CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53429 – btrfs: don't check PageError in __extent_writepage
https://notcve.org/view.php?id=CVE-2023-53429
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in __extent_writepage __extent_writepage currenly sets PageError whenever any error happens, and the also checks for PageError to decide if to call error handling. This leads to very unclear responsibility for cleaning up on errors. In the VM and generic writeback helpers the basic idea is that once I/O is fired off all error handling responsibility is delegated to the end I/O handler. But if that end I/O handle... • https://git.kernel.org/stable/c/61391d562229ed94899ed4b4973dc2f0c015292a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53428 – powercap: arm_scmi: Remove recursion while parsing zones
https://notcve.org/view.php?id=CVE-2023-53428
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: powercap: arm_scmi: Remove recursion while parsing zones Powercap zones can be defined as arranged in a hierarchy of trees and when registering a zone with powercap_register_zone(), the kernel powercap subsystem expects this to happen starting from the root zones down to the leaves; on the other side, de-registration by powercap_deregister_zone() must begin from the leaf zones. Available SCMI powercap zones are retrieved dynamically from th... • https://git.kernel.org/stable/c/b55eef5226b71edf5422de246bc189da1fdc9000 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53426 – xsk: Fix xsk_diag use-after-free error during socket cleanup
https://notcve.org/view.php?id=CVE-2023-53426
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed or the device disappearing. In the early days of AF_XDP, the way we tested that a socket was not bound to a device was to simply check if the netdevice pointer in the xsk socket structure was NULL. La... • https://git.kernel.org/stable/c/ad7219cd8751bd258b9d1e69ae0654ec00f71875 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53425 – media: platform: mediatek: vpu: fix NULL ptr dereference
https://notcve.org/view.php?id=CVE-2023-53425
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. This fixes this smatch warning: drivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer 'pdev' This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/3003a180ef6b9462f3cccc2a89884ef2332d2a1c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53424 – clk: mediatek: fix of_iomap memory leak
https://notcve.org/view.php?id=CVE-2023-53424
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496. This problem was also found in linux-next. In mtk_clk_simple_probe(), base is not released when handling errors if clk_data is not existed, which may cause a leak. So free_base should be added here to release base. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/c58cd0e40ffac67961b945793876b973728f9b80 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53422 – wifi: iwlwifi: fw: fix memory leak in debugfs
https://notcve.org/view.php?id=CVE-2023-53422
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory leak in debugfs Fix a memory leak that occurs when reading the fw_info file all the way, since we return NULL indicating no more data, but don't free the status tracking object. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory leak in debugfs Fix a memory leak that occurs when reading the fw_info file all the way, since we return NULL indicating no more data, but... • https://git.kernel.org/stable/c/36dfe9ac6e8b8fc2e25733d003a867a40db791da • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53421 – blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
https://notcve.org/view.php?id=CVE-2023-53421
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimpl... • https://git.kernel.org/stable/c/f73316482977ac401ac37245c9df48079d4e11f3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53420 – ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
https://notcve.org/view.php?id=CVE-2023-53420
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxat... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53419 – rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
https://notcve.org/view.php?id=CVE-2023-53419
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall if (special.b.blocked) READ_ONCE(rnp->exp_tasks) != NULL raw_spin_lock_rcu_node np = rcu_next_node_entry(t, rnp) if (&t->rcu_node_entry == rnp->exp_tasks) WRITE_ONCE(rnp->exp_tasks, np) .... raw_spin_unloc... • https://git.kernel.org/stable/c/314eeb43e5f22856b281c91c966e51e5782a3498 • CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53401 – mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
https://notcve.org/view.php?id=CVE-2023-53401
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() KCSAN found an issue in obj_stock_flush_required(): stock->cached_objcg can be reset between the check and dereference: ================================================================== BUG: KCSAN: data-race in drain_all_stock / drain_obj_stock write to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0: drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306 refill_obj_stoc... • https://git.kernel.org/stable/c/bf4f059954dcb221384b2f784677e19a13cd4bdb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •