.org/view.php?id=CVE-2023-53492
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not ignore genmask when looking up chain by id When adding a rule to a chain referring to its ID, if that chain had been deleted on the same batch, the rule might end up referring to a deleted chain. This will lead to a WARNING like following: [ 33.098431] ------------[ cut here ]------------ [ 33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260 [ 33.099217] M... • https://git.kernel.org/stable/c/837830a4b439bfeb86c70b0115c280377c84714b • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53491 – start_kernel: Add __no_stack_protector function attribute
https://notcve.org/view.php?id=CVE-2023-53491
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_protector function attribute Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") we discussed the need for a function attribute to control the omission of stack protectors on a per-function basis; at the time Clang had support for no_stack_protector but GCC did not. This was fixed in gcc-11. Now that the function attribute is available, let's start using it. Calle... • https://git.kernel.org/stable/c/25e73018b4093e0cfbcec5dc4a4bb86d0b69ed56 •