CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53850 – iavf: use internal state to free traffic IRQs
https://notcve.org/view.php?id=CVE-2023-53850
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavf_reset_task() is running, __LINK_STATE_START will be cleared and netif_running() will return false in iavf_reinit_interrupt_scheme(). This will result in iavf_free_traffic_irqs() not being called and a leak as follows: [7632.489326] remove_proc_entry: removing non-empty directory 'irq/999', leaking at least 'iavf-enp24s0f0v0-TxRx-0' [7632.490214]... • https://git.kernel.org/stable/c/5b36e8d04b4439c9ceb814bfdfe1284737f9c632 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53849 – drm/msm: fix workqueue leak on bind errors
https://notcve.org/view.php?id=CVE-2023-53849
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix workqueue leak on bind errors Make sure to destroy the workqueue also in case of early errors during bind (e.g. a subcomponent failing to bind). Since commit c3b790ea07a1 ("drm: Manage drm_mode_config_init with drmm_") the mode config will be freed when the drm device is released also when using the legacy interface, but add an explicit cleanup for consistency and to facilitate backporting. Patchwork: https://patchwork.freedesk... • https://git.kernel.org/stable/c/060530f1ea6740eb767085008d183f89ccdd289c •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53847 – usb-storage: alauda: Fix uninit-value in alauda_check_media()
https://notcve.org/view.php?id=CVE-2023-53847
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alauda_check_media() Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0 drivers/usb/storage/alauda.c:1137 CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/d... • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53846 – f2fs: fix to do sanity check on direct node in truncate_dnode()
https://notcve.org/view.php?id=CVE-2023-53846
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports below bug: BUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574 Read of size 4 at addr ffff88802a25c000 by task syz-executor148/5000 CPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 C... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53845 – nilfs2: fix infinite loop in nilfs_mdt_get_block()
https://notcve.org/view.php?id=CVE-2023-53845
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinit... • https://git.kernel.org/stable/c/bdb265eae08db578e7cf5739be16f389d495fc75 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53840 – usb: early: xhci-dbc: Fix a potential out-of-bound memory access
https://notcve.org/view.php?id=CVE-2023-53840
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is a static variable, in order to avoid troubles, should it happen. In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: F... • https://git.kernel.org/stable/c/aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53839 – dccp: fix data-race around dp->dccps_mss_cache
https://notcve.org/view.php?id=CVE-2023-53839
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking... • https://git.kernel.org/stable/c/7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53834 – iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
https://notcve.org/view.php?id=CVE-2023-53834
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings: power-sensor@40 { compatible = "ti,ina232", "ti,ina231"; ... }; Since the driver doesn't declare a compatible string "ti,ina232", the OF matching succeeds on "ti,ina231". But the I2C device ID info is populated via the f... • https://git.kernel.org/stable/c/c43a102e67db99c8bfe6e8a9280cec13ff53b789 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53832 – md/raid10: fix null-ptr-deref in raid10_sync_request
https://notcve.org/view.php?id=CVE-2023-53832
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recovery might be skipped and init_resync() is called but close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio. The following is one way to reproduce the issue. 1) create a array, wait for resync to complete, mddev->recove... • https://git.kernel.org/stable/c/7e83ccbecd608b971f340e951c9e84cd0343002f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53831 – net: read sk->sk_family once in sk_mc_loop()
https://notcve.org/view.php?id=CVE-2023-53831
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop() We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260 Modules linked in: CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26... • https://git.kernel.org/stable/c/7ad6848c7e81a603605fad3f3575841aab004eea •