CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53065 – perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
https://notcve.org/view.php?id=CVE-2023-53065
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 ... • https://git.kernel.org/stable/c/267fb27352b6fc9fdbad753127a239f75618ecbc •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53064 – iavf: fix hang on reboot with ice
https://notcve.org/view.php?id=CVE-2023-53064
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "systemd-shutdow" #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc #3 [ffffaad04005fb... • https://git.kernel.org/stable/c/85aa76066fef64de8a48d0da6b4071ceac455a94 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53061 – ksmbd: fix possible refcount leak in smb2_open()
https://notcve.org/view.php?id=CVE-2023-53061
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posix_acl_release(). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posix_acl_release(). • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53060 – igb: revert rtnl_lock() that causes deadlock
https://notcve.org/view.php?id=CVE-2023-53060
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the... • https://git.kernel.org/stable/c/5773a1e6e5ba9f62c4573c57878d154fda269bc2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53059 – platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
https://notcve.org/view.php?id=CVE-2023-53059
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data... • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53058 – net/mlx5: E-Switch, Fix an Oops in error handling code
https://notcve.org/view.php?id=CVE-2023-53058
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. • https://git.kernel.org/stable/c/133dcfc577eaec6538db4ebd8b9205b361f59018 •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53057 – Bluetooth: HCI: Fix global-out-of-bounds
https://notcve.org/view.php?id=CVE-2023-53057
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is valid as long as stage[i-1].func is valid. Thus, the last element of stage[].func should be intentionally invalid as hci_init0[], le_init2[], and others did. However, amp_init1[] and amp_init2[] have no invalid element, letting hci_init_stage_sync() keep accessing amp_init1[] over its valid range. This patch fixes ... • https://git.kernel.org/stable/c/d0b137062b2de75b264b84143d21c98abc5f5ad2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53056 – scsi: qla2xxx: Synchronize the IOCB count to be in order
https://notcve.org/view.php?id=CVE-2023-53056
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1 Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022 RIP: 0010:__wake_up_common+0x55/0x190 Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43... • https://git.kernel.org/stable/c/d58b45bbbea8f9516b66e0b494701c369adb0ae8 •