CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53665 – md: don't dereference mddev after export_rdev()
https://notcve.org/view.php?id=CVE-2023-53665
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be used anymore after export_rdev(). This problem can be triggered by following test for mdadm at very low rate: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" run... • https://git.kernel.org/stable/c/3ce94ce5d05ae89190a23f6187f64d8f4b2d3782 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53664 – OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate()
https://notcve.org/view.php?id=CVE-2023-53664
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate() "opp" pointer is dereferenced before the IS_ERR_OR_NULL() check. Fix it by removing the dereference to cache opp_table and dereference it directly where opp_table is used. This fixes the following smatch warning: drivers/opp/core.c:232 dev_pm_opp_get_required_pstate() warn: variable dereferenced before IS_ERR check 'opp' (see line 230) In the Linux kernel, the follo... • https://git.kernel.org/stable/c/84cb7ff35fcf7c0b552f553a3f2db9c3e92fc707 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53663 – KVM: nSVM: Check instead of asserting on nested TSC scaling support
https://notcve.org/view.php?id=CVE-2023-53663
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO has diverged from KVM's default. Userspace can trigger the WARN at will by writing the MSR and then updating guest CPUID to hide the feature (modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking KVM's state_test selfte... • https://git.kernel.org/stable/c/5228eb96a4875f8cf5d61d486e3795ac14df8904 • CWE-617: Reachable Assertion •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53662 – ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
https://notcve.org/view.php?id=CVE-2023-53662
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} If the filename casefolding fails, we'll be leaking memory from the fscrypt_name struct, namely from the 'crypto_buf.name' member. Make sure we free it in the error path on both ext4_fname_setup_filename() and ext4_fname_prepare_lookup() functions. In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepa... • https://git.kernel.org/stable/c/1ae98e295fa2577fb5e492200c58d10230e00e99 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53661 – bnxt: avoid overflow in bnxt_get_nvram_directory()
https://notcve.org/view.php?id=CVE-2023-53661
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow. Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid ove... • https://git.kernel.org/stable/c/c0c050c58d840994ba842ad1c338a98e7c12b764 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53660 – bpf, cpumap: Handle skb as well when clean up ptr_ring
https://notcve.org/view.php?id=CVE-2023-53660
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptr_ring The following warning was reported when running xdp_redirect_cpu with both skb-mode and stress-mode enabled: ------------[ cut here ]------------ Incorrect XDP memory type (-2128176192) usage WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405 Modules linked in: CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: event... • https://git.kernel.org/stable/c/11941f8a85362f612df61f4aaab0e41b64d2111d • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53659 – iavf: Fix out-of-bounds when setting channels on remove
https://notcve.org/view.php?id=CVE-2023-53659
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavf_remove(), and waiting reset done would be timeout, then returned with error but changed num_active_queues directly, that will lead to OOB like the following logs. Because the num_active_queues is greater than tx/rx_rings[] allocated actually. Reproducer: [root@host ~]# cat repro.sh #!/bin/bash pf_dbsf="0000:41:00.0" vf0_dbsf="0000:41:02.0" g_pids=... • https://git.kernel.org/stable/c/1555d83ddbb7204ef60c58aee6ca3bbef2c5e99f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53658 – spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
https://notcve.org/view.php?id=CVE-2023-53658
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platform_get_drvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master. Fix this by uncondit... • https://git.kernel.org/stable/c/fa236a7ef24048bafaeed13f68df35a819794758 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53657 – ice: Don't tx before switchdev is fully configured
https://notcve.org/view.php?id=CVE-2023-53657
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if switchdev configuration was finished. In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit... • https://git.kernel.org/stable/c/f5396b8a663f7a78ee5b75a47ee524b40795b265 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53656 – drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
https://notcve.org/view.php?id=CVE-2023-53656
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown The driver needs to migrate the perf context if the current using CPU going to teardown. By the time calling the cpuhp::teardown() callback the cpu_online_mask() hasn't updated yet and still includes the CPU going to teardown. In current driver's implementation we may migrate the context to the teardown CPU and leads to the below calltrace: ... [ 368.104662][ T932] task:cpu... • https://git.kernel.org/stable/c/8404b0fbc7fbd42e5c5d28cdedd450e70829c77a • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •