CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53718 – ring-buffer: Do not swap cpu_buffer during resize process
https://notcve.org/view.php?id=CVE-2023-53718
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in the wrong state will result in oops. This issue can be easily reproduced using the following two scripts: /tmp # cat test1.sh //#! /bin/sh for i in `seq 0 100000` do echo 2000 > /sys/kernel/debug/tracing/buffer_size_kb sleep 0.5 echo... • https://git.kernel.org/stable/c/83f40318dab00e3298a1f6d0b12ac025e84e478d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53717 – wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
https://notcve.org/view.php?id=CVE-2023-53717
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: s... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53712 – ARM: 9317/1: kexec: Make smp stop calls asynchronous
https://notcve.org/view.php?id=CVE-2023-53712
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c ("smp: Warn on function calls from softirq context") this call should not be made synchronous with disabled interrupts: softdog: Initiating panic Kernel panic - not syncing: Software Watchdog Timer expired WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp... • https://git.kernel.org/stable/c/b23065313297e750edd57ab6edfd36224826724e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53707 – drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
https://notcve.org/view.php?id=CVE-2023-53707
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 The type of size is unsigned int, if size is 0x40000000, there will be an integer overflow, size will be zero after size *= sizeof(uint32_t), will cause uninitialized memory to be referenced later. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 The type of size is unsigned int, if size is 0x40000000, there will be an ... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53705 – ipv6: Fix out-of-bounds access in ipv6_find_tlv()
https://notcve.org/view.php?id=CVE-2023-53705
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checking whether there is more than one byte... • https://git.kernel.org/stable/c/c61a404325093250b676f40ad8f4dd00f3bcab5f • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53695 – udf: Detect system inodes linked into directory hierarchy
https://notcve.org/view.php?id=CVE-2023-53695
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kernel confusion as noticed by syzbot fuzzed images. Refuse to access system inodes linked into directory hierarchy and vice versa. In the Linux kernel, the following vulnerability has been resolved: udf: Detect system i... • https://git.kernel.org/stable/c/6174c2eb8ecef271159bdcde460ce8af54d8f72f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50581 – hfs: fix OOB Read in __hfs_brec_find
https://notcve.org/view.php?id=CVE-2022-50581
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in __hfs_brec_find Syzbot reported a OOB read bug: ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190 fs/hfs/string.c:84 Read of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11 CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 Workqueue: writeback wb_workfn (flush-7:0) Call Trace:
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50580 – blk-throttle: prevent overflow while calculating wait time
https://notcve.org/view.php?id=CVE-2022-50580
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tg_with_in_bps_limit() that 'bps_limit * jiffy_elapsed_rnd' might overflow. Fix the problem by calling mul_u64_u64_div_u64() instead. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tg_with_in_bps_limit() that 'bps_limit... • https://git.kernel.org/stable/c/e43473b7f223ec866f7db273697e76c337c390f9 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50576 – serial: pch: Fix PCI device refcount leak in pch_request_dma()
https://notcve.org/view.php?id=CVE-2022-50576
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pch_request_dma() As comment of pci_get_slot() says, it returns a pci_device with its refcount increased. The caller must decrement the reference count by calling pci_dev_put(). Since 'dma_dev' is only used to filter the channel in filter(), we can call pci_dev_put() before exiting from pch_request_dma(). Add the missing pci_dev_put() for the normal and error path. In the Linux kernel, the follow... • https://git.kernel.org/stable/c/3c6a483275f47a2ef7119309ad3d791c10cf30da •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50569 – xfrm: Update ipcomp_scratches with NULL when freed
https://notcve.org/view.php?id=CVE-2022-50569
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcomp_scratches with NULL when freed Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below: static void * __percpu *ipcomp_alloc_scratches(void) { ... scratches = alloc_percpu(void *); if (!scratches) return NULL; ipcomp_scratches does not know about... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •