CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53089 – ext4: fix task hung in ext4_xattr_delete_inode
https://notcve.org/view.php?id=CVE-2023-53089
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4_xattr_delete_inode Syzbot reported a hung task problem: ================================================================== INFO: task syz-executor232:5073 blocked for more than 143 seconds. Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53081 – ocfs2: fix data corruption after failed write
https://notcve.org/view.php?id=CVE-2023-53081
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting writt... • https://git.kernel.org/stable/c/7ed80e77c908cbaa686529a49f8ae0060c5caee7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53079 – net/mlx5: Fix steering rules cleanup
https://notcve.org/view.php?id=CVE-2023-53079
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx5 driver will try to delete the above rules in the initialization path. This cause kernel crash because these software rules are no longer valid. Fix by nullifying these rules right after delete to avoid accessing any dangling pointer... • https://git.kernel.org/stable/c/a35f71f27a614aff106cc89b86168962bce2725f •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53078 – scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
https://notcve.org/view.php?id=CVE-2023-53078
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$...... • https://git.kernel.org/stable/c/625fe857e4fac6518716f3c0ff5e5deb8ec6d238 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53077 – drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
https://notcve.org/view.php?id=CVE-2023-53077
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. In the Linux kernel, the following vulnerability has been resolved: drm/amd/di... • https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53075 – ftrace: Fix invalid address access in lookup_rec() when index is 0
https://notcve.org/view.php?id=CVE-2023-53075
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly ... • https://git.kernel.org/stable/c/9644302e3315e7e36495d230d5ac7125a316d33e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53074 – drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
https://notcve.org/view.php?id=CVE-2023-53074
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed after the mode1 reset. During mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer which caused the bo pin_count increase redundantly. [ 489.885525] Call Trace: [ 489.885525]
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53068 – net: usb: lan78xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53068
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length ret... • https://git.kernel.org/stable/c/55d7de9de6c30adce8d675c7ce513e283829c2ff •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53067 – LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
https://notcve.org/view.php?id=CVE-2023-53067
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see the following messages on LoongArch, this is because using might_sleep() in preemption disable context. [ 0.001127] smp: Bringing up secondary CPUs ... [ 0.001222] Booting CPU#1... [ 0.001244] 64-bit Loongson Processor probed (LA464 Core) [ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit) [ 0.... • https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53066 – qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
https://notcve.org/view.php?id=CVE-2023-53066
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid be... • https://git.kernel.org/stable/c/733def6a04bf3d2810dd675e1240f8df94d633c3 •