CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53816 – drm/amdkfd: fix potential kgd_mem UAFs
https://notcve.org/view.php?id=CVE-2023-53816
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex is held. As soon as the mutex is unlocked, another thread can free the BO. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex... • https://git.kernel.org/stable/c/5045360f3bb62ccd4f87202e33489f71f8bbc3fc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53806 – drm/amd/display: populate subvp cmd info only for the top pipe
https://notcve.org/view.php?id=CVE-2023-53806
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. [How] When the driver populates subvp info it did it for both the pipes using vblank which caused an outof bounds array access causing the page fault. added checks to allow the top pipe only to fix this issue. In the Linux kernel, the following ... • https://git.kernel.org/stable/c/92e6c79acad4b96efeff261d27bdbd8089a7dd24 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53804 – nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
https://notcve.org/view.php?id=CVE-2023-53804
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue b... • https://git.kernel.org/stable/c/f31e18131ee2ce80a4da5c808221d25b1ae9ad6d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53803 – scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
https://notcve.org/view.php?id=CVE-2023-53803
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/da1a955c48a16e16e925d6544793914e52a6fa51 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53802 – wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
https://notcve.org/view.php?id=CVE-2023-53802
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kerne... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53801 – iommu/sprd: Release dma buffer to avoid memory leak
https://notcve.org/view.php?id=CVE-2023-53801
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed. In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping ... • https://git.kernel.org/stable/c/92c089a931fd3939cd32318cf4f54e69e8f51a19 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53800 – ubi: Fix use-after-free when volume resizing failed
https://notcve.org/view.php?id=CVE-2023-53800
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53799 – crypto: api - Use work queue in crypto_destroy_instance
https://notcve.org/view.php?id=CVE-2023-53799
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue. In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance... • https://git.kernel.org/stable/c/6bfd48096ff8ecabf955958b51ddfa7988eb0a14 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53794 – cifs: fix session state check in reconnect to avoid use-after-free issue
https://notcve.org/view.php?id=CVE-2023-53794
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2_reconnect_server(), because it will be released soon. Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list. In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-af... • https://git.kernel.org/stable/c/7e4f5c3f01fb0e51ca438e43262d858daf9a0a76 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53789 – iommu/amd: Improve page fault error reporting
https://notcve.org/view.php?id=CVE-2023-53789
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improve page fault error reporting If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer derefence (see below sample log). Lets check whether domain is setup or not and log appropriate message. Sample log: ---------- amdgpu 0000:00:01.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 6 BUG: kern... • https://git.kernel.org/stable/c/be8301e2d5a8b95c04ae8e35d7bfee7b0f03f83a •