CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53669 – tcp: fix skb_copy_ubufs() vs BIG TCP
https://notcve.org/view.php?id=CVE-2023-53669
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix skb_copy_ubufs() vs BIG TCP David Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB. skb_copy_ubufs() assumed it could copy all payload using up to MAX_SKB_FRAGS order-0 pages. This assumption broke when BIG TCP was able to put up to 512 KB per skb. We did not hit this bug at Google because we use CONFIG_MAX_SKB_FRAGS=45 and limit gso_max_size to 180000. A soluti... • https://git.kernel.org/stable/c/7c4e983c4f3cf94fcd879730c6caa877e0768a4d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53668 – ring-buffer: Fix deadloop issue on reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-53668
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488] [...] RIP: 0010:ring_buffer_empty_cpu+0xed/0x170 RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218 RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff... • https://git.kernel.org/stable/c/a5fb833172eca69136e9ee1ada778e404086ab8a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53667 – net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
https://notcve.org/view.php?id=CVE-2023-53667
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize Currently in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets tx_max to dwNtbOutMaxSize. This is then used to allocate a new SKB in cdc_ncm_fill_tx_frame() where all the data is handled. For small values of dwNtbOutMaxSize the memory allocated during alloc_skb(dwNtbOutMaxSize, GFP_ATOMIC) will have the same siz... • https://git.kernel.org/stable/c/289507d3364f96f4b8814726917d572f71350d87 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53666 – ASoC: codecs: wcd938x: fix missing mbhc init error handling
https://notcve.org/view.php?id=CVE-2023-53666
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix missing mbhc init error handling MBHC initialisation can fail so add the missing error handling to avoid dereferencing an error pointer when later configuring the jack: Unable to handle kernel paging request at virtual address fffffffffffffff8 pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc] lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x] Call trace: wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc] wcd938x_co... • https://git.kernel.org/stable/c/bcee7ed09b8e70b65d5c04f5d1acd2cf4213c2f3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53665 – md: don't dereference mddev after export_rdev()
https://notcve.org/view.php?id=CVE-2023-53665
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be used anymore after export_rdev(). This problem can be triggered by following test for mdadm at very low rate: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" run... • https://git.kernel.org/stable/c/3ce94ce5d05ae89190a23f6187f64d8f4b2d3782 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53664 – OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate()
https://notcve.org/view.php?id=CVE-2023-53664
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate() "opp" pointer is dereferenced before the IS_ERR_OR_NULL() check. Fix it by removing the dereference to cache opp_table and dereference it directly where opp_table is used. This fixes the following smatch warning: drivers/opp/core.c:232 dev_pm_opp_get_required_pstate() warn: variable dereferenced before IS_ERR check 'opp' (see line 230) In the Linux kernel, the follo... • https://git.kernel.org/stable/c/84cb7ff35fcf7c0b552f553a3f2db9c3e92fc707 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53663 – KVM: nSVM: Check instead of asserting on nested TSC scaling support
https://notcve.org/view.php?id=CVE-2023-53663
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO has diverged from KVM's default. Userspace can trigger the WARN at will by writing the MSR and then updating guest CPUID to hide the feature (modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking KVM's state_test selfte... • https://git.kernel.org/stable/c/5228eb96a4875f8cf5d61d486e3795ac14df8904 • CWE-617: Reachable Assertion •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53662 – ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
https://notcve.org/view.php?id=CVE-2023-53662
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} If the filename casefolding fails, we'll be leaking memory from the fscrypt_name struct, namely from the 'crypto_buf.name' member. Make sure we free it in the error path on both ext4_fname_setup_filename() and ext4_fname_prepare_lookup() functions. In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepa... • https://git.kernel.org/stable/c/1ae98e295fa2577fb5e492200c58d10230e00e99 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53661 – bnxt: avoid overflow in bnxt_get_nvram_directory()
https://notcve.org/view.php?id=CVE-2023-53661
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow. Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid ove... • https://git.kernel.org/stable/c/d5eaf2a6b077f32a477feb1e9e1c1f60605b460e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53660 – bpf, cpumap: Handle skb as well when clean up ptr_ring
https://notcve.org/view.php?id=CVE-2023-53660
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptr_ring The following warning was reported when running xdp_redirect_cpu with both skb-mode and stress-mode enabled: ------------[ cut here ]------------ Incorrect XDP memory type (-2128176192) usage WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405 Modules linked in: CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: event... • https://git.kernel.org/stable/c/11941f8a85362f612df61f4aaab0e41b64d2111d •