CVSS: 8.5EPSS: %CPEs: 5EXPL: 0CVE-2023-53065 – perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
https://notcve.org/view.php?id=CVE-2023-53065
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 ... • https://git.kernel.org/stable/c/267fb27352b6fc9fdbad753127a239f75618ecbc •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53064 – iavf: fix hang on reboot with ice
https://notcve.org/view.php?id=CVE-2023-53064
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "systemd-shutdow" #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc #3 [ffffaad04005fb... • https://git.kernel.org/stable/c/85aa76066fef64de8a48d0da6b4071ceac455a94 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53061 – ksmbd: fix possible refcount leak in smb2_open()
https://notcve.org/view.php?id=CVE-2023-53061
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posix_acl_release(). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posix_acl_release(). • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 6.3EPSS: %CPEs: 9EXPL: 0CVE-2023-53060 – igb: revert rtnl_lock() that causes deadlock
https://notcve.org/view.php?id=CVE-2023-53060
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the... • https://git.kernel.org/stable/c/5773a1e6e5ba9f62c4573c57878d154fda269bc2 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53059 – platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
https://notcve.org/view.php?id=CVE-2023-53059
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data... • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2023-53058 – net/mlx5: E-Switch, Fix an Oops in error handling code
https://notcve.org/view.php?id=CVE-2023-53058
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. • https://git.kernel.org/stable/c/133dcfc577eaec6538db4ebd8b9205b361f59018 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2023-53055 – fscrypt: destroy keyring after security_sb_delete()
https://notcve.org/view.php?id=CVE-2023-53055
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until security_sb_delete(), this means that fscrypt_destroy_keyring() must be called *after* security_sb_delete(). This fixes a WARN_ON followed by a NULL dereference, only possible i... • https://git.kernel.org/stable/c/e6f4fd85ef1ee6ab356bfbd64df28c1cb73aee7e •
CVSS: 7.1EPSS: %CPEs: 12EXPL: 0CVE-2023-53054 – usb: dwc2: fix a devres leak in hw_enable upon suspend resume
https://notcve.org/view.php?id=CVE-2023-53054
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start(). This can be seen with tracing: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - go to low power - cat... • https://git.kernel.org/stable/c/33a06f1300a79cfd461cea0268f05e969d4f34ec •