CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53057 – Bluetooth: HCI: Fix global-out-of-bounds
https://notcve.org/view.php?id=CVE-2023-53057
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is valid as long as stage[i-1].func is valid. Thus, the last element of stage[].func should be intentionally invalid as hci_init0[], le_init2[], and others did. However, amp_init1[] and amp_init2[] have no invalid element, letting hci_init_stage_sync() keep accessing amp_init1[] over its valid range. This patch fixes ... • https://git.kernel.org/stable/c/d0b137062b2de75b264b84143d21c98abc5f5ad2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53056 – scsi: qla2xxx: Synchronize the IOCB count to be in order
https://notcve.org/view.php?id=CVE-2023-53056
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1 Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022 RIP: 0010:__wake_up_common+0x55/0x190 Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43... • https://git.kernel.org/stable/c/d58b45bbbea8f9516b66e0b494701c369adb0ae8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53055 – fscrypt: destroy keyring after security_sb_delete()
https://notcve.org/view.php?id=CVE-2023-53055
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until security_sb_delete(), this means that fscrypt_destroy_keyring() must be called *after* security_sb_delete(). This fixes a WARN_ON followed by a NULL dereference, only possible i... • https://git.kernel.org/stable/c/e6f4fd85ef1ee6ab356bfbd64df28c1cb73aee7e •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-53054 – usb: dwc2: fix a devres leak in hw_enable upon suspend resume
https://notcve.org/view.php?id=CVE-2023-53054
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start(). This can be seen with tracing: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - go to low power - cat... • https://git.kernel.org/stable/c/33a06f1300a79cfd461cea0268f05e969d4f34ec •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53053 – erspan: do not use skb_mac_header() in ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2023-53053
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their ndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() which better describe what is needed in erspan_fb_xmit() and ip6erspan_tunnel_xmit() syzbot reported: WARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline] WARNING: CPU: 0 PID: 5083 at include/li... • https://git.kernel.org/stable/c/1baf5ebf8954d9bff8fa4e7dd6c416a0cebdb9e2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53051 – dm crypt: add cond_resched() to dmcrypt_write()
https://notcve.org/view.php?id=CVE-2023-53051
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [... • https://git.kernel.org/stable/c/dc2676210c425ee8e5cb1bec5bc84d004ddf4179 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53049 – usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
https://notcve.org/view.php?id=CVE-2023-53049
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connector_change(), which then derefs the NULL ucsi->connector pointer. Fix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init() has succeeded, so that ucsi_connector_change() ignores the events because UCSI_ENABLE_NTFY_CONNECT... • https://git.kernel.org/stable/c/bdc62f2bae8fb0e8e99574de5232f0a3c54a27df •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53048 – usb: typec: tcpm: fix warning when handle discover_identity message
https://notcve.org/view.php?id=CVE-2023-53048
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discover_identity message Since both source and sink device can send discover_identity message in PD3, kernel may dump below warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 169 at drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0 Modules linked in: CPU: 0 PID: 169 Comm: 1-0050 Not tainted 6.1.1-00038-g6a3c36cf1da2-dirty #567 Hardware name: NXP i.MX8MPlus EVK board (DT) p... • https://git.kernel.org/stable/c/e00943e916782ae17ca05d654779a84f09481ab8 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53047 – tee: amdtee: fix race condition in amdtee_open_session
https://notcve.org/view.php?id=CVE-2023-53047
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session()... • https://git.kernel.org/stable/c/757cc3e9ff1d72d014096399d6e2bf03974d9da1 • CWE-826: Premature Release of Resource During Expected Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53046 – Bluetooth: Fix race condition in hci_cmd_sync_clear
https://notcve.org/view.php?id=CVE-2023-53046
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hci_cmd_sync_clear There is a potential race condition in hci_cmd_sync_work and hci_cmd_sync_clear, and could lead to use-after-free. For instance, hci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync The entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and causing kernel panic when it is used in 'hci_cmd_sync_work'. Here's the call trace: dump_stack_lvl+0x49/0x63 print_r... • https://git.kernel.org/stable/c/6a98e3836fa2077b169f10a35c2ca9952d53f987 •