CVSS: 6.3EPSS: %CPEs: 9EXPL: 0CVE-2023-53060 – igb: revert rtnl_lock() that causes deadlock
https://notcve.org/view.php?id=CVE-2023-53060
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the... • https://git.kernel.org/stable/c/5773a1e6e5ba9f62c4573c57878d154fda269bc2 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53059 – platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
https://notcve.org/view.php?id=CVE-2023-53059
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data... • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •
CVSS: 7.1EPSS: %CPEs: 12EXPL: 0CVE-2023-53054 – usb: dwc2: fix a devres leak in hw_enable upon suspend resume
https://notcve.org/view.php?id=CVE-2023-53054
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start(). This can be seen with tracing: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - go to low power - cat... • https://git.kernel.org/stable/c/33a06f1300a79cfd461cea0268f05e969d4f34ec •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2023-53053 – erspan: do not use skb_mac_header() in ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2023-53053
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their ndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() which better describe what is needed in erspan_fb_xmit() and ip6erspan_tunnel_xmit() syzbot reported: WARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline] WARNING: CPU: 0 PID: 5083 at include/li... • https://git.kernel.org/stable/c/1baf5ebf8954d9bff8fa4e7dd6c416a0cebdb9e2 •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2023-53052 – cifs: fix use-after-free bug in refresh_cache_worker()
https://notcve.org/view.php?id=CVE-2023-53052
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This f... • https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53051 – dm crypt: add cond_resched() to dmcrypt_write()
https://notcve.org/view.php?id=CVE-2023-53051
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [... • https://git.kernel.org/stable/c/dc2676210c425ee8e5cb1bec5bc84d004ddf4179 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53045 – usb: gadget: u_audio: don't let userspace block driver unbind
https://notcve.org/view.php?id=CVE-2023-53045
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock duri... • https://git.kernel.org/stable/c/132fcb460839a876f5bc8b71bede60f8d0875757 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53044 – dm stats: check for and propagate alloc_percpu failure
https://notcve.org/view.php?id=CVE-2023-53044
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check all... • https://git.kernel.org/stable/c/fd2ed4d252701d3bbed4cd3e3d267ad469bb832a •
CVSS: 5.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53042 – drm/amd/display: Do not set DRR on pipe Commit
https://notcve.org/view.php?id=CVE-2023-53042
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. • https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53041 – scsi: qla2xxx: Perform lockless command completion in abort path
https://notcve.org/view.php?id=CVE-2023-53041
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_... • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 •