CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53041 – scsi: qla2xxx: Perform lockless command completion in abort path
https://notcve.org/view.php?id=CVE-2023-53041
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_... • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53040 – ca8210: fix mac_len negative array access
https://notcve.org/view.php?id=CVE-2023-53040
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. • https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53038 – scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
https://notcve.org/view.php?id=CVE-2023-53038
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata. Currently, an early return error is thrown from lpfc_read_object() to protect us from NULL ptr dereference, but the errno code is -ENODEV. Change the errno code to a more appropriate -ENOMEM. In the Linux kernel, the following vulnerability has been resolved: scsi: lp... • https://git.kernel.org/stable/c/67b8343998b84418bc5b5206aa01fe9b461a80ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53036 – drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
https://notcve.org/view.php?id=CVE-2023-53036
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the check to prevent memory wipe in shutdown stage. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001]
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53035 – nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
https://notcve.org/view.php?id=CVE-2023-53035
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the... • https://git.kernel.org/stable/c/a94932381e8dae4117e9129b3c1282e18aa97b05 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49932 – KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
https://notcve.org/view.php?id=CVE-2022-49932
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace Call kvm_init() only after _all_ setup is complete, as kvm_init() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to create a VM before vmx_init() configures said list. BUG: kernel NULL pointer d... • https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49880 – ext4: fix warning in 'ext4_da_release_space'
https://notcve.org/view.php?id=CVE-2022-49880
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block reservation details EXT4-fs (loop0): i_reserved_data_blocks=0 EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks ------------[ cut here ]------------ WAR... • https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49879 – ext4: fix BUG_ON() when directory entry has invalid rec_len
https://notcve.org/view.php?id=CVE-2022-49879
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir(). ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: <TASK> ? • https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49864 – drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
https://notcve.org/view.php?id=CVE-2022-49864
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. A flaw was found in the Linux kernel's AMD Kernel Fusion Driver (AMDKFD). In specific error conditions, an object holding a NULL value is used, causing a NULL pointer dereference and resulting in a denial of service. • https://git.kernel.org/stable/c/3c1bb6187e566143f15dbf0367ae671584aead5b • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49839 – scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
https://notcve.org/view.php?id=CVE-2022-49839
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)... • https://git.kernel.org/stable/c/c7ebbbce366c02e5657ac6b6059933fe0353b175 • CWE-476: NULL Pointer Dereference •