CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53846 – f2fs: fix to do sanity check on direct node in truncate_dnode()
https://notcve.org/view.php?id=CVE-2023-53846
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports below bug: BUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574 Read of size 4 at addr ffff88802a25c000 by task syz-executor148/5000 CPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 C... • https://git.kernel.org/stable/c/af0f716ad3b039cab9d426da63a5ee6c88751185 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53845 – nilfs2: fix infinite loop in nilfs_mdt_get_block()
https://notcve.org/view.php?id=CVE-2023-53845
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinit... • https://git.kernel.org/stable/c/cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53841 – devlink: report devlink_port_type_warn source device
https://notcve.org/view.php?id=CVE-2023-53841
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: devlink: report devlink_port_type_warn source device devlink_port_type_warn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device (driver) has no devlink port set. [ 3709.975552] Type was not set for devlink port. [ 3709.975579] WARNING: CPU: 1 PID: 13092 at net/devlink/leftover.c:6775 devlink_port_type_warn+0x11/0x20 [ 3709.993967] Modules linked in: openvswitch... • https://git.kernel.org/stable/c/970c7035f4b03c7be9f49c403ccf6fb0b70039a1 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53840 – usb: early: xhci-dbc: Fix a potential out-of-bound memory access
https://notcve.org/view.php?id=CVE-2023-53840
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is a static variable, in order to avoid troubles, should it happen. In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: F... • https://git.kernel.org/stable/c/aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53839 – dccp: fix data-race around dp->dccps_mss_cache
https://notcve.org/view.php?id=CVE-2023-53839
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking... • https://git.kernel.org/stable/c/7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53834 – iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
https://notcve.org/view.php?id=CVE-2023-53834
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings: power-sensor@40 { compatible = "ti,ina232", "ti,ina231"; ... }; Since the driver doesn't declare a compatible string "ti,ina232", the OF matching succeeds on "ti,ina231". But the I2C device ID info is populated via the f... • https://git.kernel.org/stable/c/c43a102e67db99c8bfe6e8a9280cec13ff53b789 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53832 – md/raid10: fix null-ptr-deref in raid10_sync_request
https://notcve.org/view.php?id=CVE-2023-53832
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recovery might be skipped and init_resync() is called but close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio. The following is one way to reproduce the issue. 1) create a array, wait for resync to complete, mddev->recove... • https://git.kernel.org/stable/c/7e83ccbecd608b971f340e951c9e84cd0343002f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53831 – net: read sk->sk_family once in sk_mc_loop()
https://notcve.org/view.php?id=CVE-2023-53831
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop() We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260 Modules linked in: CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26... • https://git.kernel.org/stable/c/7ad6848c7e81a603605fad3f3575841aab004eea •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53829 – f2fs: flush inode if atomic file is aborted
https://notcve.org/view.php?id=CVE-2023-53829
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f2fs_abort_atomic_write+0xc4/0xf0 [f2fs] f2fs_evict_inode+0x3f/0x690 [f2fs] ? sugov_start+0x140/0x140 evict+0xc3/0x1c0 evict_inodes+0x17b/0x210 generic_shutdown_super+0x32/0x120 kill_block_super+0x21/0x50 deactivate_locked_super+0x31/0x90 c... • https://git.kernel.org/stable/c/1c64dbe8fa3552a340bca6d7fa09468c16ed2a85 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53827 – Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
https://notcve.org/view.php?id=CVE-2023-53827
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth:... • https://git.kernel.org/stable/c/f2d38e77aa5f3effc143e7dd24da8acf02925958 •