CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53601 – bonding: do not assume skb mac_header is set
https://notcve.org/view.php?id=CVE-2023-53601
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb mac_header is set Drivers must not assume in their ndo_start_xmit() that skbs have their mac_header set. skb->data is all what is needed. bonding seems to be one of the last offender as caught by syzbot: WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.... • https://git.kernel.org/stable/c/7b8fc0103bb51d1d3e1fb5fd67958612e709f883 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53600 – tunnels: fix kasan splat when generating ipv4 pmtu error
https://notcve.org/view.php?id=CVE-2023-53600
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by task iperf3/1691 CPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309 [..] kasan_report+0x105/0x140 ip_compute_csum+0x134/0x220 iptunnel_pmtud_build_icmp+0x554/0x1020 skb_tunnel_check_pmtu+0x513/0xb80 vxlan_... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53599 – crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390
https://notcve.org/view.php?id=CVE-2023-53599
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will oops when it tries to do gcm_walk_start() on req->dst because req->dst is set to the value of areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling aead_request_set_crypt(). The problem comes if an empty ci... • https://git.kernel.org/stable/c/c1abe6f570aff4b6d396dc551e60570d2f50bd79 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53598 – bus: mhi: host: Range check CHDBOFF and ERDBOFF
https://notcve.org/view.php?id=CVE-2023-53598
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic. Range check the read value to prevent a crash due to bad data from the device. In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read fr... • https://git.kernel.org/stable/c/6cd330ae76ffd5c8f6294c423cabde7eeef1b40c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53597 – cifs: fix mid leak during reconnection after timeout threshold
https://notcve.org/view.php?id=CVE-2023-53597
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect the connection. But we do not return the mid, or the credits returned for the mid, or reduce the number of in-flight requests. This bug could result in the server->in_flight count to go bad, and also cause a leak in the mids. This change moves the che... • https://git.kernel.org/stable/c/8e670f77c4a55013db6d23b962f9bf6673a5e7b6 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53596 – drivers: base: Free devm resources when unregistering a device
https://notcve.org/view.php?id=CVE-2023-53596
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices where the device might never get freed if a managed resource holds a reference to the device. This is happening in the DRM framework for example. We should thus call devres_release_all() in the device_del() functi... • https://git.kernel.org/stable/c/a525a3ddeaca69f405d98442ab3c0746e53168dc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53595 – octeontx2-pf: mcs: Fix NULL pointer dereferences
https://notcve.org/view.php?id=CVE-2023-53595
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred. This patch fixes those crashes by using correct order of teardown [ 3324.406942] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 3324.415726] Mem abort info: [ 3324.418510] ESR = 0x96000006 [ 3324.421557] EC = 0x25: DABT (current EL), IL = 32 bits [ 3... • https://git.kernel.org/stable/c/c54ffc73601c0a239e55911923a6e23a2a74f143 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53594 – driver core: fix resource leak in device_add()
https://notcve.org/view.php?id=CVE-2023-53594
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NUL... • https://git.kernel.org/stable/c/cebf8fd16900fdfd58c0028617944f808f97fe50 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53593 – cifs: Release folio lock on fscache read hit.
https://notcve.org/view.php?id=CVE-2023-53593
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the folio once the read has completed, > whether it was successful or not. Without this change, when fscache is in use and cache hit occurs during a read, the ... • https://git.kernel.org/stable/c/c3ac8323f2f5b50e32681c254b8318f7fa2dc3f4 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53592 – gpio: sifive: Fix refcount leak in sifive_gpio_probe
https://notcve.org/view.php?id=CVE-2023-53592
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifive_gpio_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifive_gpio_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_no... • https://git.kernel.org/stable/c/96868dce644d002383f6d5eb575a6ce3c8779f39 •