CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53135 – riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
https://notcve.org/view.php?id=CVE-2023-53135
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding function walk_stackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following backtrace: [ 0.000000] ================================================================== [ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a [ 0.000000] Read of size 8 at addr ffffffff81807c... • https://git.kernel.org/stable/c/5d8544e2d0075a5f3c9a2cf27152354d54360da1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53134 – bnxt_en: Avoid order-5 memory allocation for TPA data
https://notcve.org/view.php?id=CVE-2023-53134
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO) completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the amount of memory we allocate is order-5 on systems using 4K pages. Memory allocation failure has been reported: NetworkManager: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), no... • https://git.kernel.org/stable/c/79632e9ba38671215fb193346ef6fb8db582744d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53133 – bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
https://notcve.org/view.php?id=CVE-2023-53133
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 Code: 5e 41 5f c3 c... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53131 – SUNRPC: Fix a server shutdown leak
https://notcve.org/view.php?id=CVE-2023-53131
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. • https://git.kernel.org/stable/c/ed6473ddc704a2005b9900ca08e236ebb2d8540a •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53125 – net: usb: smsc75xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53125
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socke... • https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53124 – scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
https://notcve.org/view.php?id=CVE-2023-53124
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access... • https://git.kernel.org/stable/c/d60000cb1195a464080b0efb4949daf7594e0020 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53123 – PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
https://notcve.org/view.php?id=CVE-2023-53123
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed and later re-added. In commit a50297cf8235 ("s390/pci: separate zbus creation from scanning") it was missed however that struct pci_bus and struct zpci_bus's resource list retained a reference to the PCI functions M... • https://git.kernel.org/stable/c/a50297cf8235b062bcdeaa8b1dad58e69d3e1b43 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53121 – tcp: tcp_make_synack() can be called from process context
https://notcve.org/view.php?id=CVE-2023-53121
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG: BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464 caller is tcp_make_synack+... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53119 – nfc: pn533: initialize struct pn533_out_arg properly
https://notcve.org/view.php?id=CVE-2023-53119
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000... • https://git.kernel.org/stable/c/35529d6b827eedb6bf7e81130e4b7e0aba9e58d2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53118 – scsi: core: Fix a procfs host directory removal regression
https://notcve.org/view.php?id=CVE-2023-53118
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_add_host_with_dma() change since scsi_add_host_with_dma() will return 0 (success) if scsi_proc_host_add() is called. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal re... • https://git.kernel.org/stable/c/891a3cba425cf483d96facca55aebd6ff1da4338 •