CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53020 – l2tp: close all race conditions in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53020
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. • https://git.kernel.org/stable/c/37159ef2c1ae1e696b24b260b241209a19f92c60 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53019 – net: mdio: validate parameter addr in mdiobus_get_phy()
https://notcve.org/view.php?id=CVE-2023-53019
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it. In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in... • https://git.kernel.org/stable/c/7f854420fbfe9d49afe2ffb1df052cfe8e215541 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53015 – HID: betop: check shape of output reports
https://notcve.org/view.php?id=CVE-2023-53015
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play(). In the Linux kernel, the following vulnerability has been resolved: HID: betop: ch... • https://git.kernel.org/stable/c/52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53010 – bnxt: Do not read past the end of test names
https://notcve.org/view.php?id=CVE-2023-53010
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen [...] Call Trace: bnxt_ethtool_init.cold+0x18/0x18 Refactor struct hwrm_selftest_qlist_output to use an actual array, and adjust the concatenation to use snprintf() rather than a series of strncat() calls. In the Linux kernel... • https://git.kernel.org/stable/c/eb51365846bc418687af4c4f41b68b6e84cdd449 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53007 – tracing: Make sure trace_printk() can output as soon as it can be used
https://notcve.org/view.php?id=CVE-2023-53007
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure trace_printk() can output as soon as it can be used Currently trace_printk() can be used as soon as early_trace_init() is called from start_kernel(). But if a crash happens, and "ftrace_dump_on_oops" is set on the kernel command line, all you get will be: [ 0.456075]
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53001 – drm/drm_vma_manager: Add drm_vma_node_allow_once()
https://notcve.org/view.php?id=CVE-2023-53001
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/drm_vma_manager: Add drm_vma_node_allow_once() Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53000 – netlink: prevent potential spectre v1 gadgets
https://notcve.org/view.php?id=CVE-2023-53000
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) { /* error or continue */ } @type is then used as an array index and can be used as a Spectre v1 gadget. array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. This should take care of vast majority of ... • https://git.kernel.org/stable/c/bfa83a9e03cf8d501c6272999843470afecb32ed •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52997 – ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
https://notcve.org/view.php?id=CVE-2023-52997
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) return -EINVAL; ... metrics[type - 1] = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) retur... • https://git.kernel.org/stable/c/6cf9dfd3bd62edfff69f11c0f111bc261166e4c7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52996 – ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
https://notcve.org/view.php?id=CVE-2023-52996
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type > RTAX_MAX) return false; ... fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type >... • https://git.kernel.org/stable/c/5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8 •