CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49738 – f2fs: fix to do sanity check on i_extra_isize in is_alive()
https://notcve.org/view.php?id=CVE-2022-49738
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kwo... • https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52942 – cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()
https://notcve.org/view.php?id=CVE-2023-52942
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() It was found that the check to see if a partition could use up all the cpus from the parent cpuset in update_parent_subparts_cpumask() was incorrect. As a result, it is possible to leave parent with no effective cpu left even if there are tasks in the parent cpuset. This can lead to system panic as reported in [1]. Fix this probem by updating the check to fail the enabling t... • https://git.kernel.org/stable/c/f0af1bfc27b52a4d42510051154c61bd176a8f06 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52941 – can: isotp: split tx timer into transmission and timeout
https://notcve.org/view.php?id=CVE-2023-52941
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frames and the echo frames This led to larger txstate checks and potentially to a problem discovered by syzbot which enabled the panic_on_warn feature while testing. The former 'txtimer' function is split into 'txfrtimer... • https://git.kernel.org/stable/c/866337865f3747c68a3e7bb837611e39cec1ecd6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52940 – mm: multi-gen LRU: fix crash during cgroup migration
https://notcve.org/view.php?id=CVE-2023-52940
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This isn't true for the following scenario: CPU 1 CPU 2 clone() cgroup_can_fork() cgroup_procs_write() cgroup_post_fork() task_lock() lru_gen_migrate_mm() task_unlock() task_lock() lru_gen_add_mm() task_unlock() And when the above happens, kernel crashes because of linked list corruption (mm_struct->lru_gen.list). In the ... • https://git.kernel.org/stable/c/bd74fdaea146029e4fa12c6de89adbe0779348a9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52939 – mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
https://notcve.org/view.php?id=CVE-2023-52939
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. In the Lin... • https://git.kernel.org/stable/c/97b27821b4854ca744946dae32a3f2fd55bcd5bc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52937 – HV: hv_balloon: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52937
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() th... • https://git.kernel.org/stable/c/d180e0a1be6cea2b7436fadbd1c96aecdf3c46c7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52936 – kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52936
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling deb... • https://git.kernel.org/stable/c/066ecbf1a53eb0b92b10c8df7808666be6ea5681 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52935 – mm/khugepaged: fix ->anon_vma race
https://notcve.org/view.php?id=CVE-2023-52935
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is at... • https://git.kernel.org/stable/c/f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52934 – mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups
https://notcve.org/view.php?id=CVE-2023-52934
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support to MADV_COLLAPSE") we make the following change to find_pmd_or_thp_or_none(): - if (!pmd_present(pmde)) - return SCAN_PMD_NULL; + if (pmd_none(pmde)) + return SCAN_PMD_NONE; This was for-use by MADV_COLLAPSE file/shmem codepaths, where MADV_COLLAPSE might identify a pte-mapped hugepage, only to have khugepaged race-in, free t... • https://git.kernel.org/stable/c/34488399fa08faaf664743fa54b271eb6f9e1321 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52933 – Squashfs: fix handling and sanity checking of xattr_ids count
https://notcve.org/view.php?id=CVE-2023-52933
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer ... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •