CVSS: 9.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53559 – ip_vti: fix potential slab-use-after-free in decode_session6
https://notcve.org/view.php?id=CVE-2023-53559
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ip_vti device sends IPv6 packets. As commit f855691975bb ("xfrm6: Fix the nexthdr offset in _decode_session6.") showed, xfrm_decode_session was originally intended only for the receive path. IP6CB(skb)->nhoff is not set dur... • https://git.kernel.org/stable/c/f855691975bb06373a98711e4cfe2c224244b536 • CWE-825: Expired Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53558 – rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()
https://notcve.org/view.php?id=CVE-2023-53558
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because pr_info() calls printk() that might sleep, this will result in BUG like below: [ 0.206455] cblist_init_generic: Setting adjustable number of callback queues. [ 0.206463] [ 0.206464] ============================= [ 0.206464] [ BUG: Invalid wait context ] [ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted ... • https://git.kernel.org/stable/c/ab97152f88a4d580b89f0b7cc3028ffac438216f • CWE-1322: Use of Blocking Code in Single-threaded, Non-blocking Context •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53557 – fprobe: Release rethook after the ftrace_ops is unregistered
https://notcve.org/view.php?id=CVE-2023-53557
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftrace_ops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI ... Call Trace: <TASK> fprobe_handler+0xc1/0x270 ? __pfx_bpf_testmod_init+0x10/0x10 ? __pfx_bpf_testmod_init+0x10/0x10 ? bpf_fentry_test1+0x5/0x10 ? • https://git.kernel.org/stable/c/5b0ab78998e32564a011b14c4c7f9c81e2d42b9d •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53556 – iavf: Fix use-after-free in free_netdev
https://notcve.org/view.php?id=CVE-2023-53556
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in free_netdev We do netif_napi_add() for all allocated q_vectors[], but potentially do netif_napi_del() for part of them, then kfree q_vectors and leave invalid pointers at dev->napi_list. Reproducer: [root@host ~]# cat repro.sh #!/bin/bash pf_dbsf="0000:41:00.0" vf0_dbsf="0000:41:02.0" g_pids=() function do_set_numvf() { echo 2 >/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs sleep $((RANDOM%3+1)) echo 0 >/sys/bus/pc... • https://git.kernel.org/stable/c/5eae00c57f5e42bf201023471917da213c4946d6 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53555 – mm/damon/core: initialize damo_filter->list from damos_new_filter()
https://notcve.org/view.php?id=CVE-2023-53555
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damo_filter->list from damos_new_filter() damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not initializing it after calling damos_new_filter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field ju... • https://git.kernel.org/stable/c/98def236f63c66629fb6b2d4b69cecffc5b46539 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53554 – staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
https://notcve.org/view.php?id=CVE-2023-53554
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() The "exc->key_len" is a u16 that comes from the user. If it's over IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption. In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() The "exc->key_len" is a u16 that comes from the user. If it's over IW_ENCODING_TOKEN_MAX (64) that cou... • https://git.kernel.org/stable/c/b121d84882b97b8668be0b95e9ba50cfd01aa0f1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53553 – HID: hyperv: avoid struct memcpy overrun warning
https://notcve.org/view.php?id=CVE-2023-53553
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from drivers/hid/hid-hyperv.c:8: In function 'fortify_memcpy_chk', inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attrib... • https://git.kernel.org/stable/c/542f25a94471570e2594be5b422b9ca572cf88a1 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53552 – drm/i915: mark requests for GuC virtual engines to avoid use-after-free
https://notcve.org/view.php?id=CVE-2023-53552
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different proceses. To counter-act the memory leaks, we try to not to keep references from the request past their completion. On the other side on fence release we need to know if rq->engine is valid and points to hw engine (true for non-virtual r... • https://git.kernel.org/stable/c/bcb9aa45d5a0e11ef91245330c53cde214d15e8d • CWE-825: Expired Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53551 – usb: gadget: u_serial: Add null pointer check in gserial_resume
https://notcve.org/view.php?id=CVE-2023-53551
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_resume Consider a case where gserial_disconnect has already cleared gser->ioport. And if a wakeup interrupt triggers afterwards, gserial_resume gets called, which will lead to accessing of gser->ioport and thus causing null pointer dereference.Add a null pointer check to prevent this. Added a static spinlock to prevent gser->ioport from becoming null after the newly added check. In th... • https://git.kernel.org/stable/c/aba3a8d01d623a5efef48ab8e78752d58d4c90c3 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53550 – cpufreq: amd-pstate: fix global sysfs attribute type
https://notcve.org/view.php?id=CVE-2023-53550
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec ("cpufreq: amd-pstate: move to use bus_get_dev_root()") the "amd_pstate" attributes where moved from a dedicated kobject to the cpu root kobject. While the dedicated kobject expects to contain kobj_attributes the root kobject needs device_attributes. As the changed arguments are not used by the callbacks it works most of the time. However CFI will detect this issue:... • https://git.kernel.org/stable/c/3666062b87ec8be4b85dc475dfb54bb17e10a7f6 •