CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53316 – drm/msm/dp: Free resources after unregistering them
https://notcve.org/view.php?id=CVE-2023-53316
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Free resources after unregistering them The DP component's unbind operation walks through the submodules to unregister and clean things up. But if the unbind happens because the DP controller itself is being removed, all the memory for those submodules has just been freed. Change the order of these operations to avoid the many use-after-free that otherwise happens in this code path. Patchwork: https://patchwork.freedesktop.org/p... • https://git.kernel.org/stable/c/c943b4948b5848fc0e07f875edbd35a973879e22 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53315 – wifi: ath11k: Fix SKB corruption in REO destination ring
https://notcve.org/view.php?id=CVE-2023-53315
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix SKB corruption in REO destination ring While running traffics for a long time, randomly an RX descriptor filled with value "0" from REO destination ring is received. This descriptor which is invalid causes the wrong SKB (SKB stored in the IDR lookup with buffer id "0") to be fetched which in turn causes SKB memory corruption issue and the same leads to crash after some time. Changed the start id for idr allocation to "1" a... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53314 – fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
https://notcve.org/view.php?id=CVE-2023-53314
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value. Fixes a bug where the driver incorrectly decreases the hardware device's reference counter and leaks the fbdev device. v2: * add Fixes tag (Dan) This update provides the initial livepatch for this kernel update. This upd... • https://git.kernel.org/stable/c/88017bda96a5fd568a982b01546c8fb1782dda62 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53313 – md/raid10: fix wrong setting of max_corr_read_errors
https://notcve.org/view.php?id=CVE-2023-53313
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix wrong setting of max_corr_read_errors There is no input check when echo md/max_read_errors and overflow might occur. Add check of input number. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/1e50915fe0bbf7a46db0fa7e1e604d3fc95f057d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53312 – net: fix net_dev_start_xmit trace event vs skb_transport_offset()
https://notcve.org/view.php?id=CVE-2023-53312
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix net_dev_start_xmit trace event vs skb_transport_offset() After blamed commit, we must be more careful about using skb_transport_offset(), as reminded us by syzbot: WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline] WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14 Modules linked in: CPU: 0 PID: ... • https://git.kernel.org/stable/c/66e4c8d950083df8e12981babca788e1635c92b6 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53311 – nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
https://notcve.org/view.php?id=CVE-2023-53311
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously, nilfs_evict_inode() could cause use-after-free read for nilfs_root if inodes are left in "garbage_list" and released by nilfs_dispose_list at the end of nilfs_detach_log_writer(), and this bug was fixed by commit 9b5a04ac3ad9 ("nil... • https://git.kernel.org/stable/c/0ae45f63d4ef8d8eeec49c7d8b44a1775fff13e8 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53310 – power: supply: axp288_fuel_gauge: Fix external_power_changed race
https://notcve.org/view.php?id=CVE-2023-53310
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where fuel_gauge_external_power_changed() may get ca... • https://git.kernel.org/stable/c/30abb3d07929137bf72327560e1595508a692c4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53309 – drm/radeon: Fix integer overflow in radeon_cs_parser_init
https://notcve.org/view.php?id=CVE-2023-53309
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix integer overflow in radeon_cs_parser_init The type of size is unsigned, if size is 0x40000000, there will be an integer overflow, size will be zero after size *= sizeof(uint32_t), will cause uninitialized memory to be referenced later This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/28a326c592e3e444c59f28b3e60c3b07692928d6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53308 – net: fec: Better handle pm_runtime_get() failing in .remove()
https://notcve.org/view.php?id=CVE-2023-53308
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pm_runtime_get() failing in .remove() In the (unlikely) event that pm_runtime_get() (disguised as pm_runtime_resume_and_get()) fails, the remove callback returned an error early. The problem with this is that the driver core ignores the error value and continues removing the device. This results in a resource leak. Worse the devm allocated resources are freed and so if a callback of the driver is called later the reg... • https://git.kernel.org/stable/c/982d424239d7fae74938557428d45c717567ea9b • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53307 – rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
https://notcve.org/view.php?id=CVE-2023-53307
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_ad... • https://git.kernel.org/stable/c/1643dfa4c2c827d6e2aa419df8c17b0f24090278 • CWE-416: Use After Free •