CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53192 – vxlan: Fix nexthop hash size
https://notcve.org/view.php?id=CVE-2023-53192
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix nexthop hash size The nexthop code expects a 31 bit hash, such as what is returned by fib_multipath_hash() and rt6_multipath_hash(). Passing the 32 bit hash returned by skb_get_hash() can lead to problems related to the fact that 'int hash' is a negative number when the MSB is set. In the case of hash threshold nexthop groups, nexthop_select_path_hthr() will disproportionately select the first nexthop group entry. In the case of ... • https://git.kernel.org/stable/c/1274e1cc42264d4e629841e4f182795cb0becfd2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53191 – irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
https://notcve.org/view.php?id=CVE-2023-53191
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains of_irq_find_parent() returns a node pointer with refcount increm... • https://git.kernel.org/stable/c/e6b78f2c3e14a9e3a909be3e6ec305d9f1cbabbd •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53189 – ipv6/addrconf: fix a potential refcount underflow for idev
https://notcve.org/view.php?id=CVE-2023-53189
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconf_mod_rs_timer(), reference idev depends on whether rs_timer is not pending. Then modify rs_timer timeout. There is a time gap in [1], during which if the pending rs_timer becomes not pending. It will miss to hold idev, but the rs_timer is activated. Thus rs_timer callback function addrconf_rs_timer() will be executed and put idev later without holding idev. • https://git.kernel.org/stable/c/b7b1bfce0bb68bd8f6e62a28295922785cc63781 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53188 – net: openvswitch: fix race on port output
https://notcve.org/view.php?id=CVE-2023-53188
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows 2. two network namespaces "server" and "client" 3. two ovs interfaces "server" and "client" on the bridge 4. for each ovs interface a veth pair with a matching name and 32 rx and tx queues 5. move the ends of the veth pairs to the respective network namespaces 6. assign ip addresses to each o... • https://git.kernel.org/stable/c/7f8a436eaa2c3ddd8e1ff2fbca267e6275085536 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53186 – skbuff: Fix a race between coalescing and releasing SKBs
https://notcve.org/view.php?id=CVE-2023-53186
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 ("skbuff: fix coalescing for page_pool fragment recycling") allowed coalescing to proceed with non page pool page and page pool page when @from is cloned, i.e. to->pp_recycle --> false from->pp_recycle --> true skb_cloned(from) --> true However, it actually requires skb_cloned(@from) to hold true until coalescing finishes in this situation. If the other cloned SKB ... • https://git.kernel.org/stable/c/53e0961da1c7bbdabd1abebb20de403ec237ec09 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53185 – wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
https://notcve.org/view.php?id=CVE-2023-53185
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53182 – ACPICA: Avoid undefined behavior: applying zero offset to null pointer
https://notcve.org/view.php?id=CVE-2023-53182
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-53179 – netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
https://notcve.org/view.php?id=CVE-2023-53179
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. This patch adds back the IP_SET_HASH_WITH_NET0 macro to ip_set_hash_netportnet to address the issue. In the Linux kernel, the... • https://git.kernel.org/stable/c/0d5d0b5c41f766355f2b42c47d13ea001f754c7d •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53178 – mm: fix zswap writeback race condition
https://notcve.org/view.php?id=CVE-2023-53178
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different page. The race unfolds like this: 1. a page with data A and swap offset X is stored in zswap 2. page A is removed off the LRU by zpool driver for writeback in zswap-shrink work, data for A is mapped by zpool driver 3. user space prog... • https://git.kernel.org/stable/c/2b2811178e85553405b86e3fe78357b9b95889ce • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53176 – serial: 8250: Reinit port->pm on port specific driver unbind
https://notcve.org/view.php?id=CVE-2023-53176
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port... • https://git.kernel.org/stable/c/c161afe9759ddcc174d08e7c4f683d08ac9ba86f •