CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53515 – virtio-mmio: don't break lifecycle of vm_dev
https://notcve.org/view.php?id=CVE-2023-53515
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vm_dev vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vm_dev struct with devres totally breaks this protection, though. Instead of waiting for the vm_dev release callback, the memory is freed when the platform_device is removed. Resulting in a use-after-free when finally the callback is to be called. • https://git.kernel.org/stable/c/7eb781b1bbb7136fe78fb8c28c1c223c61fa32b5 •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53513 – nbd: fix incomplete validation of ioctl arg
https://notcve.org/view.php?id=CVE-2023-53513
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbd_ioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviour in fs/buffer.c:1709:35 signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long long int' CPU: 3 PID: 2523 Comm: syz-executor.0 Not tainted 4.19.90 #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x3f0 arch... • https://git.kernel.org/stable/c/52851d0c3354b397c11d31dfeb8b2a2fc85a0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53512 – scsi: mpt3sas: Fix a memory leak
https://notcve.org/view.php?id=CVE-2023-53512
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree(). This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/dbec4c9040edc15442c3ebdb65408aa9d3b82c24 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53510 – scsi: ufs: core: Fix handling of lrbp->cmd
https://notcve.org/view.php?id=CVE-2023-53510
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths. - In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd. See also scsi_send_eh_cmnd(). This commit prevents that the following appears if a command time... • https://git.kernel.org/stable/c/5a0b0cb9bee767ef10ff9ce2fb4141af06416288 •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53509 – qed: allow sleep in qed_mcp_trace_dump()
https://notcve.org/view.php?id=CVE-2023-53509
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qed_mcp_trace_dump() By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop that can run 500K times, so calls to qed_mcp_nvm_rd_cmd() may block the current thread for over 5s. We observed thread scheduling delays over 700ms in production, with stacktraces pointing to this code as the culprit. qed_mcp_trace_dump() is called from ethtool, so sleeping is permitted. It already can sleep in qed_mcp_halt(), which ... • https://git.kernel.org/stable/c/c965db44462919f613973aa618271f6c3f5a1e64 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53506 – udf: Do not bother merging very long extents
https://notcve.org/view.php?id=CVE-2023-53506
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in the file as syzbot reproducer shows. So just don't bother with the merging of extents that are too long together. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/d52252a1de4cf96a34f722b0cd8902d8ff78eb57 •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53505 – clk: tegra: tegra124-emc: Fix potential memory leak
https://notcve.org/view.php?id=CVE-2023-53505
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked. In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked. This update provides the initial livepatch for this kernel update. This update doe... • https://git.kernel.org/stable/c/2db04f16b589c6c96bd07df3f1ef8558bfdb6810 •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53503 – ext4: allow ext4_get_group_info() to fail
https://notcve.org/view.php?id=CVE-2023-53503
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info() to fail Previously, ext4_get_group_info() would treat an invalid group number as BUG(), since in theory it should never happen. However, if a malicious attaker (or fuzzer) modifies the superblock via the block device while it is the file system is mounted, it is possible for s_first_data_block to get set to a very large number. In that case, when calculating the block group of some block number (such as the... • https://git.kernel.org/stable/c/100c0ad6c04597fefeaaba2bb1827cc015d95067 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53500 – xfrm: fix slab-use-after-free in decode_session6
https://notcve.org/view.php?id=CVE-2023-53500
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decode_session6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when the xfrm device sends IPv6 packets. The stack information is as follows: BUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890 Read of size 1 at addr ffff8881111458ef by task swapper/3/0 CPU: 3 PID: 0 Comm: swapper/3 Not t... • https://git.kernel.org/stable/c/f855691975bb06373a98711e4cfe2c224244b536 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53499 – virtio_net: Fix error unwinding of XDP initialization
https://notcve.org/view.php?id=CVE-2023-53499
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding of XDP initialization When initializing XDP in virtnet_open(), some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled NAPI, which is not the expected behavior. Need to roll back the previous rq initialization to avoid leaks in error unwinding of init code. Also extract helper functions of disable and enable queue pairs. Use ne... • https://git.kernel.org/stable/c/754b8a21a96d5f11712245aef907149606b323ae •