CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53229 – wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
https://notcve.org/view.php?id=CVE-2023-53229
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta Avoid potential data corruption issues caused by uninitialized driver private data structures. This update provides the initi... • https://git.kernel.org/stable/c/6a9d1b91f34df1935bc0ad98114801a44db0f98c • CWE-908: Use of Uninitialized Resource •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53226 – wifi: mwifiex: Fix OOB and integer underflow when rx packets
https://notcve.org/view.php?id=CVE-2023-53226
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet not out-of-bounds access the skb->data buffer. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwif... • https://git.kernel.org/stable/c/2dbaf751b1dec3a603130a475f94cc4d3f404362 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-53225 – spi: imx: Don't skip cleanup in remove's error path
https://notcve.org/view.php?id=CVE-2023-53225
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails. In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning... • https://git.kernel.org/stable/c/d593574aff0ab846136190b1729c151c736727ec • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53223 – drm/msm/dsi: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2023-53223
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/517646/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return ... • https://git.kernel.org/stable/c/0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53222 – jfs: jfs_dmap: Validate db_l2nbperpage while mounting
https://notcve.org/view.php?id=CVE-2023-53222
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181.... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53220 – media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-53220
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref... • https://git.kernel.org/stable/c/caa1a700ed2a06a831e6a7db5d9f213fc63caee3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53215 – sched/fair: Don't balance task to its current running CPU
https://notcve.org/view.php?id=CVE-2023-53215
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in set_task_cpu() like below: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240 Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.... • https://git.kernel.org/stable/c/88b8dac0a14c511ff41486b83a8c3d688936eec0 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53213 – wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
https://notcve.org/view.php?id=CVE-2023-53213
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ==============... • https://git.kernel.org/stable/c/cf2b448852abd47cee21007b8313fbf962bf3c9a • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-53204 – af_unix: Fix data-races around user->unix_inflight.
https://notcve.org/view.php?id=CVE-2023-53204
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. user->unix_inflight is changed under spin_lock(unix_gc_lock), but too_many_unix_fds() reads it locklessly. Let's annotate the write/read accesses to user->unix_inflight. BUG: KCSAN: data-race in unix_attach_fds / unix_inflight write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1: unix_inflight+0x157/0x180 net/unix/scm.c:66 unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123 unix_scm_to... • https://git.kernel.org/stable/c/712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-366: Race Condition within a Thread •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53199 – wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
https://notcve.org/view.php?id=CVE-2023-53199
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we have an incorrect pkt_len or pkt_tag, the input skb is considered invalid and dropped. All the associated packets already in skb_pool should be dropped and... • https://git.kernel.org/stable/c/44b23b488d44e56d467764ecb661830e5b02b308 •