CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52999 – net: fix UaF in netns ops registration error path
https://notcve.org/view.php?id=CVE-2023-52999
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to clear the gen pointer slot. Anyway, in such error path, the gen pointer itself has not been modified yet, and the existing and accessed one is smaller than the accessed index, causing an out-of-bounds error: BUG: KASAN: slab-out-of-bounds in ops_init+0x2de/0x320 Write of size 8 at addr ffff888109124978 by task modpr... • https://git.kernel.org/stable/c/5a2ea549be94924364f6911227d99be86e8cf34a • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52997 – ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
https://notcve.org/view.php?id=CVE-2023-52997
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) return -EINVAL; ... metrics[type - 1] = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) retur... • https://git.kernel.org/stable/c/6cf9dfd3bd62edfff69f11c0f111bc261166e4c7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52996 – ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
https://notcve.org/view.php?id=CVE-2023-52996
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type > RTAX_MAX) return false; ... fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type) continue; if (type >... • https://git.kernel.org/stable/c/5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52993 – x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
https://notcve.org/view.php?id=CVE-2023-52993
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code. This happens because the legacy timer interrupt (IRQ0) is resent in software which happens in soft interrupt (tasklet) context. In this context get_irq_regs() returns NULL which leads to the NULL pointer derefere... • https://git.kernel.org/stable/c/a4633adcdbc15ac51afcd0e1395de58cee27cf92 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52992 – bpf: Skip task with pid=1 in send_signal_common()
https://notcve.org/view.php?id=CVE-2023-52992
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52989 – firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
https://notcve.org/view.php?id=CVE-2023-52989
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. The subsystem allows multiple user space listeners to the region, while data of the payload was likely released before the listeners execute read(2) to access to it for copying to user space. The... • https://git.kernel.org/stable/c/281e20323ab72180137824a298ee9e21e6f9acf6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52988 – ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
https://notcve.org/view.php?id=CVE-2023-52988
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a ne... • https://git.kernel.org/stable/c/30b4503378c976cf66201a1e81820519f6bd79ac •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52979 – squashfs: harden sanity check in squashfs_read_xattr_id_table
https://notcve.org/view.php?id=CVE-2023-52979
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. I... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52977 – net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
https://notcve.org/view.php?id=CVE-2023-52977
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 (size 632): comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00... • https://git.kernel.org/stable/c/655e873bf528f0f46ce6b069f9a2daee9621197c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52976 – efi: fix potential NULL deref in efi_mem_reserve_persistent
https://notcve.org/view.php?id=CVE-2023-52976
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case memremap doesn't succeed. Found by Linux Verification Center (linuxtesting.org) with SVACE. [ardb: return -ENOMEM instead of breaking out of the loop] In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/18df7577adae6c6c778bf774b3aebcacbc1fb439 •