CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2023-53288 – drm/client: Fix memory leak in drm_client_modeset_probe
https://notcve.org/view.php?id=CVE-2023-53288
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_modeset_probe When a new mode is set to modeset->mode, the previous mode should be freed. This fixes the following kmemleak report: drm_mode_duplicate+0x45/0x220 [drm] drm_client_modeset_probe+0x944/0xf50 [drm] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] drm_client_register+0x169/0x240 [drm] ast_pci_probe+0x142/0x190 [as... • https://git.kernel.org/stable/c/5d580017bdb9b3e930b6009e467e5e1589f8ca8a •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53287 – usb: cdns3: Put the cdns set active part outside the spin lock
https://notcve.org/view.php?id=CVE-2023-53287
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set active part outside the spin lock The device may be scheduled during the resume process, so this cannot appear in atomic operations. Since pm_runtime_set_active will resume suppliers, put set active outside the spin lock, which is only used to protect the struct cdns data structure, otherwise the kernel will report the following warning: BUG: sleeping function called from invalid context at drivers/base/power/ru... • https://git.kernel.org/stable/c/c861a61be6d30538ebcf7fcab1d43f244e298840 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53286 – RDMA/mlx5: Return the firmware result upon destroying QP/RQ
https://notcve.org/view.php?id=CVE-2023-53286
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, the result of the firmware destruction function was ignored and upper layers weren't informed about the failure. Which in turn could lead to various problems since when upper layer isn't aware of the failure it continues its operation thinking that the related QP/RQ was successfully destroyed while it actually wasn't, which could lead to the belo... • https://git.kernel.org/stable/c/73311dd831858d797cf8ebe140654ed519b41c36 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2023-53285 – ext4: add bounds checking in get_max_inline_xattr_value_size()
https://notcve.org/view.php?id=CVE-2023-53285
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file system is mounted, it's possible for the inode table to get corrupted. Add bounds checking to avoid reading beyond the end of allocated memory if this happens. • https://git.kernel.org/stable/c/5a229d21b98d132673096710e8281ef522dab1d1 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53282 – scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
https://notcve.org/view.php?id=CVE-2023-53282
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfc_wr_object() routine: BUG: KFENCE: use-after-free read in lpfc_wr_object+0x235/0x310 [lpfc] Use-after-free read at 0x0000000000cf164d (in kfence-#111): lpfc_wr_object+0x235/0x310 [lpfc] lpfc_write_firmware.cold+0x206/0x30d [lpfc] lpfc_sli4_request_firmware_update+0xa6/0x100... • https://git.kernel.org/stable/c/51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2023-53280 – scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
https://notcve.org/view.php?id=CVE-2023-53280
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up gets called for uninitialized wait queue sp->nvme_ls_waitq. qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0 qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NO... • https://git.kernel.org/stable/c/5621b0dd74532c09965264c14958de3f85b498a6 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53279 – misc: vmw_balloon: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53279
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: vmw_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. • https://git.kernel.org/stable/c/b94b39bf3d545671f210a2257d18e33c8b874699 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53277 – wifi: iwl3945: Add missing check for create_singlethread_workqueue
https://notcve.org/view.php?id=CVE-2023-53277
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwl3945: Add missing check for create_singlethread_workqueue Add the check for the return value of the create_singlethread_workqueue in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/b481de9ca074528fe8c429604e2777db8b89806a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2023-53276 – ubifs: Free memory for tmpfile name
https://notcve.org/view.php?id=CVE-2023-53276
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates memory for the name that is to be stored in the directory entry, but after the name has been copied to the directory entry inode, the memory is not freed. When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'tmpfile' just opening a tmpfile: unr... • https://git.kernel.org/stable/c/8ad8c67a897e68426e85990ebfe0a7d1f71fc79f •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2023-53275 – ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
https://notcve.org/view.php?id=CVE-2023-53275
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync(): if (codec->regmap) In my opinion, this may be a harmful race, because if codec->regmap is set to NULL right after the condition is checked, a null-pointer derefer... • https://git.kernel.org/stable/c/109f0aaa0b8838a88af9125b79579023539300a7 •