CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53210 – md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()
https://notcve.org/view.php?id=CVE-2023-53210
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() r5l_flush_stripe_to_raid() will check if the list 'flushing_ios' is empty, and then submit 'flush_bio', however, r5l_log_flush_endio() is clearing the list first and then clear the bio, which will cause null-ptr-deref: T1: submit flush io raid5d handle_active_stripes r5l_flush_stripe_to_raid // list is empty // add 'io_end_ios' to the list bio_init submit_bio // io1 T2: io1 i... • https://git.kernel.org/stable/c/0dd00cba99c352dc9afd62979f350d808c215cb9 • CWE-366: Race Condition within a Thread CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53209 – wifi: mac80211_hwsim: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2023-53209
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. ... • https://git.kernel.org/stable/c/86e74a08fecb59985bb2d5fe3e96dc108822a420 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53208 – KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
https://notcve.org/view.php?id=CVE-2023-53208
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from the default. Functionally, the end result is the same as KVM will run L2 with L1's multiplier if L2's multiplier is the default, i.e. checking that L1's multiplier is loaded is equivalent to checking if L2 has a non... • https://git.kernel.org/stable/c/5228eb96a4875f8cf5d61d486e3795ac14df8904 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53207 – ublk: fail to recover device if queue setup is interrupted
https://notcve.org/view.php?id=CVE-2023-53207
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be triggered. In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublk_ctrl_end_recovery(), if wait_fo... • https://git.kernel.org/stable/c/c732a852b419fa057b53657e2daaf9433940391c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53206 – hwmon: (pmbus_core) Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-53206
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus_core) Fix NULL pointer dereference Pass i2c_client to _pmbus_is_enabled to drop the assumption that a regulator device is passed in. This will fix the issue of a NULL pointer dereference when called from _pmbus_get_flags. In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus_core) Fix NULL pointer dereference Pass i2c_client to _pmbus_is_enabled to drop the assumption that a regulator device is pass... • https://git.kernel.org/stable/c/df5f6b6af01ca326dd4babb287c9580fed0ad3d6 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53205 – KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
https://notcve.org/view.php?id=CVE-2023-53205
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler We do check for target CPU == -1, but this might change at the time we are going to use it. Hold the physical target CPU in a local variable to avoid out-of-bound accesses to the cpu arrays. In the Linux kernel, the following vulnerability has been resolved: KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler We do check for target CPU == -1, but... • https://git.kernel.org/stable/c/87e28a15c42cc592009c32a8c20e5789059027c2 •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-53204 – af_unix: Fix data-races around user->unix_inflight.
https://notcve.org/view.php?id=CVE-2023-53204
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. user->unix_inflight is changed under spin_lock(unix_gc_lock), but too_many_unix_fds() reads it locklessly. Let's annotate the write/read accesses to user->unix_inflight. BUG: KCSAN: data-race in unix_attach_fds / unix_inflight write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1: unix_inflight+0x157/0x180 net/unix/scm.c:66 unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123 unix_scm_to... • https://git.kernel.org/stable/c/712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-366: Race Condition within a Thread •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53203 – wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val
https://notcve.org/view.php?id=CVE-2023-53203
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val In order to fix a possible NULL pointer dereference in mt7996_mac_write_txwi() of vif pointer, export mt76_connac2_mac_tx_rate_val utility routine and reuse it in mt7996 driver. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val In order to fix a possible NULL pointer dereference in mt7996_mac_write_txwi() of vi... • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53202 – PM: domains: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53202
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the resu... • https://git.kernel.org/stable/c/718072ceb211833f3c71724f49d733d636067191 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53201 – RDMA/bnxt_re: wraparound mbox producer index
https://notcve.org/view.php?id=CVE-2023-53201
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: wraparound mbox producer index Driver is not handling the wraparound of the mbox producer index correctly. Currently the wraparound happens once u32 max is reached. Bit 31 of the producer index register is special and should be set only once for the first command. Because the producer index overflow setting bit31 after a long time, FW goes to initialization sequence and this causes FW hang. Fix is to wraparound the mbox produc... • https://git.kernel.org/stable/c/1ac5a404797523cedaf424a3aaa3cf8f9548dff8 •