CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53020 – l2tp: close all race conditions in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53020
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. • https://git.kernel.org/stable/c/37159ef2c1ae1e696b24b260b241209a19f92c60 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53019 – net: mdio: validate parameter addr in mdiobus_get_phy()
https://notcve.org/view.php?id=CVE-2023-53019
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it. In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in... • https://git.kernel.org/stable/c/7f854420fbfe9d49afe2ffb1df052cfe8e215541 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53016 – Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
https://notcve.org/view.php?id=CVE-2023-53016
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_sock_release could have the rfcomm lock and hit a deadlock for acquiring the sk lock. Here's a simplified flow: rfcomm_sock_connect: lock_sock(sk) rfcomm_dlc_open: rfcomm_lock() rfcomm_sock_release: rfcomm_sock_shutdown: rfcomm_lock()... • https://git.kernel.org/stable/c/1804fdf6e494e5e2938c65d8391690b59bcff897 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53015 – HID: betop: check shape of output reports
https://notcve.org/view.php?id=CVE-2023-53015
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play(). In the Linux kernel, the following vulnerability has been resolved: HID: betop: ch... • https://git.kernel.org/stable/c/52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53013 – ptdma: pt_core_execute_cmd() should use spinlock
https://notcve.org/view.php?id=CVE-2023-53013
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ptdma: pt_core_execute_cmd() should use spinlock The interrupt handler (pt_core_irq_handler()) of the ptdma driver can be called from interrupt context. The code flow in this function can lead down to pt_core_execute_cmd() which will attempt to grab a mutex, which is not appropriate in interrupt context and ultimately leads to a kernel panic. The fix here changes this mutex to a spinlock, which has been verified to resolve the issue. In the... • https://git.kernel.org/stable/c/fa5d823b16a9442d609617abeec31da8b6afa224 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53011 – net: stmmac: enable all safety features by default
https://notcve.org/view.php?id=CVE-2023-53011
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e ("net: stmmac: Add support for DWMAC5 and implement Safety Features") all safety features were enabled by default. Later it seems some implementations didn't have support for all the features, so in commit 5ac712dcdfef ("net: stmmac: enable platform specific safety features") the safety_feat_cfg structure was added to the callback... • https://git.kernel.org/stable/c/5ac712dcdfefb1a783384db85e0507d161e87812 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53010 – bnxt: Do not read past the end of test names
https://notcve.org/view.php?id=CVE-2023-53010
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen [...] Call Trace: bnxt_ethtool_init.cold+0x18/0x18 Refactor struct hwrm_selftest_qlist_output to use an actual array, and adjust the concatenation to use snprintf() rather than a series of strncat() calls. In the Linux kernel... • https://git.kernel.org/stable/c/eb51365846bc418687af4c4f41b68b6e84cdd449 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53009 – drm/amdkfd: Add sync after creating vram bo
https://notcve.org/view.php?id=CVE-2023-53009
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization completion is to resolve this issue. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initializa... • https://git.kernel.org/stable/c/92af2d3b57a1afdfdcafb1c6a07ffd89cf3e98fb •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53007 – tracing: Make sure trace_printk() can output as soon as it can be used
https://notcve.org/view.php?id=CVE-2023-53007
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure trace_printk() can output as soon as it can be used Currently trace_printk() can be used as soon as early_trace_init() is called from start_kernel(). But if a crash happens, and "ftrace_dump_on_oops" is set on the kernel command line, all you get will be: [ 0.456075]