CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53074 – drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
https://notcve.org/view.php?id=CVE-2023-53074
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed after the mode1 reset. During mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer which caused the bo pin_count increase redundantly. [ 489.885525] Call Trace: [ 489.885525]
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53072 – mptcp: use the workqueue to destroy unaccepted sockets
https://notcve.org/view.php?id=CVE-2023-53072
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260 Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198 CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Hardware name: QEMU Standard PC (i440FX + PI... • https://git.kernel.org/stable/c/58b09919626bf9067345289212ec030c61eb1034 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53068 – net: usb: lan78xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53068
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length ret... • https://git.kernel.org/stable/c/55d7de9de6c30adce8d675c7ce513e283829c2ff •
CVSS: 6.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53067 – LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
https://notcve.org/view.php?id=CVE-2023-53067
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see the following messages on LoongArch, this is because using might_sleep() in preemption disable context. [ 0.001127] smp: Bringing up secondary CPUs ... [ 0.001222] Booting CPU#1... [ 0.001244] 64-bit Loongson Processor probed (LA464 Core) [ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit) [ 0.... • https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53066 – qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
https://notcve.org/view.php?id=CVE-2023-53066
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid be... • https://git.kernel.org/stable/c/733def6a04bf3d2810dd675e1240f8df94d633c3 •
CVSS: 8.5EPSS: %CPEs: 5EXPL: 0CVE-2023-53065 – perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
https://notcve.org/view.php?id=CVE-2023-53065
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 ... • https://git.kernel.org/stable/c/267fb27352b6fc9fdbad753127a239f75618ecbc •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 6.3EPSS: %CPEs: 9EXPL: 0CVE-2023-53060 – igb: revert rtnl_lock() that causes deadlock
https://notcve.org/view.php?id=CVE-2023-53060
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the... • https://git.kernel.org/stable/c/5773a1e6e5ba9f62c4573c57878d154fda269bc2 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53059 – platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
https://notcve.org/view.php?id=CVE-2023-53059
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data... • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •