CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2023-53079 – net/mlx5: Fix steering rules cleanup
https://notcve.org/view.php?id=CVE-2023-53079
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx5 driver will try to delete the above rules in the initialization path. This cause kernel crash because these software rules are no longer valid. Fix by nullifying these rules right after delete to avoid accessing any dangling pointer... • https://git.kernel.org/stable/c/a35f71f27a614aff106cc89b86168962bce2725f •
CVSS: 5.5EPSS: %CPEs: 10EXPL: 0CVE-2023-53078 – scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
https://notcve.org/view.php?id=CVE-2023-53078
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$...... • https://git.kernel.org/stable/c/625fe857e4fac6518716f3c0ff5e5deb8ec6d238 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2023-53077 – drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
https://notcve.org/view.php?id=CVE-2023-53077
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. In the Linux kernel, the following vulnerability has been resolved: drm/amd/di... • https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa •
CVSS: 6.6EPSS: %CPEs: 9EXPL: 0CVE-2023-53076 – bpf: Adjust insufficient default bpf_jit_limit
https://notcve.org/view.php?id=CVE-2023-53076
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Adjust insufficient default bpf_jit_limit We've seen recent AWS EKS (Kubernetes) user reports like the following: After upgrading EKS nodes from v20230203 to v20230217 on our 1.24 EKS clusters after a few days a number of the nodes have containers stuck in ContainerCreating state or liveness/readiness probes reporting the following error: Readiness probe errored: rpc error: code = Unknown desc = failed to exec in container: failed to s... • https://git.kernel.org/stable/c/2d45c6f193789c6b610d734997a2f4cdebec4e37 •
CVSS: 8.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53075 – ftrace: Fix invalid address access in lookup_rec() when index is 0
https://notcve.org/view.php?id=CVE-2023-53075
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly ... • https://git.kernel.org/stable/c/9644302e3315e7e36495d230d5ac7125a316d33e •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53074 – drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
https://notcve.org/view.php?id=CVE-2023-53074
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed after the mode1 reset. During mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer which caused the bo pin_count increase redundantly. [ 489.885525] Call Trace: [ 489.885525]
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53068 – net: usb: lan78xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53068
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length ret... • https://git.kernel.org/stable/c/55d7de9de6c30adce8d675c7ce513e283829c2ff •
CVSS: 6.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53067 – LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
https://notcve.org/view.php?id=CVE-2023-53067
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see the following messages on LoongArch, this is because using might_sleep() in preemption disable context. [ 0.001127] smp: Bringing up secondary CPUs ... [ 0.001222] Booting CPU#1... [ 0.001244] 64-bit Loongson Processor probed (LA464 Core) [ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit) [ 0.... • https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53066 – qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
https://notcve.org/view.php?id=CVE-2023-53066
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid be... • https://git.kernel.org/stable/c/733def6a04bf3d2810dd675e1240f8df94d633c3 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •