CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53003 – EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
https://notcve.org/view.php?id=CVE-2023-53003
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it... • https://git.kernel.org/stable/c/27450653f1db0b9d5b5048a246c850c52ee4aa61 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53002 – drm/i915: Fix a memory leak with reused mmap_offset
https://notcve.org/view.php?id=CVE-2023-53002
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix a memory leak with reused mmap_offset drm_vma_node_allow() and drm_vma_node_revoke() should be called in balanced pairs. We call drm_vma_node_allow() once per-file everytime a user calls mmap_offset, but only call drm_vma_node_revoke once per-file on each mmap_offset. As the mmap_offset is reused by the client, the per-file vm_count may remain non-zero and the rbtree leaked. Call drm_vma_node_allow_once() instead to prevent th... • https://git.kernel.org/stable/c/7865559872074a9ab169c87915504661d630addf •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53001 – drm/drm_vma_manager: Add drm_vma_node_allow_once()
https://notcve.org/view.php?id=CVE-2023-53001
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/drm_vma_manager: Add drm_vma_node_allow_once() Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53000 – netlink: prevent potential spectre v1 gadgets
https://notcve.org/view.php?id=CVE-2023-53000
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) { /* error or continue */ } @type is then used as an array index and can be used as a Spectre v1 gadget. array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. This should take care of vast majority of ... • https://git.kernel.org/stable/c/bfa83a9e03cf8d501c6272999843470afecb32ed •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52999 – net: fix UaF in netns ops registration error path
https://notcve.org/view.php?id=CVE-2023-52999
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to clear the gen pointer slot. Anyway, in such error path, the gen pointer itself has not been modified yet, and the existing and accessed one is smaller than the accessed index, causing an out-of-bounds error: BUG: KASAN: slab-out-of-bounds in ops_init+0x2de/0x320 Write of size 8 at addr ffff888109124978 by task modpr... • https://git.kernel.org/stable/c/5a2ea549be94924364f6911227d99be86e8cf34a • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52998 – net: fec: Use page_pool_put_full_page when freeing rx buffers
https://notcve.org/view.php?id=CVE-2023-52998
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fec: Use page_pool_put_full_page when freeing rx buffers The page_pool_release_page was used when freeing rx buffers, and this function just unmaps the page (if mapped) and does not recycle the page. So after hundreds of down/up the eth0, the system will out of memory. For more details, please refer to the following reproduce steps and bug logs. To solve this issue and refer to the doc of page pool, the page_pool_put_full_page should b... • https://git.kernel.org/stable/c/95698ff6177b5f1f13f251da60e7348413046ae4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52997 – ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
https://notcve.org/view.php?id=CVE-2023-52997
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) return -EINVAL; ... metrics[type - 1] = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) retur... • https://git.kernel.org/stable/c/6cf9dfd3bd62edfff69f11c0f111bc261166e4c7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52996 – ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
https://notcve.org/view.php?id=CVE-2023-52996
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type > RTAX_MAX) return false; ... fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type >... • https://git.kernel.org/stable/c/5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52995 – riscv/kprobe: Fix instruction simulation of JALR
https://notcve.org/view.php?id=CVE-2023-52995
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140(ra)' of vfs_write results in the following crash: [ 32.092235] Unable to handle kernel access to user memory without uaccess routines at virtual address 00aaaaaad77b1170 [ 32.093115] Oops [#1] [ 32.093251] Modules linked in: [ 32.093626] CPU: 0 PID: 135 Comm: ftracetest Not tainted 6.2.0-rc2-00013-gb0aa5e5df0cb-dirty #16 [ 32.093985] Hardware name: riscv-virtio,qemu (... • https://git.kernel.org/stable/c/c22b0bcb1dd024cb9caad9230e3a387d8b061df5 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52994 – acpi: Fix suspend with Xen PV
https://notcve.org/view.php?id=CVE-2023-52994
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 ("x86/boot: Skip realmode init code when running as Xen PV guest") missed one code path accessing real_mode_header, leading to dereferencing NULL when suspending the system under Xen: [ 348.284004] PM: suspend entry (deep) [ 348.289532] Filesystems sync: 0.005 seconds [ 348.291545] Freezing user space processes ... (elapsed 0.000 seconds) done. [ 348.292457] OOM killer disabled. [ 348.292462... • https://git.kernel.org/stable/c/b1898793777fe10a31c160bb8bc385d6eea640c6 •