CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53683 – fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
https://notcve.org/view.php?id=CVE-2023-53683
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic. In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,... • https://git.kernel.org/stable/c/f62f5ee63052324ad94dd05091743d9e09f72070 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53682 – hwmon: (xgene) Fix ioremap and memremap leak
https://notcve.org/view.php?id=CVE-2023-53682
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (xgene) Fix ioremap and memremap leak Smatch reports: drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc_comm_addr' from ioremap() not released on line: 757. This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(), ioremap and memremap is not released, which may cause a leak. To fix this, ioremap and memremap is modified to devm_ioremap and devm_memremap. [groeck: Fixed formatting and subject] In the L... • https://git.kernel.org/stable/c/ed42cfa881e1d8d9603b7cb872199e3c8e0d1b19 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53681 – bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
https://notcve.org/view.php?id=CVE-2023-53681
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch_btree_node_alloc may be NULL. This may lead to a potential NULL pointer dereference in caller function like a calling chain : btree_split->bch_btree_node_alloc->__bch_btree_node_alloc. Fix it by initializing the return value in __bch_btree_node_alloc. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/cafe563591446cf80bfbc2fe3bc72a2e36cf1060 •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53680 – NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
https://notcve.org/view.php?id=CVE-2023-53680
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[]. In the Linux kernel, the following vulnera... • https://git.kernel.org/stable/c/f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53679 – wifi: mt7601u: fix an integer underflow
https://notcve.org/view.php?id=CVE-2023-53679
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p... • https://git.kernel.org/stable/c/c869f77d6abb5d5f9f2f1a661d5c53862a9cad34 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53676 – scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
https://notcve.org/view.php?id=CVE-2023-53676
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. In the Linux... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53675 – scsi: ses: Fix possible desc_ptr out-of-bounds accesses
https://notcve.org/view.php?id=CVE-2023-53675
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support... • https://git.kernel.org/stable/c/9927c68864e9c39cc317b4f559309ba29e642168 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53672 – btrfs: output extra debug info if we failed to find an inline backref
https://notcve.org/view.php?id=CVE-2023-53672
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref [BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref(). [CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inline backref can not be found, and it can only be triggered when @insert is true. (I.e. inserting a new inline backref, which means the backref should alread... • https://git.kernel.org/stable/c/492104c866cb1b62a11393adccb477f5cd2c7768 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53668 – ring-buffer: Fix deadloop issue on reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-53668
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488] [...] RIP: 0010:ring_buffer_empty_cpu+0xed/0x170 RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218 RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff... • https://git.kernel.org/stable/c/a5fb833172eca69136e9ee1ada778e404086ab8a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53667 – net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
https://notcve.org/view.php?id=CVE-2023-53667
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize Currently in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets tx_max to dwNtbOutMaxSize. This is then used to allocate a new SKB in cdc_ncm_fill_tx_frame() where all the data is handled. For small values of dwNtbOutMaxSize the memory allocated during alloc_skb(dwNtbOutMaxSize, GFP_ATOMIC) will have the same siz... • https://git.kernel.org/stable/c/289507d3364f96f4b8814726917d572f71350d87 •