CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53608 – nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
https://notcve.org/view.php?id=CVE-2023-53608
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected. At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member of "struct nilfs_sc_info" to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this us... • https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53606 – nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
https://notcve.org/view.php?id=CVE-2023-53606
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath There are two different flavors of the nfsd4_copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically allocated, refcounted and tracked in the client struture. For the embedded one, the cleanup just involves releasing any nfsd_files held on its behalf. For the async one, the cleanup is a bit more involved, and we need ... • https://git.kernel.org/stable/c/fd63299db8090307eae66f2aef17c8f00aafa0a9 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53593 – cifs: Release folio lock on fscache read hit.
https://notcve.org/view.php?id=CVE-2023-53593
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the folio once the read has completed, > whether it was successful or not. Without this change, when fscache is in use and cache hit occurs during a read, the ... • https://git.kernel.org/stable/c/c3ac8323f2f5b50e32681c254b8318f7fa2dc3f4 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53588 – wifi: mac80211: check for station first in client probe
https://notcve.org/view.php?id=CVE-2023-53588
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. In the Linux kernel, the following vulnerability has been resolved: wifi: mac8... • https://git.kernel.org/stable/c/7e1cda5cf07f848e6b50b4e5e7761ffbce905a3d •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53582 – wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
https://notcve.org/view.php?id=CVE-2023-53582
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace() in brcmf_c_preinit_dcmds(). This buffer is filled with a CLM version string by memcpy() in brcmf_fil_iovar_data_get(). Ensure buf is null-terminated. Found by a modified version of syzkaller. [ 33.004414][ T1896] brcmfmac: b... • https://git.kernel.org/stable/c/3b173b4ad9c001a555f44adc7836d6fe3afbe9ec • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50504 – powerpc/rtas: avoid scheduling in rtas_os_term()
https://notcve.org/view.php?id=CVE-2022-50504
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0 preempt_count: 2, expected: 0 CPU: 7 PID: 1 Comm:... • https://git.kernel.org/stable/c/f413135b337c4e90c1e593c6613f8717e17bc724 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50497 – binfmt_misc: fix shift-out-of-bounds in check_special_flags
https://notcve.org/view.php?id=CVE-2022-50497
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: fix shift-out-of-bounds in check_special_flags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50494 – thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
https://notcve.org/view.php?id=CVE-2022-50494
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687 caller is debug_smp_processor_id+0x17/0x20 CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53576 – null_blk: Always check queue mode setting from configfs
https://notcve.org/view.php?id=CVE-2023-53576
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: null_blk: Always check queue mode setting from configfs Make sure to check device queue mode in the null_validate_conf() and return error for NULL_Q_RQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is set to 1 from configfs, following are repro steps :- modprobe null_blk nr_devices=0 mkdir config/nullb/nullb0 echo 1 > config/nullb/nullb0/memory_backed echo 4096 > config/nullb/nullb0/blocksize echo 20480 >... • https://git.kernel.org/stable/c/e732a266b973cd4e115e2cc2ea5007119e8a7fbc • CWE-1288: Improper Validation of Consistency within Input •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53569 – ext2: Check block size validity during mount
https://notcve.org/view.php?id=CVE-2023-53569
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior. In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can ... • https://git.kernel.org/stable/c/0ebfaf14150f55550cffb1148ed3920143c7a69c •