CVSS: 7.2EPSS: %CPEs: 8EXPL: 0CVE-2023-53119 – nfc: pn533: initialize struct pn533_out_arg properly
https://notcve.org/view.php?id=CVE-2023-53119
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000... • https://git.kernel.org/stable/c/35529d6b827eedb6bf7e81130e4b7e0aba9e58d2 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53118 – scsi: core: Fix a procfs host directory removal regression
https://notcve.org/view.php?id=CVE-2023-53118
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_add_host_with_dma() change since scsi_add_host_with_dma() will return 0 (success) if scsi_proc_host_add() is called. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal re... • https://git.kernel.org/stable/c/891a3cba425cf483d96facca55aebd6ff1da4338 •
CVSS: 8.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53117 – fs: prevent out-of-bounds array speculation when closing a file descriptor
https://notcve.org/view.php?id=CVE-2023-53117
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 • https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53116 – nvmet: avoid potential UAF in nvmet_req_complete()
https://notcve.org/view.php?id=CVE-2023-53116
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointer when percpu_ref_put() is called in nvmet_req_complete(). Avoid such problem by using a local variable to save the sq pointer before calling __nvmet_req_complete(), thus avoiding dereferencing the req point... • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53115 – scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
https://notcve.org/view.php?id=CVE-2023-53115
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() Don't allocate memory again when IOC is being reinitialized. • https://git.kernel.org/stable/c/fe6db615156573d3f6a37564b8a590cb03bbaf25 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53114 – i40e: Fix kernel crash during reboot when adapter is in recovery mode
https://notcve.org/view.php?id=CVE-2023-53114
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reprod... • https://git.kernel.org/stable/c/4ff0ee1af016976acb6a525e68ec9a5a85d7abdc •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2023-53113 – wifi: nl80211: fix NULL-ptr deref in offchan check
https://notcve.org/view.php?id=CVE-2023-53113
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NULL-ptr deref in offchan check If, e.g. in AP mode, the link was already created by userspace but not activated yet, it has a chandef but the chandef isn't valid and has no channel. Check for this and ignore this link. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NULL-ptr deref in offchan check If, e.g. in AP mode, the link was already created by userspace but not activated yet, ... • https://git.kernel.org/stable/c/7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53111 – loop: Fix use-after-free issues
https://notcve.org/view.php?id=CVE-2023-53111
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor 'rq' after do_req_filebacked() finished unless we are sure that the request has not yet been completed. This patch fixes the following kernel crash: Unable to handle kernel NULL pointer derefe... • https://git.kernel.org/stable/c/bc07c10a3603a5ab3ef01ba42b3d41f9ac63d1b6 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2023-53110 – net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
https://notcve.org/view.php?id=CVE-2023-53110
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups. This issue dues to the race between smc_smcr_terminate_all() and smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn->sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_... • https://git.kernel.org/stable/c/0b29ec6436138721acf5844e558f7334a0fa61d5 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53109 – net: tunnels: annotate lockless accesses to dev->needed_headroom
https://notcve.org/view.php?id=CVE-2023-53109
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA() helpers. More changes might be needed for completeness. BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit read to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1: ip_tunnel_xmit+0x12... • https://git.kernel.org/stable/c/8eb30be0352d09165e94a41fef1c7b994dca0714 •