CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53460 – wifi: rtw88: fix memory leak in rtw_usb_probe()
https://notcve.org/view.php?id=CVE-2023-53460
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtw_usb_probe() drivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe() warn: 'hw' from ieee80211_alloc_hw() not released on lines: 811 Fix this by modifying return to a goto statement. In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtw_usb_probe() drivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe() warn: 'hw' from ieee80211_alloc_hw() not rel... • https://git.kernel.org/stable/c/e3037485c68ec1a299ff41160d8fedbd4abc29b9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53459 – HID: mcp-2221: prevent UAF in delayed work
https://notcve.org/view.php?id=CVE-2023-53459
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work. Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself. In the Linux kernel, the following vulnerability has been resolved... • https://git.kernel.org/stable/c/960f9df7c620ecb6030aff1d9a6c3d67598b8290 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53458 – media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()
https://notcve.org/view.php?id=CVE-2023-53458
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae91... • https://git.kernel.org/stable/c/f0a06203f2fe63f04311467200c99c4ee1926578 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53457 – FS: JFS: Fix null-ptr-deref Read in txBegin
https://notcve.org/view.php?id=CVE-2023-53457
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved by checking if the filesystem is read-only before calling txBegin, and returning with appropiate error code. • https://git.kernel.org/stable/c/a7225e9e09519deb7e0c42eb6070029cc456e84d •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53456 – scsi: qla4xxx: Add length check when parsing nlattrs
https://notcve.org/view.php?id=CVE-2023-53456
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap di... • https://git.kernel.org/stable/c/00c31889f7513e9ffa6b2b4de8ad6d7f59a61c80 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53455 – drm/vc4: drop all currently held locks if deadlock happens
https://notcve.org/view.php?id=CVE-2023-53455
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4_hdmi_reset_link() returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks and block until the contended lock becomes available. Currently, vc4 is not dealing with the deadlock properly, producing the following output when PROVE_LOCKING is enabled: [ 825.612809] ------------[ cut here ]... • https://git.kernel.org/stable/c/6bed2ea3cb3856edf37cca20753e689ee8774793 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53454 – HID: multitouch: Correct devm device reference for hidinput input_dev name
https://notcve.org/view.php?id=CVE-2023-53454
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management. Use devm_kasprintf to simplify the l... • https://git.kernel.org/stable/c/c08d46aa805ba46d501f610c2448d07bea979780 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53453 – drm/radeon: free iio for atombios when driver shutdown
https://notcve.org/view.php?id=CVE-2023-53453
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", pid 326, jiffies 4294682822 (age 716.338s) hex dump (first 32 bytes): 00 00 00 00 c4 aa ec aa 14 ab 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000062fadebe>] kmem_cache_alloc_trace+0x2f1/0x500 [<0... • https://git.kernel.org/stable/c/cb109cedbba11c33473e6780c256d8442a9e4460 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53452 – wifi: rtw89: fix potential race condition between napi_init and napi_enable
https://notcve.org/view.php?id=CVE-2023-53452
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then, it hits BUG_ON(): kernel BUG at net/core/dev.c:6423! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 417 Comm: iwd Not tainted 6.2.7-slab-dirty #3 eb0f5a8a9d91 Hardware name: LENOVO 21DL/LNVNB161216, BIO... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53451 – scsi: qla2xxx: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-53451
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. • https://git.kernel.org/stable/c/02405f4023866ae91a611b5b85cb2e074ec2de5a • CWE-476: NULL Pointer Dereference •