CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53226 – wifi: mwifiex: Fix OOB and integer underflow when rx packets
https://notcve.org/view.php?id=CVE-2023-53226
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet not out-of-bounds access the skb->data buffer. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwif... • https://git.kernel.org/stable/c/2dbaf751b1dec3a603130a475f94cc4d3f404362 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-53225 – spi: imx: Don't skip cleanup in remove's error path
https://notcve.org/view.php?id=CVE-2023-53225
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails. In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning... • https://git.kernel.org/stable/c/d593574aff0ab846136190b1729c151c736727ec • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53223 – drm/msm/dsi: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2023-53223
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/517646/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return ... • https://git.kernel.org/stable/c/0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53222 – jfs: jfs_dmap: Validate db_l2nbperpage while mounting
https://notcve.org/view.php?id=CVE-2023-53222
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181.... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53220 – media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-53220
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref... • https://git.kernel.org/stable/c/caa1a700ed2a06a831e6a7db5d9f213fc63caee3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53219 – media: netup_unidvb: fix use-after-free at del_timer()
https://notcve.org/view.php?id=CVE-2023-53219
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: netup_unidvb: fix use-after-free at del_timer() When Universal DVB card is detaching, netup_unidvb_dma_fini() uses del_timer() to stop dma->timeout timer. But when timer handler netup_unidvb_dma_timeout() is running, del_timer() could not stop it. As a result, the use-after-free bug could happen. The process is shown below: (cleanup routine) | (timer routine) | mod_timer(&dev->tx_sim_timer, ..) netup_unidvb_finidev() | (wait a time) ... • https://git.kernel.org/stable/c/52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53218 – rxrpc: Make it so that a waiting process can be aborted
https://notcve.org/view.php?id=CVE-2023-53218
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg() creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA packet content includes a summary of the connection parameters. However, sendmsg() may get interrupted before a connection gets assigned and further sendmsg() calls will fail with EBUSY until an assignment is mad... • https://git.kernel.org/stable/c/540b1c48c37ac0ad66212004db21e1ff7e2d78be • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53215 – sched/fair: Don't balance task to its current running CPU
https://notcve.org/view.php?id=CVE-2023-53215
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in set_task_cpu() like below: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240 Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.... • https://git.kernel.org/stable/c/88b8dac0a14c511ff41486b83a8c3d688936eec0 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53213 – wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
https://notcve.org/view.php?id=CVE-2023-53213
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ==============... • https://git.kernel.org/stable/c/cf2b448852abd47cee21007b8313fbf962bf3c9a • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-53204 – af_unix: Fix data-races around user->unix_inflight.
https://notcve.org/view.php?id=CVE-2023-53204
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. user->unix_inflight is changed under spin_lock(unix_gc_lock), but too_many_unix_fds() reads it locklessly. Let's annotate the write/read accesses to user->unix_inflight. BUG: KCSAN: data-race in unix_attach_fds / unix_inflight write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1: unix_inflight+0x157/0x180 net/unix/scm.c:66 unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123 unix_scm_to... • https://git.kernel.org/stable/c/712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-366: Race Condition within a Thread •