CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53183 – btrfs: exit gracefully if reloc roots don't match
https://notcve.org/view.php?id=CVE-2023-53183
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). [CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation. This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for i... • https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53182 – ACPICA: Avoid undefined behavior: applying zero offset to null pointer
https://notcve.org/view.php?id=CVE-2023-53182
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53181 – dma-buf/dma-resv: Stop leaking on krealloc() failure
https://notcve.org/view.php?id=CVE-2023-53181
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_... • https://git.kernel.org/stable/c/d3c80698c9f58a0683badf78793eebaa0c71afbd •
CVSS: 7.8EPSS: %CPEs: 11EXPL: 0CVE-2023-53179 – netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
https://notcve.org/view.php?id=CVE-2023-53179
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. This patch adds back the IP_SET_HASH_WITH_NET0 macro to ip_set_hash_netportnet to address the issue. In the Linux kernel, the... • https://git.kernel.org/stable/c/0d5d0b5c41f766355f2b42c47d13ea001f754c7d •
CVSS: 6.3EPSS: %CPEs: 3EXPL: 0CVE-2023-53178 – mm: fix zswap writeback race condition
https://notcve.org/view.php?id=CVE-2023-53178
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different page. The race unfolds like this: 1. a page with data A and swap offset X is stored in zswap 2. page A is removed off the LRU by zpool driver for writeback in zswap-shrink work, data for A is mapped by zpool driver 3. user space prog... • https://git.kernel.org/stable/c/2b2811178e85553405b86e3fe78357b9b95889ce •
CVSS: 5.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53177 – media: hi846: fix usage of pm_runtime_get_if_in_use()
https://notcve.org/view.php?id=CVE-2023-53177
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: hi846: fix usage of pm_runtime_get_if_in_use() pm_runtime_get_if_in_use() does not only return nonzero values when the device is in use, it can return a negative errno too. And especially during resuming from system suspend, when runtime pm is not yet up again, -EAGAIN is being returned, so the subsequent pm_runtime_put() call results in a refcount underflow. Fix system-resume by handling -EAGAIN of pm_runtime_get_if_in_use(). In the... • https://git.kernel.org/stable/c/e8c0882685f9152f0d729664a12bcbe749cb7736 •
CVSS: 8.4EPSS: %CPEs: 8EXPL: 0CVE-2023-53176 – serial: 8250: Reinit port->pm on port specific driver unbind
https://notcve.org/view.php?id=CVE-2023-53176
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port... • https://git.kernel.org/stable/c/490bf37eaabb0a857ed1ae8e75d8854e41662f1c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53175 – PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation
https://notcve.org/view.php?id=CVE-2023-53175
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation When a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI device driver is not loaded yet (i.e. MSI-X/MSI is not enabled on the device yet), doing a VM hibernation triggers a panic in hv_pci_restore_msi_msg() -> msi_lock_descs(&pdev->dev), because pdev->dev.msi.data is still NULL. Avoid the panic by checking if MSI-X/MSI is enabled. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/dc2b453290c471266a2d56d7ead981e3c5cea05e •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53174 – scsi: core: Fix possible memory leak if device_add() fails
https://notcve.org/view.php?id=CVE-2023-53174
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to decrease the reference count in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp(). In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory ... • https://git.kernel.org/stable/c/ee959b00c335d7780136c5abda37809191fe52c3 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53173 – tty: pcn_uart: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53173
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the ... • https://git.kernel.org/stable/c/cf042964c2fa72950bbbf25b2cdd732b873e89db •