CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53365 – ip6mr: Fix skb_under_panic in ip6mr_cache_report()
https://notcve.org/view.php?id=CVE-2023-53365
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),... • https://git.kernel.org/stable/c/14fb64e1f449ef6666f1c3a3fa4e13aec669b98d • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53357 – md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
https://notcve.org/view.php?id=CVE-2023-53357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in md_bitmap_get_counter() in order to set *blocks value and slab-out-of-bounds occurs. Move check of 'page >= bitmap->pages' to md_bitmap_get_counter() and return directly if true. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/ef4256733506f2459a0c436b62267d22a3f0cec6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53355 – staging: pi433: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53355
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This requires saving off the root directory dentry to make creation of individual device subdirectories easier. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/874bcba65f9a3a2a304b5f520529c046887c3cdc • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53354 – skbuff: skb_segment, Call zero copy functions before using skbuff frags
https://notcve.org/view.php?id=CVE-2023-53354
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb") added the call to zero copy functions in skb_segment(). The change introduced a bug in skb_segment() because skb_orphan_frags() may possibly change the number of fragments or allocate new fragments altogether leaving nrfrags and frag to point to the old values. This can cause a panic w... • https://git.kernel.org/stable/c/bf5c25d608613eaf4dcdba5a9cac5b2afe67d635 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53348 – btrfs: fix deadlock when aborting transaction during relocation with scrub
https://notcve.org/view.php?id=CVE-2023-53348
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when aborting transaction during relocation with scrub Before relocating a block group we pause scrub, then do the relocation and then unpause scrub. The relocation process requires starting and committing a transaction, and if we have a failure in the critical section of the transaction commit path (transaction state >= TRANS_STATE_COMMIT_START), we will deadlock if there is a paused scrub. That results in stack traces ... • https://git.kernel.org/stable/c/55e3a601c81cdca4497bf855fa4d331f8e830744 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53346 – kernel/fail_function: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53346
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs... • https://git.kernel.org/stable/c/4b1a29a7f5425d32640b34b8a755f34e02f64d0f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53344 – can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
https://notcve.org/view.php?id=CVE-2023-53344
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline] BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600 aio_rw_done fs/aio.c:1520 [inline] aio_write+0x899/0x950 fs/aio.c:1600 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019 __do_sys_io_submit fs/aio.c:2078 [inline] __se_s... • https://git.kernel.org/stable/c/6f3b911d5f29b98752e5da86a295210c0c4f4e14 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53343 – icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
https://notcve.org/view.php?id=CVE-2023-53343
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). With some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ext Hdr. For example, the script below generates a packet whose src IP is the link-local address and dst is updated to 11::. # for f in $(find /proc/sys/net/ -name *seg6_enabled*); do echo 1 > $f; done # pyth... • https://git.kernel.org/stable/c/4832c30d5458387ff2533ff66fbde26ad8bb5a2d • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53338 – lwt: Fix return values of BPF xmit ops
https://notcve.org/view.php?id=CVE-2023-53338
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive values, such like NET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function skb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return values would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in ip(6)_finish_output2. When this happens, skbs that have been freed would continue to the neighbor subsystem, causing use-after-free... • https://git.kernel.org/stable/c/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53337 – nilfs2: do not write dirty data after degenerating to read-only
https://notcve.org/view.php?id=CVE-2023-53337
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only degeneration, page cache data may be cleared through nilfs_clear_dirty_page() which may also clear the uptodate flag for their buffer heads. However, even aft... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •