CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50291 – kcm: annotate data-races around kcm->rx_psock
https://notcve.org/view.php?id=CVE-2022-50291
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm->rx_psock kcm->rx_psock can be read locklessly in kcm_rfree(). Annotate the read and writes accordingly. We do the same for kcm->rx_wait in the following patch. syzbot reported: BUG: KCSAN: data-race in kcm_rfree / unreserve_rx_kcm write to 0xffff888123d827b8 of 8 bytes by task 2758 on cpu 1: unreserve_rx_kcm+0x72/0x1f0 net/kcm/kcmsock.c:313 kcm_rcv_strparser+0x2b5/0x3a0 net/kcm/kcmsock.c:373 __strp_recv+... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53242 – thermal/drivers/hisi: Drop second sensor hi3660
https://notcve.org/view.php?id=CVE-2023-53242
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 ("driver core: Add __alloc_size hint to devm allocators") exposes a panic "BRK handler: Fatal exception" on the hi3660_thermal_probe funciton. This is because the function allocates memory for only one sensors array entry, but tries to fill up a second one. Fix this by removing the unneeded second access. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/7d3a2a2bbadb4bf5856ed394ba09b8fbb7a80460 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53241 – nfsd: call op_release, even when op_func returns an error
https://notcve.org/view.php?id=CVE-2023-53241
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: call op_release, even when op_func returns an error For ops with "trivial" replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is calling op_release. This could cause a memory leak in the layoutget codepath if there is an error at an inopportune time. Have the compound processing engine always call op_release, even when op_func sets an error in ... • https://git.kernel.org/stable/c/34b1744c91ccd44811005822106945fa80ecbff2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53240 – xsk: check IFF_UP earlier in Tx path
https://notcve.org/view.php?id=CVE-2023-53240
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: check IFF_UP earlier in Tx path Xsk Tx can be triggered via either sendmsg() or poll() syscalls. These two paths share a call to common function xsk_xmit() which has two sanity checks within. A pseudo code example to show the two paths: __xsk_sendmsg() : xsk_poll(): if (unlikely(!xsk_is_bound(xs))) if (unlikely(!xsk_is_bound(xs))) return -ENXIO; return mask; if (unlikely(need_wait)) (...) return -EOPNOTSUPP; xsk_xmit() mark napi id (..... • https://git.kernel.org/stable/c/18b1ab7aa76bde181bdb1ab19a87fa9523c32f21 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53239 – drm/msm/mdp5: Add check for kzalloc
https://notcve.org/view.php?id=CVE-2023-53239
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/514154/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avo... • https://git.kernel.org/stable/c/1cff7440a86e04a613665803b42034c467f035fa •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53238 – phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
https://notcve.org/view.php?id=CVE-2023-53238
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM. In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNO_PHY_PORT_NUM) which indicates that INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop. This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next iteration through t... • https://git.kernel.org/stable/c/ba8b0ee81fbbc249e60f84bf097bd56e8047c742 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53237 – drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini
https://notcve.org/view.php?id=CVE-2023-53237
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini The gmc.ecc_irq is enabled by firmware per IFWI setting, and the host driver is not privileged to enable/disable the interrupt. So, it is meaningless to use the amdgpu_irq_put function in gmc_v11_0_hw_fini, which also leads to the call trace. [ 102.980303] Call Trace: [ 102.980303]
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53236 – iommufd: Do not corrupt the pfn list when doing batch carry
https://notcve.org/view.php?id=CVE-2023-53236
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch->end is 0 then setting npfns[0] before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be ordered after. This seems to result in various kinds of page meta-data corruption related failures: WARNING: CPU: 1 PID: 527 at mm/gup.c:75 try_grab_folio+0x503/0x740 Modules linked in: CPU: 1 PID: 527 Comm: repr... • https://git.kernel.org/stable/c/f394576eb11dbcd3a740fa41e577b97f0720d26e •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53235 – drm/tests: helpers: Avoid a driver uaf
https://notcve.org/view.php?id=CVE-2023-53235
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code frees it. Fix this by simply make the driver device-managed as well. In short, the sequence leading to the UAF is as follows: INIT: Code allocates a struct device as a kunit-managed resource. Code allocate... • https://git.kernel.org/stable/c/d98780310719bf4076d975c2ff65c44c7c0d929e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53234 – watchdog: Fix kmemleak in watchdog_cdev_register
https://notcve.org/view.php?id=CVE-2023-53234
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watchdog_cdev_register kmemleak reports memory leaks in watchdog_dev_register, as follows: unreferenced object 0xffff888116233000 (size 2048): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 32 bytes): 80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#..... 08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#............. backtrace: [<000000007f001ffd>] __kmem_cache_alloc_node... • https://git.kernel.org/stable/c/450caf1faa0d7bbbd1da93d3ee8c5edea7bc51a8 •