CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53622 – gfs2: Fix possible data races in gfs2_show_options()
https://notcve.org/view.php?id=CVE-2023-53622
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2_show_options() Some fields such as gt_logd_secs of the struct gfs2_tune are accessed without holding the lock gt_spin in gfs2_show_options(): val = sdp->sd_tune.gt_logd_secs; if (val != 30) seq_printf(s, ",commit=%d", val); And thus can cause data races when gfs2_show_options() and other functions such as gfs2_reconfigure() are concurrently executed: spin_lock(>->gt_spin); gt->gt_logd_secs = newargs->... • https://git.kernel.org/stable/c/48c2b613616235d7c97fda5982f50100a6c79166 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53621 – memcontrol: ensure memcg acquired by id is properly set up
https://notcve.org/view.php?id=CVE-2023-53621
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, there is a chance that the retrieved memcg is not the original memcg that has been killed, but a new one which happens to have the same id. This is a somewhat unfortunate, but acceptable and rare inaccuracy in the heuri... • https://git.kernel.org/stable/c/f78dfc7b77d5c3527d0f895bef693f711802de5a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53620 – md: fix soft lockup in status_resync
https://notcve.org/view.php?id=CVE-2023-53620
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_resync status_resync() will calculate 'curr_resync - recovery_active' to show user a progress bar like following: [============>........] resync = 61.4% 'curr_resync' and 'recovery_active' is updated in md_do_sync(), and status_resync() can read them concurrently, hence it's possible that 'curr_resync - recovery_active' can overflow to a huge number. In this case status_resync() will be stuck in the loop to pri... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53619 – netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
https://notcve.org/view.php?id=CVE-2023-53619
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free If nf_conntrack_init_start() fails (for example due to a register_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini() clean-up path frees the nf_ct_helper_hash map. When built with NF_CONNTRACK=y, further netfilter modules (e.g: netfilter_conntrack_ftp) can still be loaded and call nf_conntrack_helpers_register(), independently of whether nf_conntrack initialized correctl... • https://git.kernel.org/stable/c/12f7a505331e6b2754684b509f2ac8f0011ce644 •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53618 – btrfs: reject invalid reloc tree root keys with stack dump
https://notcve.org/view.php?id=CVE-2023-53618
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). That ASSERT() makes sure the reloc tree is properly pointed back by its subvolume tree. [CAUSE] After more debugging output, it turns out we had an invalid reloc tree: BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17 Note the abo... • https://git.kernel.org/stable/c/259ee7754b6793af8bdd77f9ca818bc41cfe9541 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53617 – soc: aspeed: socinfo: Add kfree for kstrdup
https://notcve.org/view.php?id=CVE-2023-53617
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree() in the later error handling in order to avoid memory leak. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/e0218dca5787c851b403fcbc33cdfec795446fca •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53616 – jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
https://notcve.org/view.php?id=CVE-2023-53616
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674 Free of addr ffff88806f410000 by task syz-executor131/3632 CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0 Hardware name: Google Google Compute Engine/Google Comp... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53615 – scsi: qla2xxx: Fix deletion race condition
https://notcve.org/view.php?id=CVE-2023-53615
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trace that show the same port was allowed to double queue for deletion on different cpu. 20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1 20... • https://git.kernel.org/stable/c/726b85487067d7f5b23495bc33c484b8517c4074 • CWE-413: Improper Resource Locking •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53614 – mm/ksm: fix race with VMA iteration and mm_struct teardown
https://notcve.org/view.php?id=CVE-2023-53614
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held in write mode. Ensure that the maple tree is still valid by checking ksm_test_exit() after taking the mmap_lock in read mode, but before the for_each_vma() iterator dereferences a destroyed maple tree. Since the maple tree is destroyed, the flags telling lockdep to check an external lock has been cleared. Ski... • https://git.kernel.org/stable/c/a5f18ba0727656bd1fe3bcdb0d563f81790f9a04 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53613 – dax: Fix dax_mapping_release() use after free
https://notcve.org/view.php?id=CVE-2023-53613
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like modprobe -r dax_hmem) yields: kobject: 'mapping0' (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000) [..] DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260 [..] RIP: 0010:__lock_acquire+0x9fc/0x2260 [..] Call Trace: