CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53091 – ext4: update s_journal_inum if it changes after journal replay
https://notcve.org/view.php?id=CVE-2023-53091
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the j... • https://git.kernel.org/stable/c/499fef2030fb754c68b1c7cb3a799a3bc1d0d925 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53090 – drm/amdkfd: Fix an illegal memory access
https://notcve.org/view.php?id=CVE-2023-53090
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfd_wait_on_events() function, the kfd_event_waiter structure is allocated by alloc_event_waiters(), but the event field of the waiter structure is not initialized; When copy_from_user() fails in the kfd_wait_on_events() function, it will enter exception handling to release the previously allocated memory of the waiter structure; Due to the event field of the waiters structure being accessed i... • https://git.kernel.org/stable/c/5a3fb3b745af0ce46ec2e0c8e507bae45b937334 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53089 – ext4: fix task hung in ext4_xattr_delete_inode
https://notcve.org/view.php?id=CVE-2023-53089
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4_xattr_delete_inode Syzbot reported a hung task problem: ================================================================== INFO: task syz-executor232:5073 blocked for more than 143 seconds. Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53088 – mptcp: fix UaF in listener shutdown
https://notcve.org/view.php?id=CVE-2023-53088
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0 Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266 CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Hardware name: QEMU Standard PC (... • https://git.kernel.org/stable/c/6aeed9045071f2252ff4e98fc13d1e304f33e5b0 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53087 – drm/i915/active: Fix misuse of non-idle barriers as fence trackers
https://notcve.org/view.php?id=CVE-2023-53087
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with a number of concurrently running graphics applications. Root cause analysis pointed at an issue in barrier processing code -- a race among perf open / close replacing active barriers with perf requests on kernel context and concurrent barrier preallocate / acquire operations performed during user context fir... • https://git.kernel.org/stable/c/311770173fac27845a3a83e2c16100a54d308f72 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53084 – drm/shmem-helper: Remove another errant put in error path
https://notcve.org/view.php?id=CVE-2023-53084
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem GEM object getting prematurely freed leading to a later use-after-free. In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem ... • https://git.kernel.org/stable/c/f49a51bfdc8ea717c97ccd4cc98b7e6daaa5553a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53083 – nfsd: don't replace page in rq_pages if it's a continuation of last page
https://notcve.org/view.php?id=CVE-2023-53083
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rq_pages if it's a continuation of last page The splice read calls nfsd_splice_actor to put the pages containing file data into the svc_rqst->rq_pages array. It's possible however to get a splice result that only has a partial page at the end, if (e.g.) the filesystem hands back a short read that doesn't cover the whole page. nfsd_splice_actor will plop the partial page into its rq_pages array and return. Then la... • https://git.kernel.org/stable/c/91e23b1c39820bfed642119ff6b6ef9f43cf09ce •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53082 – vp_vdpa: fix the crash in hot unplug with vp_vdpa
https://notcve.org/view.php?id=CVE-2023-53082
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panic The root cause is: vdpa_mgmtdev_unregister() will accesses modern devices which will cause a use after free. So need to change the sequence in vp_vdpa_remove [ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014 [ 195.004012] #PF: supervisor read access in kernel mode [ 195.004486] #PF: error_code(0x0000) ... • https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53081 – ocfs2: fix data corruption after failed write
https://notcve.org/view.php?id=CVE-2023-53081
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting writt... • https://git.kernel.org/stable/c/7ed80e77c908cbaa686529a49f8ae0060c5caee7 •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53080 – xsk: Add missing overflow check in xdp_umem_reg
https://notcve.org/view.php?id=CVE-2023-53080
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem->npgs. In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. • https://git.kernel.org/stable/c/bbff2f321a864ee07c9d3d1245af498023146951 •