CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53752 – net: deal with integer overflows in kmalloc_reserve()
https://notcve.org/view.php?id=CVE-2023-53752
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmalloc_reserve() Blamed commit changed: ptr = kmalloc(size); if (ptr) size = ksize(ptr); size = kmalloc_size_roundup(size); ptr = kmalloc(size); This allowed various crash as reported by syzbot [1] and Kyle Zeng. Problem is that if @size is bigger than 0x80000001, kmalloc_size_roundup(size) returns 2^32. kmalloc_reserve() uses a 32bit variable (obj_size), so 2^32 is truncated to 0. kmalloc(0) returns ZER... • https://git.kernel.org/stable/c/0dbc898f5917c5a3bec6be19d9f5469cbc351a7d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53751 – cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
https://notcve.org/view.php?id=CVE-2023-53751
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential use-after-free bugs. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many t... • https://git.kernel.org/stable/c/93d5cb517db39e8af8d1292f9e785e4983b7f708 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53750 – pinctrl: freescale: Fix a memory out of bounds when num_configs is 1
https://notcve.org/view.php?id=CVE-2023-53750
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 The config passed in by pad wakeup is 1, when num_configs is 1, Configuration [1] should not be fetched, which will be detected by KASAN as a memory out of bounds condition. Modify to get configs[1] when num_configs is 2. In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 The config passe... • https://git.kernel.org/stable/c/f60c9eac54af28d7b5651fe49944bfd5098550e6 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53748 – media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
https://notcve.org/view.php?id=CVE-2023-53748
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vc... • https://git.kernel.org/stable/c/590577a4e5257ac3ed72999a94666ad6ba8f24bc •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53747 – vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-53747
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_scre... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53746 – s390/vfio-ap: fix memory leak in vfio_ap device driver
https://notcve.org/view.php?id=CVE-2023-53746
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrieve the pointer to the vfio_matrix_dev object in order to free its storage. The problem is, this object is not stored as drvdata with the device; since the kfree function will accept a NULL pointer, the memory for the vfio_matrix_dev object is never freed. Sin... • https://git.kernel.org/stable/c/1fde573413b549d52183382e639c1d6ce88f5959 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53745 – um: vector: Fix memory leak in vector_config
https://notcve.org/view.php?id=CVE-2023-53745
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak. In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak. • https://git.kernel.org/stable/c/49da7e64f33e80edffb1a9eeb230fa4c3f42dffb •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53744 – soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
https://notcve.org/view.php?id=CVE-2023-53744
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. The SUSE Linux... • https://git.kernel.org/stable/c/5a99ae0092fe24fd581fdb6b9c2b48f94f92cf32 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53743 – PCI: Free released resource after coalescing
https://notcve.org/view.php?id=CVE-2023-53743
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. The SUSE Linux Enterprise 15 SP5 R... • https://git.kernel.org/stable/c/465c195e86f3d0ffd2e250c4b78a5a1f11cc1b0a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53742 – kcsan: Avoid READ_ONCE() in read_instrumented_memory()
https://notcve.org/view.php?id=CVE-2023-53742
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000283... • https://git.kernel.org/stable/c/dfd402a4c4baae42398ce9180ff424d589b8bffc •