CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53680 – NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
https://notcve.org/view.php?id=CVE-2023-53680
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[]. In the Linux kernel, the following vulnera... • https://git.kernel.org/stable/c/f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53679 – wifi: mt7601u: fix an integer underflow
https://notcve.org/view.php?id=CVE-2023-53679
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p... • https://git.kernel.org/stable/c/c869f77d6abb5d5f9f2f1a661d5c53862a9cad34 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53678 – drm/i915: Fix system suspend without fbdev being initialized
https://notcve.org/view.php?id=CVE-2023-53678
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platforms without display - suspending fbdev should be skipped during system suspend, fix this up. While at it add an assert that suspending fbdev only happens with the display present. This fixes the following: [ 91.227923] PM: suspend entry (s2idle) [ 91.254598] Filesystems sync: 0.025 seconds [ 91.270518] Freezing use... • https://git.kernel.org/stable/c/f8cc091e05305231c8f747ca253a90ff0cea60b9 • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53677 – drm/i915: Fix memory leaks in i915 selftests
https://notcve.org/view.php?id=CVE-2023-53677
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix memory leaks in i915 selftests This patch fixes memory leaks on error escapes in function fake_get_pages (cherry picked from commit 8bfbdadce85c4c51689da10f39c805a7106d4567) • https://git.kernel.org/stable/c/c3bfba9a222550406082c92bbabc9c8b1355d8b8 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53676 – scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
https://notcve.org/view.php?id=CVE-2023-53676
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. In the Linux... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53675 – scsi: ses: Fix possible desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-53675
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support... • https://git.kernel.org/stable/c/9927c68864e9c39cc317b4f559309ba29e642168 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53674 – clk: Fix memory leak in devm_clk_notifier_register()
https://notcve.org/view.php?id=CVE-2023-53674
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocated resource was leaked. Fix the issue by registering the resource through devres_add(). This issue was found with kmemleak on a Chromebook. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/6d30d50d037dfa092f9d5d1fffa348ab4abb7163 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53673 – Bluetooth: hci_event: call disconnect callback before deleting conn
https://notcve.org/view.php?id=CVE-2023-53673
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_get, so disconn_cfm must be called so they can clean up their conn, otherwise use-after-free occurs. ISO: ========================================================== iso_sock_connect:880: sk 00000000eabd6557 iso_connect_cis:356: 70:1a:b... • https://git.kernel.org/stable/c/b8d290525e3972b5e876b2649a42bf4081d753fe •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53672 – btrfs: output extra debug info if we failed to find an inline backref
https://notcve.org/view.php?id=CVE-2023-53672
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref [BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref(). [CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inline backref can not be found, and it can only be triggered when @insert is true. (I.e. inserting a new inline backref, which means the backref should alread... • https://git.kernel.org/stable/c/492104c866cb1b62a11393adccb477f5cd2c7768 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53671 – srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
https://notcve.org/view.php?id=CVE-2023-53671
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL Commit 994f706872e6 ("srcu: Make Tree SRCU able to operate without snp_node array") assumes that cpu 0 is always online. However, there really are situations when some other CPU is the boot CPU, for example, when booting a kdump kernel with the maxcpus=1 boot parameter. On PowerPC, the kdump kernel can hang as follows: ... [ 1.740036] systemd[1]: Hostname set to