CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53769 – virt/coco/sev-guest: Double-buffer messages
https://notcve.org/view.php?id=CVE-2023-53769
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy whole messages in or out as needed before doing any computation on them. In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms rea... • https://git.kernel.org/stable/c/d5af44dde5461d125d1602ac913ab5c6bdf09b8b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53768 – regmap-irq: Fix out-of-bounds access when allocating config buffers
https://notcve.org/view.php?id=CVE-2023-53768
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Fix out-of-bounds access when allocating config buffers When allocating the 2D array for handling IRQ type registers in regmap_add_irq_chip_fwnode(), the intent is to allocate a matrix with num_config_bases rows and num_config_regs columns. This is currently handled by allocating a buffer to hold a pointer for each row (i.e. num_config_bases). After that, the logic attempts to allocate the memory required to hold the register co... • https://git.kernel.org/stable/c/faa87ce9196dbb074d75bd4aecb8bacf18f19b4e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53766 – FS: JFS: Check for read-only mounted filesystem in txBegin
https://notcve.org/view.php?id=CVE-2023-53766
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction potentially saving from NULL pointer deref. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53765 – dm cache: free background tracker's queued work in btracker_destroy
https://notcve.org/view.php?id=CVE-2023-53765
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm cache: free background tracker's queued work in btracker_destroy Otherwise the kernel can BUG with: [ 2245.426978] ============================================================================= [ 2245.435155] BUG bt_work (Tainted: G B W ): Objects remaining in bt_work on __kmem_cache_shutdown() [ 2245.445233] ----------------------------------------------------------------------------- [ 2245.445233] [ 2245.454879] Slab 0x00000000b0ce2b30... • https://git.kernel.org/stable/c/b29d4986d0da1a27cd35917cdb433672f5c95d7f •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53763 – Revert "f2fs: fix to do sanity check on extent cache correctly"
https://notcve.org/view.php?id=CVE-2023-53763
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: fix to do sanity check on extent cache correctly" syzbot reports a f2fs bug as below: UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3275:19 index 1409 is out of range for type '__le32[923]' (aka 'unsigned int[923]') Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 inline_dat... • https://git.kernel.org/stable/c/85eb8b61dd4cfc7a839a0e86287b92ca6193444e •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53762 – Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync
https://notcve.org/view.php?id=CVE-2023-53762
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over the list backwards to ensure the links are cleanup before its parents, also it no longer relies on a cursor, instead it always uses the last element since hci_abort_conn_sync is guaranteed to call hci_conn_del.... • https://git.kernel.org/stable/c/182ee45da083db4e3e621541ccf255bfa9652214 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53761 – USB: usbtmc: Fix direction for 0-length ioctl control messages
https://notcve.org/view.php?id=CVE-2023-53761
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the driver does not check that the direction is set to OUT: ------------[ cut here ]------------ usb 3-1: BOGUS control dir, pipe 80000b80 doesn't match bRequestType fd WARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/u... • https://git.kernel.org/stable/c/658f24f4523e41cda6a389c38b763f4c0cad6fbc •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53759 – HID: hidraw: fix data race on device refcount
https://notcve.org/view.php?id=CVE-2023-53759
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increments the hidraw device reference counter. The counter has no dedicated synchronization mechanism, resulting in a potential data race when concurrently opening a device. The race is a regression introduced by commit 8590222e4b02 ("HID: hidraw: Replace hidraw device table mutex with a rwsem"). While minors_rwsem is intended to protect the hidraw_table itself, by in... • https://git.kernel.org/stable/c/8590222e4b021054a7167a4dd35b152a8ed7018e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53758 – spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()
https://notcve.org/view.php?id=CVE-2023-53758
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() An early error exit in atmel_qspi_remove() doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped register space (because devm_ioremap_resource() is undone). So using the remaining spi controller probably results in an oops. Instead unregister the controller unconditionally and only skip hardware access and clk ... • https://git.kernel.org/stable/c/4a2f83b7f78092a6d9e98fb5573d8f4b79c56336 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53757 – irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
https://notcve.org/view.php?id=CVE-2023-53757
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe of_irq_find_parent() returns a node pointer with refcount incremented, W... • https://git.kernel.org/stable/c/a68a63cb4dfc30e8a79b444aabc7747bb7621acf •