CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53023 – net: nfc: Fix use-after-free in local_cleanup()
https://notcve.org/view.php?id=CVE-2023-53023
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. When detaching an nfc device, local_cleanup() called from nfc_llcp_unregister_device() frees local->rx_pending and decreases local->ref by kref_put() in nfc_llcp_local_put(). In the terminating process, nfc daemon releases all socket... • https://git.kernel.org/stable/c/3536da06db0baa675f32de608c0a4c0f5ef0e9ff • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53022 – net: enetc: avoid deadlock in enetc_tx_onestep_tstamp()
https://notcve.org/view.php?id=CVE-2023-53022
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty #967 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. kworker/1:3/179 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff3ec4036ce098 (_xmit_ETHER#2){+.?.}-{3:3}, at: netif_freeze_queues+0x5c/0xc0 {IN-SOFT... • https://git.kernel.org/stable/c/7294380c5211687aa4d66166984b152ee84caf5f •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53021 – net/sched: sch_taprio: fix possible use-after-free
https://notcve.org/view.php?id=CVE-2023-53021
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: fix possible use-after-free syzbot reported a nasty crash [1] in net_tx_action() which made little sense until we got a repro. This repro installs a taprio qdisc, but providing an invalid TCA_RATE attribute. qdisc_create() has to destroy the just initialized taprio qdisc, and taprio_destroy() is called. However, the hrtimer used by taprio had already fired, therefore advance_sched() called __netif_schedule(). Then net... • https://git.kernel.org/stable/c/5a781ccbd19e4664babcbe4b4ead7aa2b9283d22 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53020 – l2tp: close all race conditions in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53020
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. • https://git.kernel.org/stable/c/37159ef2c1ae1e696b24b260b241209a19f92c60 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53019 – net: mdio: validate parameter addr in mdiobus_get_phy()
https://notcve.org/view.php?id=CVE-2023-53019
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it. In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in... • https://git.kernel.org/stable/c/7f854420fbfe9d49afe2ffb1df052cfe8e215541 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53018 – Bluetooth: hci_conn: Fix memory leaks
https://notcve.org/view.php?id=CVE-2023-53018
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the memory pointed by variable d is not freed, which will cause memory leak. Add release process to error path. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the memory point... • https://git.kernel.org/stable/c/eca0ae4aea66914515e5e3098ea051b518ee5316 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53017 – Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()
https://notcve.org/view.php?id=CVE-2023-53017
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr is not freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERR to pass the instance to callback so no memory needs to be allocated. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() When hci_cmd_sync_queue() failed in hci_... • https://git.kernel.org/stable/c/651cd3d65b0f76a2198fcf3a80ce5d53dd267717 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53016 – Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
https://notcve.org/view.php?id=CVE-2023-53016
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_sock_release could have the rfcomm lock and hit a deadlock for acquiring the sk lock. Here's a simplified flow: rfcomm_sock_connect: lock_sock(sk) rfcomm_dlc_open: rfcomm_lock() rfcomm_sock_release: rfcomm_sock_shutdown: rfcomm_lock()... • https://git.kernel.org/stable/c/1804fdf6e494e5e2938c65d8391690b59bcff897 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53015 – HID: betop: check shape of output reports
https://notcve.org/view.php?id=CVE-2023-53015
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play(). In the Linux kernel, the following vulnerability has been resolved: HID: betop: ch... • https://git.kernel.org/stable/c/52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53014 – dmaengine: tegra: Fix memory leak in terminate_all()
https://notcve.org/view.php?id=CVE-2023-53014
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer. This will ensure that the vdesc is present in the desc_terminated list The descriptor will be freed later in desc_free_list(). This fixes the memory leaks which can happen when terminating an ongoing transfer. In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Termin... • https://git.kernel.org/stable/c/ee17028009d49fffed8cc963455d33b1fd3f1d08 •