CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53346 – kernel/fail_function: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53346
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs... • https://git.kernel.org/stable/c/4b1a29a7f5425d32640b34b8a755f34e02f64d0f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53345 – rxrpc: Fix potential data race in rxrpc_wait_to_be_connected()
https://notcve.org/view.php?id=CVE-2023-53345
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() Inside the loop in rxrpc_wait_to_be_connected() it checks call->error to see if it should exit the loop without first checking the call state. This is probably safe as if call->error is set, the call is dead anyway, but we should probably wait for the call state to have been set to completion first, lest it cause surprise on the way out. Fix this by only accessing call->error if... • https://git.kernel.org/stable/c/9d35d880e0e4a3ab32d8c12f9e4d76198aadd42d • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53344 – can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
https://notcve.org/view.php?id=CVE-2023-53344
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline] BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600 aio_rw_done fs/aio.c:1520 [inline] aio_write+0x899/0x950 fs/aio.c:1600 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019 __do_sys_io_submit fs/aio.c:2078 [inline] __se_s... • https://git.kernel.org/stable/c/6f3b911d5f29b98752e5da86a295210c0c4f4e14 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53343 – icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
https://notcve.org/view.php?id=CVE-2023-53343
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). With some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ext Hdr. For example, the script below generates a packet whose src IP is the link-local address and dst is updated to 11::. # for f in $(find /proc/sys/net/ -name *seg6_enabled*); do echo 1 > $f; done # pyth... • https://git.kernel.org/stable/c/4832c30d5458387ff2533ff66fbde26ad8bb5a2d • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53342 – net: marvell: prestera: fix handling IPv4 routes with nhid
https://notcve.org/view.php?id=CVE-2023-53342
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fib_info_nh() with fib_info_nhc(). Trying to add an IPv4 route referencing a nextop via nhid: $ ip link set up swp5 $ ip a a 10.0.0.1/24 dev swp5 $ ip nexthop add dev swp5 id 20 via 10.0.0.2 $ ip route add 10.0.1.0/24 nhid 20 triggers warnings when trying to handle the route: [ 528.805763] ------------[ ... • https://git.kernel.org/stable/c/396b80cb5cc8006a488ea25ef84fae245dc1b43c •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53341 – of/fdt: run soc memory setup when early_init_dt_scan_memory fails
https://notcve.org/view.php?id=CVE-2023-53341
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when early_init_dt_scan_memory fails If memory has been found early_init_dt_scan_memory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on. Previously early_init_dt_scan_memory always returned 0 without distinguishing between any kind of memory setup being done or not. Any code path after the early_init_dt_scan memory call in the ramips plat_mem_setu... • https://git.kernel.org/stable/c/1f012283e9360fb4007308f04cfaeb205e34b684 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53340 – net/mlx5: Collect command failures data only for known commands
https://notcve.org/view.php?id=CVE-2023-53340
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data. In the Linux kernel, t... • https://git.kernel.org/stable/c/34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc • CWE-129: Improper Validation of Array Index •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53339 – btrfs: fix BUG_ON condition in btrfs_cancel_balance
https://notcve.org/view.php?id=CVE-2023-53339
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUG_ON condition in btrfs_cancel_balance Pausing and canceling balance can race to interrupt balance lead to BUG_ON panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance does not take this race scenario into account. However, the race condition has no other side effects. We can fix that. Reproducing it with panic trace like this: kernel BUG at fs/btrfs/volumes.c:4618! • https://git.kernel.org/stable/c/ddf7e8984c83aee9122552529f4e77291903f8d9 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53338 – lwt: Fix return values of BPF xmit ops
https://notcve.org/view.php?id=CVE-2023-53338
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive values, such like NET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function skb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return values would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in ip(6)_finish_output2. When this happens, skbs that have been freed would continue to the neighbor subsystem, causing use-after-free... • https://git.kernel.org/stable/c/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53337 – nilfs2: do not write dirty data after degenerating to read-only
https://notcve.org/view.php?id=CVE-2023-53337
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only degeneration, page cache data may be cleared through nilfs_clear_dirty_page() which may also clear the uptodate flag for their buffer heads. However, even aft... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •