CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53091 – ext4: update s_journal_inum if it changes after journal replay
https://notcve.org/view.php?id=CVE-2023-53091
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the j... • https://git.kernel.org/stable/c/499fef2030fb754c68b1c7cb3a799a3bc1d0d925 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53090 – drm/amdkfd: Fix an illegal memory access
https://notcve.org/view.php?id=CVE-2023-53090
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfd_wait_on_events() function, the kfd_event_waiter structure is allocated by alloc_event_waiters(), but the event field of the waiter structure is not initialized; When copy_from_user() fails in the kfd_wait_on_events() function, it will enter exception handling to release the previously allocated memory of the waiter structure; Due to the event field of the waiters structure being accessed i... • https://git.kernel.org/stable/c/5a3fb3b745af0ce46ec2e0c8e507bae45b937334 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53089 – ext4: fix task hung in ext4_xattr_delete_inode
https://notcve.org/view.php?id=CVE-2023-53089
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4_xattr_delete_inode Syzbot reported a hung task problem: ================================================================== INFO: task syz-executor232:5073 blocked for more than 143 seconds. Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53077 – drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
https://notcve.org/view.php?id=CVE-2023-53077
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. In the Linux kernel, the following vulnerability has been resolved: drm/amd/di... • https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53075 – ftrace: Fix invalid address access in lookup_rec() when index is 0
https://notcve.org/view.php?id=CVE-2023-53075
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly ... • https://git.kernel.org/stable/c/9644302e3315e7e36495d230d5ac7125a316d33e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53074 – drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
https://notcve.org/view.php?id=CVE-2023-53074
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed after the mode1 reset. During mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer which caused the bo pin_count increase redundantly. [ 489.885525] Call Trace: [ 489.885525]
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53052 – cifs: fix use-after-free bug in refresh_cache_worker()
https://notcve.org/view.php?id=CVE-2023-53052
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This f... • https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53045 – usb: gadget: u_audio: don't let userspace block driver unbind
https://notcve.org/view.php?id=CVE-2023-53045
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock duri... • https://git.kernel.org/stable/c/132fcb460839a876f5bc8b71bede60f8d0875757 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53044 – dm stats: check for and propagate alloc_percpu failure
https://notcve.org/view.php?id=CVE-2023-53044
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check all... • https://git.kernel.org/stable/c/fd2ed4d252701d3bbed4cd3e3d267ad469bb832a •