CVSS: 5.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53042 – drm/amd/display: Do not set DRR on pipe Commit
https://notcve.org/view.php?id=CVE-2023-53042
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. • https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53041 – scsi: qla2xxx: Perform lockless command completion in abort path
https://notcve.org/view.php?id=CVE-2023-53041
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_... • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53040 – ca8210: fix mac_len negative array access
https://notcve.org/view.php?id=CVE-2023-53040
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. • https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2023-53039 – HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
https://notcve.org/view.php?id=CVE-2023-53039
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead,... • https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2023-53038 – scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
https://notcve.org/view.php?id=CVE-2023-53038
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata. Currently, an early return error is thrown from lpfc_read_object() to protect us from NULL ptr dereference, but the errno code is -ENODEV. Change the errno code to a more appropriate -ENOMEM. In the Linux kernel, the following vulnerability has been resolved: scsi: lp... • https://git.kernel.org/stable/c/67b8343998b84418bc5b5206aa01fe9b461a80ef •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53037 – scsi: mpi3mr: Bad drive in topology results kernel crash
https://notcve.org/view.php?id=CVE-2023-53037
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared. When the firmware sends the Device Info change event for the same device again, the freed memory is accessed and ... • https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53036 – drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
https://notcve.org/view.php?id=CVE-2023-53036
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the check to prevent memory wipe in shutdown stage. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001]
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53035 – nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
https://notcve.org/view.php?id=CVE-2023-53035
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the... • https://git.kernel.org/stable/c/a94932381e8dae4117e9129b3c1282e18aa97b05 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-49933 – KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
https://notcve.org/view.php?id=CVE-2022-49933
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling Reset the eVMCS controls in the per-CPU VP assist page during hardware disabling instead of waiting until kvm-intel's module exit. The controls are activated if and only if KVM creates a VM, i.e. don't need to be reset if hardware is never enabled. Doing the reset during hardware disabling will naturally fix a potential NULL pointer deref bug once KVM disables CPU ho... • https://git.kernel.org/stable/c/afb26bfc01db6ef4728e96314f08431934ffe833 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49932 – KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
https://notcve.org/view.php?id=CVE-2022-49932
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace Call kvm_init() only after _all_ setup is complete, as kvm_init() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to create a VM before vmx_init() configures said list. BUG: kernel NULL pointer d... • https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985 •