CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53012 – thermal: core: call put_device() only after device_register() fails
https://notcve.org/view.php?id=CVE-2023-53012
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to device_register(). __thermal_cooling_device_register() doesn't follow that properly and needs fixing. Also thermal_cooling_device_destroy_sysfs() is getting called unnecessarily on few error paths. Fix all this by placing the calls at the right place. Based on initial work done by Caleb Connolly. • https://git.kernel.org/stable/c/5139cbc0c6e4bf2fcffc9a7ed4350bf6985bc561 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53011 – net: stmmac: enable all safety features by default
https://notcve.org/view.php?id=CVE-2023-53011
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e ("net: stmmac: Add support for DWMAC5 and implement Safety Features") all safety features were enabled by default. Later it seems some implementations didn't have support for all the features, so in commit 5ac712dcdfef ("net: stmmac: enable platform specific safety features") the safety_feat_cfg structure was added to the callback... • https://git.kernel.org/stable/c/5ac712dcdfefb1a783384db85e0507d161e87812 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53010 – bnxt: Do not read past the end of test names
https://notcve.org/view.php?id=CVE-2023-53010
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen [...] Call Trace: bnxt_ethtool_init.cold+0x18/0x18 Refactor struct hwrm_selftest_qlist_output to use an actual array, and adjust the concatenation to use snprintf() rather than a series of strncat() calls. In the Linux kernel... • https://git.kernel.org/stable/c/eb51365846bc418687af4c4f41b68b6e84cdd449 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53009 – drm/amdkfd: Add sync after creating vram bo
https://notcve.org/view.php?id=CVE-2023-53009
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization completion is to resolve this issue. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initializa... • https://git.kernel.org/stable/c/92af2d3b57a1afdfdcafb1c6a07ffd89cf3e98fb •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53007 – tracing: Make sure trace_printk() can output as soon as it can be used
https://notcve.org/view.php?id=CVE-2023-53007
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure trace_printk() can output as soon as it can be used Currently trace_printk() can be used as soon as early_trace_init() is called from start_kernel(). But if a crash happens, and "ftrace_dump_on_oops" is set on the kernel command line, all you get will be: [ 0.456075]
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53006 – cifs: Fix oops due to uncleared server->smbd_conn in reconnect
https://notcve.org/view.php?id=CVE-2023-53006
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server->smbd_conn in reconnect In smbd_destroy(), clear the server->smbd_conn pointer after freeing the smbd_connection struct that it points to so that reconnection doesn't get confused. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server->smbd_conn in reconnect In smbd_destroy(), clear the server->smbd_conn pointer after freeing the smbd_connection stru... • https://git.kernel.org/stable/c/8ef130f9ec27973f7b49e20c5a3b9134ca33026c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53005 – trace_events_hist: add check for return value of 'create_hist_field'
https://notcve.org/view.php?id=CVE-2023-53005
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' F... • https://git.kernel.org/stable/c/30350d65ac5676c6d08d4fc935bc9a9cb0fd4ed3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53004 – ovl: fix tmpfile leak
https://notcve.org/view.php?id=CVE-2023-53004
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix tmpfile leak Missed an error cleanup. • https://git.kernel.org/stable/c/2b1a77461f1602f870d6fe61fc65610bb8c8dd05 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53003 – EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
https://notcve.org/view.php?id=CVE-2023-53003
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it... • https://git.kernel.org/stable/c/27450653f1db0b9d5b5048a246c850c52ee4aa61 • CWE-416: Use After Free •