CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52986 – bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
https://notcve.org/view.php?id=CVE-2023-52986
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot overridden. It points to one of the struct proto variants in tcp_bpf_prots. The variant depends on the socket's family and which sockmap programs are attached. A child socket cloned from a TCP listener initially inherits their sk_prot. But before cloning is finished, we restore the child's proto to the listener's origi... • https://git.kernel.org/stable/c/e80251555f0befd1271e74b080bccf0ff0348bfc •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52984 – net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
https://notcve.org/view.php?id=CVE-2023-52984
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leaving the private data pointer uninitialized for the smaller DP83825/26 models. While all uses of the private data structure are hidden in 82822 specific callbacks, configuring the interrupt is shared across all models. This causes a NULL pointer dereference on the smaller PHYs as it accesses the private data unchec... • https://git.kernel.org/stable/c/5dc39fd5ef35bc6919759fa99246581b1adc6b82 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52979 – squashfs: harden sanity check in squashfs_read_xattr_id_table
https://notcve.org/view.php?id=CVE-2023-52979
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. I... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52977 – net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
https://notcve.org/view.php?id=CVE-2023-52977
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 (size 632): comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00... • https://git.kernel.org/stable/c/655e873bf528f0f46ce6b069f9a2daee9621197c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52976 – efi: fix potential NULL deref in efi_mem_reserve_persistent
https://notcve.org/view.php?id=CVE-2023-52976
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case memremap doesn't succeed. Found by Linux Verification Center (linuxtesting.org) with SVACE. [ardb: return -ENOMEM instead of breaking out of the loop] In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/18df7577adae6c6c778bf774b3aebcacbc1fb439 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52975 – scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52975
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #... • https://git.kernel.org/stable/c/17b738590b97fb3fc287289971d1519ff9b875a1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52974 – scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52974
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. In the Lin... • https://git.kernel.org/stable/c/496af9d3682ed4c28fb734342a09e6cc0c056ea4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52973 – vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-52973
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_data struct can be freed by vc_deallocate(). Because of that, the struct vc_data pointer load must be done at the top of while loop in vcs_read() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215) Read of size 4 a... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49761 – btrfs: always report error in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2022-49761
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the e... • https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49758 – reset: uniphier-glue: Fix possible null-ptr-deref
https://notcve.org/view.php?id=CVE-2022-49758
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(res) invoked, if platform_get_resource() returns NULL. In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(res) invoked, if platform_get_resource() returns NULL. • https://git.kernel.org/stable/c/499fef09a3237497906084da3eede0185fc9abb8 •