CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53681 – bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
https://notcve.org/view.php?id=CVE-2023-53681
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch_btree_node_alloc may be NULL. This may lead to a potential NULL pointer dereference in caller function like a calling chain : btree_split->bch_btree_node_alloc->__bch_btree_node_alloc. Fix it by initializing the return value in __bch_btree_node_alloc. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/cafe563591446cf80bfbc2fe3bc72a2e36cf1060 •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53680 – NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
https://notcve.org/view.php?id=CVE-2023-53680
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[]. In the Linux kernel, the following vulnera... • https://git.kernel.org/stable/c/f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53679 – wifi: mt7601u: fix an integer underflow
https://notcve.org/view.php?id=CVE-2023-53679
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p... • https://git.kernel.org/stable/c/67e4519afba215199b6dfa39ce5d7ea673ee4138 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53676 – scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
https://notcve.org/view.php?id=CVE-2023-53676
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. In the Linux... • https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53675 – scsi: ses: Fix possible desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-53675
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). • https://git.kernel.org/stable/c/72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53674 – clk: Fix memory leak in devm_clk_notifier_register()
https://notcve.org/view.php?id=CVE-2023-53674
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocated resource was leaked. Fix the issue by registering the resource through devres_add(). This issue was found with kmemleak on a Chromebook. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/6d30d50d037dfa092f9d5d1fffa348ab4abb7163 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53673 – Bluetooth: hci_event: call disconnect callback before deleting conn
https://notcve.org/view.php?id=CVE-2023-53673
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_get, so disconn_cfm must be called so they can clean up their conn, otherwise use-after-free occurs. ISO: ========================================================== iso_sock_connect:880: sk 00000000eabd6557 iso_connect_cis:356: 70:1a:b... • https://git.kernel.org/stable/c/b8d290525e3972b5e876b2649a42bf4081d753fe •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53672 – btrfs: output extra debug info if we failed to find an inline backref
https://notcve.org/view.php?id=CVE-2023-53672
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref [BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref(). [CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inline backref can not be found, and it can only be triggered when @insert is true. (I.e. inserting a new inline backref, which means the backref should alread... • https://git.kernel.org/stable/c/376b41524b71e494514720bd6114325b0a2ed19c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53671 – srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
https://notcve.org/view.php?id=CVE-2023-53671
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL Commit 994f706872e6 ("srcu: Make Tree SRCU able to operate without snp_node array") assumes that cpu 0 is always online. However, there really are situations when some other CPU is the boot CPU, for example, when booting a kdump kernel with the maxcpus=1 boot parameter. On PowerPC, the kdump kernel can hang as follows: ... [ 1.740036] systemd[1]: Hostname set to
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53668 – ring-buffer: Fix deadloop issue on reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-53668
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488] [...] RIP: 0010:ring_buffer_empty_cpu+0xed/0x170 RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218 RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff... • https://git.kernel.org/stable/c/a5fb833172eca69136e9ee1ada778e404086ab8a •