CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53068 – net: usb: lan78xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53068
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length ret... • https://git.kernel.org/stable/c/55d7de9de6c30adce8d675c7ce513e283829c2ff •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53067 – LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
https://notcve.org/view.php?id=CVE-2023-53067
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see the following messages on LoongArch, this is because using might_sleep() in preemption disable context. [ 0.001127] smp: Bringing up secondary CPUs ... [ 0.001222] Booting CPU#1... [ 0.001244] 64-bit Loongson Processor probed (LA464 Core) [ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit) [ 0.... • https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53066 – qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
https://notcve.org/view.php?id=CVE-2023-53066
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid be... • https://git.kernel.org/stable/c/733def6a04bf3d2810dd675e1240f8df94d633c3 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53060 – igb: revert rtnl_lock() that causes deadlock
https://notcve.org/view.php?id=CVE-2023-53060
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the... • https://git.kernel.org/stable/c/5773a1e6e5ba9f62c4573c57878d154fda269bc2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53059 – platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
https://notcve.org/view.php?id=CVE-2023-53059
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data... • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53058 – net/mlx5: E-Switch, Fix an Oops in error handling code
https://notcve.org/view.php?id=CVE-2023-53058
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. • https://git.kernel.org/stable/c/133dcfc577eaec6538db4ebd8b9205b361f59018 •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-53054 – usb: dwc2: fix a devres leak in hw_enable upon suspend resume
https://notcve.org/view.php?id=CVE-2023-53054
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start(). This can be seen with tracing: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - go to low power - cat... • https://git.kernel.org/stable/c/33a06f1300a79cfd461cea0268f05e969d4f34ec •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53053 – erspan: do not use skb_mac_header() in ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2023-53053
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their ndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() which better describe what is needed in erspan_fb_xmit() and ip6erspan_tunnel_xmit() syzbot reported: WARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline] WARNING: CPU: 0 PID: 5083 at include/li... • https://git.kernel.org/stable/c/1baf5ebf8954d9bff8fa4e7dd6c416a0cebdb9e2 •