CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53114 – i40e: Fix kernel crash during reboot when adapter is in recovery mode
https://notcve.org/view.php?id=CVE-2023-53114
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reprod... • https://git.kernel.org/stable/c/4ff0ee1af016976acb6a525e68ec9a5a85d7abdc •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2023-53113 – wifi: nl80211: fix NULL-ptr deref in offchan check
https://notcve.org/view.php?id=CVE-2023-53113
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NULL-ptr deref in offchan check If, e.g. in AP mode, the link was already created by userspace but not activated yet, it has a chandef but the chandef isn't valid and has no channel. Check for this and ignore this link. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NULL-ptr deref in offchan check If, e.g. in AP mode, the link was already created by userspace but not activated yet, ... • https://git.kernel.org/stable/c/7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53112 – drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
https://notcve.org/view.php?id=CVE-2023-53112
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to store EU mask internally in UAPI format") exposed a potential out-of-bounds access, reported by UBSAN as following on a laptop with a gen 11 i915 card: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27 index 6 is out of range for type 'u16 [6]' CPU: 2 PID: 165 Comm: systemd-udevd Not ... • https://git.kernel.org/stable/c/bc3c5e0809ae9faa039baf75547e8ee46ec124ef •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53111 – loop: Fix use-after-free issues
https://notcve.org/view.php?id=CVE-2023-53111
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor 'rq' after do_req_filebacked() finished unless we are sure that the request has not yet been completed. This patch fixes the following kernel crash: Unable to handle kernel NULL pointer derefe... • https://git.kernel.org/stable/c/bc07c10a3603a5ab3ef01ba42b3d41f9ac63d1b6 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2023-53110 – net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
https://notcve.org/view.php?id=CVE-2023-53110
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups. This issue dues to the race between smc_smcr_terminate_all() and smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn->sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_... • https://git.kernel.org/stable/c/0b29ec6436138721acf5844e558f7334a0fa61d5 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53109 – net: tunnels: annotate lockless accesses to dev->needed_headroom
https://notcve.org/view.php?id=CVE-2023-53109
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA() helpers. More changes might be needed for completeness. BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit read to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1: ip_tunnel_xmit+0x12... • https://git.kernel.org/stable/c/8eb30be0352d09165e94a41fef1c7b994dca0714 •
CVSS: 6.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53108 – net/iucv: Fix size of interrupt data
https://notcve.org/view.php?id=CVE-2023-53108
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv... • https://git.kernel.org/stable/c/2356f4cb191100a5e92d537f13e5efdbc697e9cb •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2023-53107 – veth: Fix use after free in XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2023-53107
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDP_REDIRECT Commit 718a18a0c8a6 ("veth: Rework veth_xdp_rcv_skb in order to accept non-linear skb") introduced a bug where it tried to use pskb_expand_head() if the headroom was less than XDP_PACKET_HEADROOM. This however uses kmalloc to expand the head, which will later allow consume_skb() to free the skb while is it still in use by AF_XDP. Previously if the headroom was less than XDP_PACKET_HEADROOM we continu... • https://git.kernel.org/stable/c/718a18a0c8a67f97781e40bdef7cdd055c430996 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53106 – nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
https://notcve.org/view.php?id=CVE-2023-53106
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as... • https://git.kernel.org/stable/c/35630df68d6030daf12dde12ed07bbe26324e6ac •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53105 – net/mlx5e: Fix cleanup null-ptr deref on encap lock
https://notcve.org/view.php?id=CVE-2023-53105
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix cleanup null-ptr deref on encap lock During module is unloaded while a peer tc flow is still offloaded, first the peer uplink rep profile is changed to a nic profile, and so neigh encap lock is destroyed. Next during unload, the VF reps netdevs are unregistered which causes the original non-peer tc flow to be deleted, which deletes the peer flow. The peer flow deletion detaches the encap entry and try to take the already dest... • https://git.kernel.org/stable/c/04de7dda7394fa9c2b0fc9cec65661d9b4f0d04d •