CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53722 – md: raid1: fix potential OOB in raid1_remove_disk()
https://notcve.org/view.php?id=CVE-2023-53722
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows: 1) commit d17f744e883b ("md-raid10: fix KASAN warning") 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk") Fix this bug by checking whether the "number" variable is valid. In the Linux kernel, the following v... • https://git.kernel.org/stable/c/beedf40f73939f248c81802eda08a2a8148ea13e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53721 – wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()
https://notcve.org/view.php?id=CVE-2023-53721
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan() In ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly used in memcpy(), which may lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of arg.extraie.ptr. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 In the Linux kernel, the following vulnerability has been resolved: wifi: a... • https://git.kernel.org/stable/c/5a263df398b581189fe632b4ab8440f3dd76c251 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53719 – serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
https://notcve.org/view.php?id=CVE-2023-53719
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lines: 631. In arc_serial_probe(), if uart_add_one_port() fails, port->membase is not released, which would cause a resource leak. To fix this, I replace of_iomap with devm_platform_ioremap_resource. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53718 – ring-buffer: Do not swap cpu_buffer during resize process
https://notcve.org/view.php?id=CVE-2023-53718
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in the wrong state will result in oops. This issue can be easily reproduced using the following two scripts: /tmp # cat test1.sh //#! /bin/sh for i in `seq 0 100000` do echo 2000 > /sys/kernel/debug/tracing/buffer_size_kb sleep 0.5 echo... • https://git.kernel.org/stable/c/66a3b2a121386702663065d5c9e5a33c03d3f4a2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53717 – wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
https://notcve.org/view.php?id=CVE-2023-53717
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: s... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53716 – net: fix skb leak in __skb_tstamp_tx()
https://notcve.org/view.php?id=CVE-2023-53716
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with zerocopy skbs. But it ended up adding a leak of its own. When skb_orphan_frags_rx() fails, the function just returns, leaking the skb it just cloned. Free it before returning. This bug was discovered and resolved using Coverity Static Analysis Security Testing... • https://git.kernel.org/stable/c/281072fb2a7294cde7acbf5375b879f40a8001b7 •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53715 – wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
https://notcve.org/view.php?id=CVE-2023-53715
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware (e.g. BCM4387). It seems there was a simple way of passing it in binary all along, so use that and avoid the hexification. OpenBSD has been doing it like this from the beginning, so this should work on all chips. Also clear the structure before setting the PMK. • https://git.kernel.org/stable/c/1687845eb8f37360a9ee849a3587ab659b090773 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53714 – drm/stm: ltdc: fix late dereference check
https://notcve.org/view.php?id=CVE-2023-53714
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a container_of() before the pointer check. This could cause a kernel panic. Fix this smatch warning: drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119) In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check I... • https://git.kernel.org/stable/c/340dba127bbed51e8425cd8e097aacfadd175462 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53712 – ARM: 9317/1: kexec: Make smp stop calls asynchronous
https://notcve.org/view.php?id=CVE-2023-53712
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c ("smp: Warn on function calls from softirq context") this call should not be made synchronous with disabled interrupts: softdog: Initiating panic Kernel panic - not syncing: Software Watchdog Timer expired WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp... • https://git.kernel.org/stable/c/46870eea5496ff277e86187a49ac5a667cfe60c4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53711 – NFS: Fix a potential data corruption
https://notcve.org/view.php?id=CVE-2023-53711
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we still need to add it back to the retransmission list. Add a call that mirrors the effect of nfs_cancel_remove_inode() for O_DIRECT. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potenti... • https://git.kernel.org/stable/c/ed5d588fe47feef290f271022820e255d8371561 •