CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52991 – net: fix NULL pointer in skb_segment_list
https://notcve.org/view.php?id=CVE-2023-52991
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer in skb_segment_list Commit 3a1296a38d0c ("net: Support GRO/GSO fraglist chaining.") introduced UDP listifyed GRO. The segmentation relies on frag_list being untouched when passing through the network stack. This assumption can be broken sometimes, where frag_list itself gets pulled into linear area, leaving frag_list being NULL. When this happens it can trigger following NULL pointer dereference, and panic the kernel. ... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52990 – s390: workaround invalid gcc-11 out of bounds read warning
https://notcve.org/view.php?id=CVE-2023-52990
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: s390: workaround invalid gcc-11 out of bounds read warning GCC 11.1.0 and 11.2.0 generate a wrong warning when compiling the kernel e.g. with allmodconfig: arch/s390/kernel/setup.c: In function ‘setup_lowcore_dat_on’: ./include/linux/fortify-string.h:57:33: error: ‘__builtin_memcpy’ reading 128 bytes from a region of size 0 [-Werror=stringop-overread] ... arch/s390/kernel/setup.c:526:9: note: in expansion of macro ‘memcpy’ 526 | memcpy(abs_... • https://git.kernel.org/stable/c/1fc24f9da259b675c3cc74ad5aa92dac286543b3 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52989 – firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
https://notcve.org/view.php?id=CVE-2023-52989
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. The subsystem allows multiple user space listeners to the region, while data of the payload was likely released before the listeners execute read(2) to access to it for copying to user space. The... • https://git.kernel.org/stable/c/281e20323ab72180137824a298ee9e21e6f9acf6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52988 – ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
https://notcve.org/view.php?id=CVE-2023-52988
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a ne... • https://git.kernel.org/stable/c/30b4503378c976cf66201a1e81820519f6bd79ac •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52986 – bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
https://notcve.org/view.php?id=CVE-2023-52986
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot overridden. It points to one of the struct proto variants in tcp_bpf_prots. The variant depends on the socket's family and which sockmap programs are attached. A child socket cloned from a TCP listener initially inherits their sk_prot. But before cloning is finished, we restore the child's proto to the listener's origi... • https://git.kernel.org/stable/c/e80251555f0befd1271e74b080bccf0ff0348bfc •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52984 – net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
https://notcve.org/view.php?id=CVE-2023-52984
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leaving the private data pointer uninitialized for the smaller DP83825/26 models. While all uses of the private data structure are hidden in 82822 specific callbacks, configuring the interrupt is shared across all models. This causes a NULL pointer dereference on the smaller PHYs as it accesses the private data unchec... • https://git.kernel.org/stable/c/5dc39fd5ef35bc6919759fa99246581b1adc6b82 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52979 – squashfs: harden sanity check in squashfs_read_xattr_id_table
https://notcve.org/view.php?id=CVE-2023-52979
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. I... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52978 – riscv: kprobe: Fixup kernel panic when probing an illegal position
https://notcve.org/view.php?id=CVE-2023-52978
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: (CONFIG_RISCV_ISA_C=n) echo 'p:hello kernel_clone+0x16 a0=%a0' >> kprobe_events echo 1 > events/kprobes/hello/enable cat trace Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 CPU: 0 PID: 111 Comm: sh Not tainted 6.2.0-rc1-00027-g2d398fe49a4d #490 Hardware ... • https://git.kernel.org/stable/c/c22b0bcb1dd024cb9caad9230e3a387d8b061df5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52977 – net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
https://notcve.org/view.php?id=CVE-2023-52977
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 (size 632): comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00... • https://git.kernel.org/stable/c/655e873bf528f0f46ce6b069f9a2daee9621197c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52976 – efi: fix potential NULL deref in efi_mem_reserve_persistent
https://notcve.org/view.php?id=CVE-2023-52976
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case memremap doesn't succeed. Found by Linux Verification Center (linuxtesting.org) with SVACE. [ardb: return -ENOMEM instead of breaking out of the loop] In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/18df7577adae6c6c778bf774b3aebcacbc1fb439 •