CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53679 – wifi: mt7601u: fix an integer underflow
https://notcve.org/view.php?id=CVE-2023-53679
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p... • https://git.kernel.org/stable/c/67e4519afba215199b6dfa39ce5d7ea673ee4138 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53676 – scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
https://notcve.org/view.php?id=CVE-2023-53676
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. In the Linux... • https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53675 – scsi: ses: Fix possible desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-53675
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). • https://git.kernel.org/stable/c/72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53672 – btrfs: output extra debug info if we failed to find an inline backref
https://notcve.org/view.php?id=CVE-2023-53672
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref [BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref(). [CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inline backref can not be found, and it can only be triggered when @insert is true. (I.e. inserting a new inline backref, which means the backref should alread... • https://git.kernel.org/stable/c/376b41524b71e494514720bd6114325b0a2ed19c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53671 – srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
https://notcve.org/view.php?id=CVE-2023-53671
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL Commit 994f706872e6 ("srcu: Make Tree SRCU able to operate without snp_node array") assumes that cpu 0 is always online. However, there really are situations when some other CPU is the boot CPU, for example, when booting a kdump kernel with the maxcpus=1 boot parameter. On PowerPC, the kdump kernel can hang as follows: ... [ 1.740036] systemd[1]: Hostname set to
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53668 – ring-buffer: Fix deadloop issue on reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-53668
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488] [...] RIP: 0010:ring_buffer_empty_cpu+0xed/0x170 RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218 RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff... • https://git.kernel.org/stable/c/a5fb833172eca69136e9ee1ada778e404086ab8a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53667 – net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
https://notcve.org/view.php?id=CVE-2023-53667
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize Currently in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets tx_max to dwNtbOutMaxSize. This is then used to allocate a new SKB in cdc_ncm_fill_tx_frame() where all the data is handled. For small values of dwNtbOutMaxSize the memory allocated during alloc_skb(dwNtbOutMaxSize, GFP_ATOMIC) will have the same siz... • https://git.kernel.org/stable/c/289507d3364f96f4b8814726917d572f71350d87 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53661 – bnxt: avoid overflow in bnxt_get_nvram_directory()
https://notcve.org/view.php?id=CVE-2023-53661
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow. Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid ove... • https://git.kernel.org/stable/c/d5eaf2a6b077f32a477feb1e9e1c1f60605b460e • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50554 – blk-mq: avoid double ->queue_rq() because of early timeout
https://notcve.org/view.php?id=CVE-2022-50554
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then ... • https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1 • CWE-820: Missing Synchronization •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50552 – blk-mq: use quiesced elevator switch when reinitializing queues
https://notcve.org/view.php?id=CVE-2022-50552
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the qui... • https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963 •