CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53215 – sched/fair: Don't balance task to its current running CPU
https://notcve.org/view.php?id=CVE-2023-53215
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in set_task_cpu() like below: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240 Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.... • https://git.kernel.org/stable/c/88b8dac0a14c511ff41486b83a8c3d688936eec0 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53213 – wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
https://notcve.org/view.php?id=CVE-2023-53213
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ==============... • https://git.kernel.org/stable/c/cf2b448852abd47cee21007b8313fbf962bf3c9a • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-53204 – af_unix: Fix data-races around user->unix_inflight.
https://notcve.org/view.php?id=CVE-2023-53204
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. user->unix_inflight is changed under spin_lock(unix_gc_lock), but too_many_unix_fds() reads it locklessly. Let's annotate the write/read accesses to user->unix_inflight. BUG: KCSAN: data-race in unix_attach_fds / unix_inflight write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1: unix_inflight+0x157/0x180 net/unix/scm.c:66 unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123 unix_scm_to... • https://git.kernel.org/stable/c/712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-366: Race Condition within a Thread •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53201 – RDMA/bnxt_re: wraparound mbox producer index
https://notcve.org/view.php?id=CVE-2023-53201
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: wraparound mbox producer index Driver is not handling the wraparound of the mbox producer index correctly. Currently the wraparound happens once u32 max is reached. Bit 31 of the producer index register is special and should be set only once for the first command. Because the producer index overflow setting bit31 after a long time, FW goes to initialization sequence and this causes FW hang. Fix is to wraparound the mbox produc... • https://git.kernel.org/stable/c/1ac5a404797523cedaf424a3aaa3cf8f9548dff8 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53200 – netfilter: x_tables: fix percpu counter block leak on error path when creating new netns
https://notcve.org/view.php?id=CVE-2023-53200
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix percpu counter block leak on error path when creating new netns Here is the stack where we allocate percpu counter block: +-< __alloc_percpu +-< xt_percpu_counter_alloc +-< find_check_entry # {arp,ip,ip6}_tables.c +-< translate_table And it can be leaked on this code path: +-> ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails there is no freeing of the counter blo... • https://git.kernel.org/stable/c/71ae0dff02d756e4d2ca710b79f2ff5390029a5f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53199 – wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
https://notcve.org/view.php?id=CVE-2023-53199
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we have an incorrect pkt_len or pkt_tag, the input skb is considered invalid and dropped. All the associated packets already in skb_pool should be dropped and... • https://git.kernel.org/stable/c/44b23b488d44e56d467764ecb661830e5b02b308 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50289 – ocfs2: fix memory leak in ocfs2_stack_glue_init()
https://notcve.org/view.php?id=CVE-2022-50289
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2_stack_glue_init() ocfs2_table_header should be free in ocfs2_stack_glue_init() if ocfs2_sysfs_init() failed, otherwise kmemleak will report memleak. BUG: memory leak unreferenced object 0xffff88810eeb5800 (size 128): comm "modprobe", pid 4507, jiffies 4296182506 (age 55.888s) hex dump (first 32 bytes): c0 40 14 a0 ff ff ff ff 00 00 00 00 01 00 00 00 .@.............. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 0... • https://git.kernel.org/stable/c/3878f110f71a0971ff7acc15dd6db711b6ef37c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50288 – qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
https://notcve.org/view.php?id=CVE-2022-50288
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnic_dcb_enable(), and ins... • https://git.kernel.org/stable/c/3c44bba1d270cb1620b4fe76786d0968118cb86b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50286 – ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
https://notcve.org/view.php?id=CVE-2022-50286
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cluster counts, kernel memory leaks, and potential kernel panics. With bigalloc, the code that determines whether a block must be delayed allocated searches ... • https://git.kernel.org/stable/c/d40e09f701cf7a44e595a558b067b2b4f67fbf87 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50285 – mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
https://notcve.org/view.php?id=CVE-2022-50285
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock. This could lead to a corrupted value of h->resv_huge_pages, which we have observed on our systems. Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a potential race. In the Linux kernel, the follo... • https://git.kernel.org/stable/c/a88c769548047b21f76fd71e04b6a3300ff17160 •