CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52988 – ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
https://notcve.org/view.php?id=CVE-2023-52988
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a ne... • https://git.kernel.org/stable/c/30b4503378c976cf66201a1e81820519f6bd79ac •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52986 – bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
https://notcve.org/view.php?id=CVE-2023-52986
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot overridden. It points to one of the struct proto variants in tcp_bpf_prots. The variant depends on the socket's family and which sockmap programs are attached. A child socket cloned from a TCP listener initially inherits their sk_prot. But before cloning is finished, we restore the child's proto to the listener's origi... • https://git.kernel.org/stable/c/e80251555f0befd1271e74b080bccf0ff0348bfc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52985 – arm64: dts: imx8mm-verdin: Do not power down eth-phy
https://notcve.org/view.php?id=CVE-2023-52985
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fec driver tries to power down the phy which leads to crash of the kernel and non-responsible kernel with the following call trace: [ 24.839889 ] Call trace: [ 24.839892 ] phy_error+0x18/0x60 [ 24.839898 ] kszphy_handle_interrupt+0x6c/0x80 [ 24.839903 ] phy_interrupt+0x20/0x2c [ 24.839909 ] irq_thread_fn+0x30/0xa0 [ 24.83991... • https://git.kernel.org/stable/c/6a57f224f7346c8d23596f2ef1ce360669926f54 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52984 – net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
https://notcve.org/view.php?id=CVE-2023-52984
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leaving the private data pointer uninitialized for the smaller DP83825/26 models. While all uses of the private data structure are hidden in 82822 specific callbacks, configuring the interrupt is shared across all models. This causes a NULL pointer dereference on the smaller PHYs as it accesses the private data unchec... • https://git.kernel.org/stable/c/5dc39fd5ef35bc6919759fa99246581b1adc6b82 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52983 – block, bfq: fix uaf for bfqq in bic_set_bfqq()
https://notcve.org/view.php?id=CVE-2023-52983
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->bfqq will be accessed in bic_set_bfqq(), however, in some context bic->bfqq will be freed, and bic_set_bfqq() is called with the freed bic->bfqq. Fix the problem by always freeing bfqq after bic_set_bfqq(). In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_b... • https://git.kernel.org/stable/c/094f3d9314d67691cb21ba091c1b528f6e3c4893 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52982 – fscache: Use wait_on_bit() to wait for the freeing of relinquished volume
https://notcve.org/view.php?id=CVE-2023-52982
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: fscache: Use wait_on_bit() to wait for the freeing of relinquished volume The freeing of relinquished volume will wake up the pending volume acquisition by using wake_up_bit(), however it is mismatched with wait_var_event() used in fscache_wait_on_volume_collision() and it will never wake up the waiter in the wait-queue because these two functions operate on different wait-queues. According to the implementation in fscache_wait_on_volume_co... • https://git.kernel.org/stable/c/62ab63352350e881ae693a8236b35d7d0516c78b •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52981 – drm/i915: Fix request ref counting during error capture & debugfs dump
https://notcve.org/view.php?id=CVE-2023-52981
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request object was broken. Fix it up. The context based search manages the spinlocking around the search internally. So it needs to grab the reference count internally as well. The execlist only request based search relies on external locking, so it needs an external reference count but within... • https://git.kernel.org/stable/c/573ba126aef37c8315e5bb68d2dad515efa96994 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52980 – block: ublk: extending queue_size to fix overflow
https://notcve.org/view.php?id=CVE-2023-52980
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queue_size to fix overflow When validating drafted SPDK ublk target, in a case that assigning large queue depth to multiqueue ublk device, ublk target would run into a weird incorrect state. During rounds of review and debug, An overflow bug was found in ublk driver. In ublk_cmd.h, UBLK_MAX_QUEUE_DEPTH is 4096 which means each ublk queue depth can be set as large as 4096. But when setting qd for a ublk device, sizeof(... • https://git.kernel.org/stable/c/71f28f3136aff5890cd56de78abc673f8393cad9 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52979 – squashfs: harden sanity check in squashfs_read_xattr_id_table
https://notcve.org/view.php?id=CVE-2023-52979
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. I... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52978 – riscv: kprobe: Fixup kernel panic when probing an illegal position
https://notcve.org/view.php?id=CVE-2023-52978
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: (CONFIG_RISCV_ISA_C=n) echo 'p:hello kernel_clone+0x16 a0=%a0' >> kprobe_events echo 1 > events/kprobes/hello/enable cat trace Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 CPU: 0 PID: 111 Comm: sh Not tainted 6.2.0-rc1-00027-g2d398fe49a4d #490 Hardware ... • https://git.kernel.org/stable/c/c22b0bcb1dd024cb9caad9230e3a387d8b061df5 •