CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53634 – bpf, arm64: Fixed a BTI error on returning to patched function
https://notcve.org/view.php?id=CVE-2023-53634
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed a BTI error on returning to patched function When BPF_TRAMP_F_CALL_ORIG is set, BPF trampoline uses BLR to jump back to the instruction next to call site to call the patched function. For BTI-enabled kernel, the instruction next to call site is usually PACIASP, in this case, it's safe to jump back with BLR. But when the call site is not followed by a PACIASP or bti, a BTI exception is triggered. Here is a fault log: Unhand... • https://git.kernel.org/stable/c/efc9909fdce00a827a37609628223cd45bf95d0b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53633 – accel/qaic: Fix a leak in map_user_pages()
https://notcve.org/view.php?id=CVE-2023-53633
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in map_user_pages() If get_user_pages_fast() allocates some pages but not as many as we wanted, then the current code leaks those pages. Call put_page() on the pages before returning. In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in map_user_pages() If get_user_pages_fast() allocates some pages but not as many as we wanted, then the current code leaks those pages. Call put_... • https://git.kernel.org/stable/c/129776ac2e38231fa9c02ce20e116c99de291666 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53632 – net/mlx5e: Take RTNL lock when needed before calling xdp_set_features()
https://notcve.org/view.php?id=CVE-2023-53632
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features() Hold RTNL lock when calling xdp_set_features() with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep to nic profile for example. This resolves the following call trace: RTNL: assertion failed at net/core/dev.c (1953) WARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80 ... • https://git.kernel.org/stable/c/4d5ab0ad964df178beba031b89429a601893ff61 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53631 – platform/x86: dell-sysman: Fix reference leak
https://notcve.org/view.php?id=CVE-2023-53631
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned. This means that we need to dispose it accordingly. Use kobject_put() to dispose the duplicate attribute in such a case. Compile-tested only. In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-sysman: Fix reference leak If a duplicate attribute is found using kse... • https://git.kernel.org/stable/c/e8a60aa7404bfef37705da5607c97737073ac38d •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53630 – iommufd: Fix unpinning of pages when an access is present
https://notcve.org/view.php?id=CVE-2023-53630
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batch_last_index should use 'start_index' since at input to this function the batch is either empty or it has already been adjusted to cross any accesses so it will start at the point we are unmapping from. Getting this wrong causes the unmap to run over the end of the pages which corrupts pages that were never mapped. In most cases this trigge... • https://git.kernel.org/stable/c/8d160cd4d5066f864ec0f2c981470e55ac03ac27 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53629 – fs: dlm: fix use after free in midcomms commit
https://notcve.org/view.php?id=CVE-2023-53629
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the following KASAN use-after-free warning: [ 151.760477] ================================================================== [ 151.761803] BUG: KASAN: use-after-free in dlm_midcomms_commit_mhandle+0x19d/0x4b0 [ 151.763414] Read of size 4 at addr ffff88811a980c60 by task lock_torture/1347 [ 151.765284] CPU: 7 PID: 1347 Comm... • https://git.kernel.org/stable/c/489d8e559c6596eb08e16447d9830bc39afbe54e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53628 – drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs
https://notcve.org/view.php?id=CVE-2023-53628
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs The gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still use amdgpu_irq_put to disable this interrupt, which caused the call trace in this function. [ 102.873958] Call Trace: [ 102.873959]
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53627 – scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list
https://notcve.org/view.php?id=CVE-2023-53627
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(), it is possible that sas_dev.list is being traversed elsewhere, and it may trigger a NULL pointer exception, such as follows: ==>cq thread ==>scsi_eh_6 ==>scsi_error_handler() ==>sas_eh_handle_sas_errors() ==>sas_scsi_find_task() ==>lldd_abort_task() ==>slot_complete_v3_hw() ==>hisi_sas_abort_task() ==>hisi_sas_... • https://git.kernel.org/stable/c/47caad1577cd7a39e2048c5e4edbce4b863dc12b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53624 – net/sched: sch_fq: fix integer overflow of "credit"
https://notcve.org/view.php?id=CVE-2023-53624
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with "initial quantum" having values greater than INT_MAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this situation, the syzkaller script provided by Cristoph triggers the CPU soft-lockup warning even with few sockets. It's not an infinite loop, but "credit" wasn't probably meant to be minus 2Gb for each new flow. Cap... • https://git.kernel.org/stable/c/afe4fd062416b158a8a8538b23adc1930a9b88dc •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53623 – mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
https://notcve.org/view.php?id=CVE-2023-53623
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() The si->lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available list, which can lead to memory corruption. The only place we have found where this happens is in the swapoff path. This case can be described as below: core 0 core 1 swapoff del_from_avail_list(si) waiting try lock si->lock acquire swap_av... • https://git.kernel.org/stable/c/a2468cc9bfdff6139f59ca896671e5819ff5f94a • CWE-413: Improper Resource Locking •