CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53853 – netlink: annotate accesses to nlk->cb_running
https://notcve.org/view.php?id=CVE-2023-53853
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink_native_seq_show() read nlk->cb_running locklessly. Use READ_ONCE() there. Add corresponding WRITE_ONCE() to netlink_dump() and __netlink_dump_start() syzbot reported: BUG: KCSAN: data-race in __netlink_dump_start / netlink_recvmsg write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0: __netlink_dump_start+0x3af/0x4d0 net/netlink/af_netlink.c:2399 netlin... • https://git.kernel.org/stable/c/16b304f3404f8e0243d5ee2b70b68767b7b59b2b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53850 – iavf: use internal state to free traffic IRQs
https://notcve.org/view.php?id=CVE-2023-53850
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavf_reset_task() is running, __LINK_STATE_START will be cleared and netif_running() will return false in iavf_reinit_interrupt_scheme(). This will result in iavf_free_traffic_irqs() not being called and a leak as follows: [7632.489326] remove_proc_entry: removing non-empty directory 'irq/999', leaking at least 'iavf-enp24s0f0v0-TxRx-0' [7632.490214]... • https://git.kernel.org/stable/c/5b36e8d04b4439c9ceb814bfdfe1284737f9c632 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53849 – drm/msm: fix workqueue leak on bind errors
https://notcve.org/view.php?id=CVE-2023-53849
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix workqueue leak on bind errors Make sure to destroy the workqueue also in case of early errors during bind (e.g. a subcomponent failing to bind). Since commit c3b790ea07a1 ("drm: Manage drm_mode_config_init with drmm_") the mode config will be freed when the drm device is released also when using the legacy interface, but add an explicit cleanup for consistency and to facilitate backporting. Patchwork: https://patchwork.freedesk... • https://git.kernel.org/stable/c/060530f1ea6740eb767085008d183f89ccdd289c •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53847 – usb-storage: alauda: Fix uninit-value in alauda_check_media()
https://notcve.org/view.php?id=CVE-2023-53847
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alauda_check_media() Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0 drivers/usb/storage/alauda.c:1137 CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/d... • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53846 – f2fs: fix to do sanity check on direct node in truncate_dnode()
https://notcve.org/view.php?id=CVE-2023-53846
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports below bug: BUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574 Read of size 4 at addr ffff88802a25c000 by task syz-executor148/5000 CPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 C... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53845 – nilfs2: fix infinite loop in nilfs_mdt_get_block()
https://notcve.org/view.php?id=CVE-2023-53845
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinit... • https://git.kernel.org/stable/c/bdb265eae08db578e7cf5739be16f389d495fc75 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53840 – usb: early: xhci-dbc: Fix a potential out-of-bound memory access
https://notcve.org/view.php?id=CVE-2023-53840
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is a static variable, in order to avoid troubles, should it happen. In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: F... • https://git.kernel.org/stable/c/aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53839 – dccp: fix data-race around dp->dccps_mss_cache
https://notcve.org/view.php?id=CVE-2023-53839
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking... • https://git.kernel.org/stable/c/7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53834 – iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
https://notcve.org/view.php?id=CVE-2023-53834
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings: power-sensor@40 { compatible = "ti,ina232", "ti,ina231"; ... }; Since the driver doesn't declare a compatible string "ti,ina232", the OF matching succeeds on "ti,ina231". But the I2C device ID info is populated via the f... • https://git.kernel.org/stable/c/c43a102e67db99c8bfe6e8a9280cec13ff53b789 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53832 – md/raid10: fix null-ptr-deref in raid10_sync_request
https://notcve.org/view.php?id=CVE-2023-53832
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recovery might be skipped and init_resync() is called but close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio. The following is one way to reproduce the issue. 1) create a array, wait for resync to complete, mddev->recove... • https://git.kernel.org/stable/c/7e83ccbecd608b971f340e951c9e84cd0343002f •