CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53197 – USB: uhci: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53197
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result m... • https://git.kernel.org/stable/c/c6af1dbc99ad37bf67c8703982df4d7f12d256c1 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53183 – btrfs: exit gracefully if reloc roots don't match
https://notcve.org/view.php?id=CVE-2023-53183
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). [CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation. This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for i... • https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53182 – ACPICA: Avoid undefined behavior: applying zero offset to null pointer
https://notcve.org/view.php?id=CVE-2023-53182
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682
CVSS: 8.4EPSS: %CPEs: 8EXPL: 0CVE-2023-53176 – serial: 8250: Reinit port->pm on port specific driver unbind
https://notcve.org/view.php?id=CVE-2023-53176
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port... • https://git.kernel.org/stable/c/490bf37eaabb0a857ed1ae8e75d8854e41662f1c •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53173 – tty: pcn_uart: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53173
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: tty: pcn_uart: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the ... • https://git.kernel.org/stable/c/cf042964c2fa72950bbbf25b2cdd732b873e89db •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53165 – udf: Fix uninitialized array access for some pathnames
https://notcve.org/view.php?id=CVE-2023-53165
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read uninitialized memory in the output buffer. The only practical impact is that the name may be prepended a "unification hash" when it is not actually needed but still it is good to fix this. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitializ... • https://git.kernel.org/stable/c/008ae78d1e12efa904dc819b1ec83e2bca6b2c56 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53151 – md/raid10: prevent soft lockup while flush writes
https://notcve.org/view.php?id=CVE-2023-53151
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has cond_resched() while raid10 doesn't, and too many writes can cause soft lockup. Follow up soft lockup can be triggered easily with writeback test for raid10 with ramdisks: watchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293] Call Trace:
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53150 – scsi: qla2xxx: Pointer may be dereferenced
https://notcve.org/view.php?id=CVE-2023-53150
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be de... • https://git.kernel.org/stable/c/005961bd8f066fe931104f67c34ebfcc7f240099 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53148 – igb: Fix igb_down hung on surprise removal
https://notcve.org/view.php?id=CVE-2023-53148
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix igb_down hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type-C, users may experience a hung task timeout when they remove the cable between the PC and the Thunderbolt hub. This is because the igb_down function is called multiple times when the Thunderbolt hub is unplugged. For example, the igb_io_error_detected triggers the first call, and the igb_remove triggers the secon... • https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04 •
CVSS: 8.8EPSS: %CPEs: 9EXPL: 0CVE-2022-50261 – drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
https://notcve.org/view.php?id=CVE-2022-50261
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang... • https://git.kernel.org/stable/c/b2c92b2a3801b09b709cbefd9a9e4944b72400bf •