CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53811 – RDMA/irdma: Cap MSIX used to online CPUs + 1
https://notcve.org/view.php?id=CVE-2023-53811
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to num_online_cpus() + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a warning as the driver tries to update the affinity hint with a CPU mask greater than the max CPU IDs. Fix this by capping the MSIX vectors to num_online_cpus() + 1. WARNING: CPU: 7 PID: 23655 at include/linux/cpumask.h... • https://git.kernel.org/stable/c/44d9e52977a1b90b0db1c7f8b197c218e9226520 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53810 – blk-mq: release crypto keyslot before reporting I/O complete
https://notcve.org/view.php?id=CVE-2023-53810
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key has completed, filesystems can call blk_crypto_evict_key(). However, the block layer currently doesn't call blk_crypto_put_keyslot() until the request is being freed, which happens after upper layers have been told (via bio_endio()) the I/O has completed. This causes a race condition where blk_crypto_evict_key() can see 'slot_refs != 0' without ... • https://git.kernel.org/stable/c/a892c8d52c02284076fbbacae6692aa5c5807d11 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53809 – l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
https://notcve.org/view.php?id=CVE-2023-53809
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tp_tunnel_register(). This situation is reproduced by the following program: int main(void) { int sock; struct sockaddr_pppol2tp addr; sock = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); if (sock < 0) { perror("socket"); return 1; } addr.sa_family = AF_PPPOX... • https://git.kernel.org/stable/c/2d77e5c0ad79004b5ef901895437e9cce6dfcc7e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53808 – wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
https://notcve.org/view.php?id=CVE-2023-53808
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Always free the zeroed page on return from 'mwifiex_histogram_read()'. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/cbf6e05527a7654ac1c4f4787dfd7a182fcc0c73 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53807 – clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
https://notcve.org/view.php?id=CVE-2023-53807
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() Smatch detected this potential error pointer dereference clk_wzrd_register_divider(). If devm_clk_hw_register() fails then it sets "hw" to an error pointer and then dereferences it on the next line. Return the error directly instead. In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() Smatch detected th... • https://git.kernel.org/stable/c/5a853722eb32188647a541802d51d0db423b9baf •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53806 – drm/amd/display: populate subvp cmd info only for the top pipe
https://notcve.org/view.php?id=CVE-2023-53806
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. [How] When the driver populates subvp info it did it for both the pipes using vblank which caused an outof bounds array access causing the page fault. added checks to allow the top pipe only to fix this issue. In the Linux kernel, the following ... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53804 – nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
https://notcve.org/view.php?id=CVE-2023-53804
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue b... • https://git.kernel.org/stable/c/e912a5b66837ee89fb025e67b5efeaa11930c2ce •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53803 – scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
https://notcve.org/view.php?id=CVE-2023-53803
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/21fab1d0595eacf781705ec3509012a28f298245 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53802 – wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
https://notcve.org/view.php?id=CVE-2023-53802
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kerne... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53801 – iommu/sprd: Release dma buffer to avoid memory leak
https://notcve.org/view.php?id=CVE-2023-53801
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed. In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping ... • https://git.kernel.org/stable/c/b23e4fc4e3faed0b8b604079c44a244da3ec941a •