CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53133 – bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
https://notcve.org/view.php?id=CVE-2023-53133
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 Code: 5e 41 5f c3 c... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53132 – scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
https://notcve.org/view.php?id=CVE-2023-53132
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() Free mpi3mr_hba_port at .remove. • https://git.kernel.org/stable/c/42fc9fee116fc6a225a1f738adf86689d5c39d49 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53131 – SUNRPC: Fix a server shutdown leak
https://notcve.org/view.php?id=CVE-2023-53131
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. • https://git.kernel.org/stable/c/ed6473ddc704a2005b9900ca08e236ebb2d8540a •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53128 – scsi: mpi3mr: Fix throttle_groups memory leak
https://notcve.org/view.php?id=CVE-2023-53128
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix throttle_groups memory leak Add a missing kfree(). • https://git.kernel.org/stable/c/f10af057325c251c0dfcba7f3e3b607634d0bb25 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53127 – scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
https://notcve.org/view.php?id=CVE-2023-53127
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix expander node leak in mpi3mr_remove() Add a missing resource clean up in .remove. • https://git.kernel.org/stable/c/e22bae30667a7e74ed057e00fb6e8c79e0738de3 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53126 – scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
https://notcve.org/view.php?id=CVE-2023-53126
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove() Free mrioc->sas_hba.phy at .remove. • https://git.kernel.org/stable/c/42fc9fee116fc6a225a1f738adf86689d5c39d49 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53125 – net: usb: smsc75xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53125
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socke... • https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53124 – scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
https://notcve.org/view.php?id=CVE-2023-53124
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access... • https://git.kernel.org/stable/c/d60000cb1195a464080b0efb4949daf7594e0020 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53123 – PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
https://notcve.org/view.php?id=CVE-2023-53123
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed and later re-added. In commit a50297cf8235 ("s390/pci: separate zbus creation from scanning") it was missed however that struct pci_bus and struct zpci_bus's resource list retained a reference to the PCI functions M... • https://git.kernel.org/stable/c/a50297cf8235b062bcdeaa8b1dad58e69d3e1b43 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53121 – tcp: tcp_make_synack() can be called from process context
https://notcve.org/view.php?id=CVE-2023-53121
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG: BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464 caller is tcp_make_synack+... • https://git.kernel.org/stable/c/8336886f786fdacbc19b719c1f7ea91eb70706d4 •