CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53999 – net/mlx5e: TC, Fix internal port memory leak
https://notcve.org/view.php?id=CVE-2023-53999
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel, in the case that, for example, CT 'new' state offload is allowed. As int_port object is assigned to the flow attribute of post_act rule, and its refcnt is incremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int... • https://git.kernel.org/stable/c/8300f225268be9ee2c0daf5a3f23929fcdcbf213 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53998 – hwrng: virtio - Fix race on data_avail and actual data
https://notcve.org/view.php?id=CVE-2023-53998
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on data_avail and actual data The virtio rng device kicks off a new entropy request whenever the data available reaches zero. When a new request occurs at the end of a read operation, that is, when the result of that request is only needed by the next reader, then there is a race between the writing of the new data and the next reader. This is because there is no synchronisation whatsoever between the writer and the... • https://git.kernel.org/stable/c/f7f510ec195781c857ab76366a3e1c59e1caae42 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53996 – x86/sev: Make enc_dec_hypercall() accept a size instead of npages
https://notcve.org/view.php?id=CVE-2023-53996
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make enc_dec_hypercall() accept a size instead of npages enc_dec_hypercall() accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marked as decrypted via the encryption status hypercall, which in turn caused consistent corruption of pages during live migration. Live migration requires accurate encryption status information to avoid migratin... • https://git.kernel.org/stable/c/064ce6c550a0630789978bfec7a13ab2bd1bdcdf •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53995 – net: ipv4: fix one memleak in __inet_del_ifa()
https://notcve.org/view.php?id=CVE-2023-53995
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w net.ipv4.conf.bond0.promote_secondaries=1 ip addr add 4.117.174.103/0 scope 0x40 dev bond0 ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0 ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0 ip addr de... • https://git.kernel.org/stable/c/0ff60a45678e67b2547256a636fd00c1667ce4fa •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53994 – ionic: remove WARN_ON to prevent panic_on_warn
https://notcve.org/view.php?id=CVE-2023-53994
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARN_ON to prevent panic_on_warn Remove unnecessary early code development check and the WARN_ON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have stuck around so long. • https://git.kernel.org/stable/c/77ceb68e29ccd25d923b6af59e74ecaf736cc4b7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53993 – PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
https://notcve.org/view.php?id=CVE-2023-53993
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y After a pci_doe_task completes, its work_struct needs to be destroyed to avoid a memory leak with CONFIG_DEBUG_OBJECTS=y. • https://git.kernel.org/stable/c/9d24322e887b6a3d3f9f9c3e76937a646102c8c1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53992 – wifi: cfg80211: ocb: don't leave if not joined
https://notcve.org/view.php?id=CVE-2023-53992
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check. • https://git.kernel.org/stable/c/6e0bd6c35b021dc73a81ebd1ef79761233c48b50 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53991 – drm/msm/dpu: Disallow unallocated resources to be returned
https://notcve.org/view.php?id=CVE-2023-53991
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC blocks, until their allocation/assignment is being sanity-checked in "drm/msm/dpu: Reject topologies for which no DSC blocks are available") remain NULL but will still be returned... • https://git.kernel.org/stable/c/bb00a452d6f77391441ef7df48f7115dd459cd2f •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53990 – SMB3: Add missing locks to protect deferred close file list
https://notcve.org/view.php?id=CVE-2023-53990
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifs_del_deferred_close function has a critical section which modifies the deferred close file list. We must acquire deferred_lock before calling cifs_del_deferred_close function. • https://git.kernel.org/stable/c/860efae127888ae535bc4eda1b7f27642727c69e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53989 – arm64: mm: fix VA-range sanity check
https://notcve.org/view.php?id=CVE-2023-53989
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapping_prot() sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears to be a historical accident. The sanity-check condition: if ((virt >= PAGE_END) && (virt < VMALLOC_START)) { [ ... warning here ... ] return; } ... can only be true for the KASAN shadow region or the module region, and there's no reaso... • https://git.kernel.org/stable/c/14c127c957c1c6070647c171e72f06e0db275ebf •