CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53088 – mptcp: fix UaF in listener shutdown
https://notcve.org/view.php?id=CVE-2023-53088
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0 Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266 CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Hardware name: QEMU Standard PC (... • https://git.kernel.org/stable/c/6aeed9045071f2252ff4e98fc13d1e304f33e5b0 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2023-53087 – drm/i915/active: Fix misuse of non-idle barriers as fence trackers
https://notcve.org/view.php?id=CVE-2023-53087
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with a number of concurrently running graphics applications. Root cause analysis pointed at an issue in barrier processing code -- a race among perf open / close replacing active barriers with perf requests on kernel context and concurrent barrier preallocate / acquire operations performed during user context fir... • https://git.kernel.org/stable/c/311770173fac27845a3a83e2c16100a54d308f72 •
CVSS: 7.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53084 – drm/shmem-helper: Remove another errant put in error path
https://notcve.org/view.php?id=CVE-2023-53084
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem GEM object getting prematurely freed leading to a later use-after-free. In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem ... • https://git.kernel.org/stable/c/f49a51bfdc8ea717c97ccd4cc98b7e6daaa5553a •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53083 – nfsd: don't replace page in rq_pages if it's a continuation of last page
https://notcve.org/view.php?id=CVE-2023-53083
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rq_pages if it's a continuation of last page The splice read calls nfsd_splice_actor to put the pages containing file data into the svc_rqst->rq_pages array. It's possible however to get a splice result that only has a partial page at the end, if (e.g.) the filesystem hands back a short read that doesn't cover the whole page. nfsd_splice_actor will plop the partial page into its rq_pages array and return. Then la... • https://git.kernel.org/stable/c/91e23b1c39820bfed642119ff6b6ef9f43cf09ce •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53082 – vp_vdpa: fix the crash in hot unplug with vp_vdpa
https://notcve.org/view.php?id=CVE-2023-53082
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panic The root cause is: vdpa_mgmtdev_unregister() will accesses modern devices which will cause a use after free. So need to change the sequence in vp_vdpa_remove [ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014 [ 195.004012] #PF: supervisor read access in kernel mode [ 195.004486] #PF: error_code(0x0000) ... • https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f •
CVSS: 7.1EPSS: %CPEs: 10EXPL: 0CVE-2023-53081 – ocfs2: fix data corruption after failed write
https://notcve.org/view.php?id=CVE-2023-53081
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting writt... • https://git.kernel.org/stable/c/7ed80e77c908cbaa686529a49f8ae0060c5caee7 •
CVSS: 9.0EPSS: %CPEs: 5EXPL: 0CVE-2023-53080 – xsk: Add missing overflow check in xdp_umem_reg
https://notcve.org/view.php?id=CVE-2023-53080
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem->npgs. In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. • https://git.kernel.org/stable/c/bbff2f321a864ee07c9d3d1245af498023146951 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2023-53079 – net/mlx5: Fix steering rules cleanup
https://notcve.org/view.php?id=CVE-2023-53079
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx5 driver will try to delete the above rules in the initialization path. This cause kernel crash because these software rules are no longer valid. Fix by nullifying these rules right after delete to avoid accessing any dangling pointer... • https://git.kernel.org/stable/c/a35f71f27a614aff106cc89b86168962bce2725f •
CVSS: 5.5EPSS: %CPEs: 10EXPL: 0CVE-2023-53078 – scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
https://notcve.org/view.php?id=CVE-2023-53078
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$...... • https://git.kernel.org/stable/c/625fe857e4fac6518716f3c0ff5e5deb8ec6d238 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2023-53077 – drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
https://notcve.org/view.php?id=CVE-2023-53077
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. In the Linux kernel, the following vulnerability has been resolved: drm/amd/di... • https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa •