CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53522 – cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
https://notcve.org/view.php?id=CVE-2023-53522
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomic_inc() in freezer_apply_state() with static_branch_inc() which holds cpu_hotplug_lock. cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex cgroup_file_write() { cgroup_procs_write() { __cgroup_procs... • https://git.kernel.org/stable/c/f5d39b020809146cc28e6e73369bf8065e0310aa •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53521 – scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
https://notcve.org/view.php?id=CVE-2023-53521
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev->components is zero, accessing edev->component[0] members is wrong. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_... • https://git.kernel.org/stable/c/9927c68864e9c39cc317b4f559309ba29e642168 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53520 – Bluetooth: Fix hci_suspend_sync crash
https://notcve.org/view.php?id=CVE-2023-53520
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the call trace: <4>[102152.653246] Call Trace: <4>[102152.653254] hci_suspend_sync+0x109/0x301 [bluetooth] <4>[102152.653259] hci_suspend_dev+0x78/0xcd [bluetooth] <4>[102152.653263] hci_suspend_notifier+0x42/0x7a [bluetooth] <4>[102152.653268] notifier_call_chai... • https://git.kernel.org/stable/c/9952d90ea2885d7cbf80cd233f694f09a9c0eaec •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53519 – media: v4l2-mem2mem: add lock to protect parameter num_rdy
https://notcve.org/view.php?id=CVE-2023-53519
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready. kworker/u16:3: [name:report&]BUG: KCSAN: data-race in v4l2_m2m_buf_queue kworker/u16:3: [name:report&] kworker/u16:3: [name:report&]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 o... • https://git.kernel.org/stable/c/908a0d7c588ef87e5cf0a26805e6002a78ac9d13 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53518 – PM / devfreq: Fix leak in devfreq_dev_release()
https://notcve.org/view.php?id=CVE-2023-53518
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call. Reported by kmemleak. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call. Reported by kmemleak. This updat... • https://git.kernel.org/stable/c/0fe3a66410a3ba96679be903f1e287d7a0a264a9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53517 – tipc: do not update mtu if msg_max is too small in mtu negotiation
https://notcve.org/view.php?id=CVE-2023-53517
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for the minimum mtu, l->mtu will be set to 4 in tipc_link_proto_rcv(), then n->links[bearer_id].mtu is set to 4294967228, which is a overflow of '4 - INT_H_SIZE - EMSG_OVERHEAD' in tipc_link_mss(). With tipc_link.mtu = 4, tipc_link_xmit(... • https://git.kernel.org/stable/c/ed193ece2649c194a87a9d8470195760d367c075 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53515 – virtio-mmio: don't break lifecycle of vm_dev
https://notcve.org/view.php?id=CVE-2023-53515
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vm_dev vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vm_dev struct with devres totally breaks this protection, though. Instead of waiting for the vm_dev release callback, the memory is freed when the platform_device is removed. Resulting in a use-after-free when finally the callback is to be called. • https://git.kernel.org/stable/c/7eb781b1bbb7136fe78fb8c28c1c223c61fa32b5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53514 – gpu: host1x: Fix memory leak of device names
https://notcve.org/view.php?id=CVE-2023-53514
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0. As comment of device_add() says, if it fails, use only put_device() drop the refcount, then the name will be freed in kobejct_cleanup(). device_del() and put_device() can be replaced with device... • https://git.kernel.org/stable/c/8aa5bcb61612060429223d1fbb7a1c30a579fc1f •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53513 – nbd: fix incomplete validation of ioctl arg
https://notcve.org/view.php?id=CVE-2023-53513
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbd_ioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviour in fs/buffer.c:1709:35 signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long long int' CPU: 3 PID: 2523 Comm: syz-executor.0 Not tainted 4.19.90 #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x3f0 arch... • https://git.kernel.org/stable/c/b9c495bb6d8edc719fd23af2ac67de8303cfc1e8 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53512 – scsi: mpt3sas: Fix a memory leak
https://notcve.org/view.php?id=CVE-2023-53512
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree(). This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/dbec4c9040edc15442c3ebdb65408aa9d3b82c24 • CWE-772: Missing Release of Resource after Effective Lifetime •