CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53732 – fs/ntfs3: Fix NULL dereference in ni_write_inode
https://notcve.org/view.php?id=CVE-2023-53732
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in ni_write_inode Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode, if allocation fails in mi_init function (called in mi_format_new function), mi->mrec is set to NULL. In the error path of this inode creation, mi->mrec is later dereferenced in ni_write_inode. Add a NULL check to prevent NULL dereference. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3... • https://git.kernel.org/stable/c/d4b74482529516477cf7b12502538e51827c699f •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-53731 – netlink: fix potential deadlock in netlink_set_err()
https://notcve.org/view.php?id=CVE-2023-53731
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs for netlink_lock_table()") in netlink_lock_table() This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump() which were not covered by cited commit. [1] WARNING: possible irq lock inversion dependency detected 6.4.0-rc6-syzkaller-00240-g4e9f... • https://git.kernel.org/stable/c/82b2ea5f904b3826934df4a00f3b8806272185f6 •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53729 – soc: qcom: qmi_encdec: Restrict string length in decode
https://notcve.org/view.php?id=CVE-2023-53729
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a string is actually MAX_LEN + 1 length, this will cause an out of bounds access when the NULL character is appended in decoding. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI... • https://git.kernel.org/stable/c/9b8a11e82615274d4133aab3cf5aa1c59191f0a2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53728 – posix-timers: Ensure timer ID search-loop limit is valid
https://notcve.org/view.php?id=CVE-2023-53728
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID space for a free slot one by one. The loop has to terminate when the search wrapped around to the starting point. But that's racy vs. establishing the starting point. That is read out lockless, which leads to th... • https://git.kernel.org/stable/c/8dc52c200b889bc1cb34288fbf623d4ff381d2ae •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53725 – clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
https://notcve.org/view.php?id=CVE-2023-53725
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe() warn: 'timer_baseaddr' from of_iomap() not released on lines: 498,508,516. timer_baseaddr may have the problem of not being released after use, I replaced it with the devm_of_iomap() function and added the clk_put() function to cleanup the "clk_ce" and "clk_cs". In the Linux kernel, the following ... • https://git.kernel.org/stable/c/e932900a3279b5dbb6d8f43c7b369003620e137c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53724 – mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
https://notcve.org/view.php?id=CVE-2023-53724
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() `req` is allocated in pcf50633_adc_async_read(), but adc_enqueue_request() could fail to insert the `req` into queue. We need to check the return value and free it in the case of failure. In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() `req` is allocated in pcf50633_adc_async_read(),... • https://git.kernel.org/stable/c/08c3e06a5eb27d43b712adef18379f8464425e71 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53723 – drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
https://notcve.org/view.php?id=CVE-2023-53723
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini, driver unconditionally disables ecc_irq which is only enabled on those asics enabling sdma ecc. This will introduce a warning in suspend cycle on those chips with sdma ip v4.0, while without sdma ecc. So this patch correct this. [ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu] [ 7283.167001] RS... • https://git.kernel.org/stable/c/3decf3a750a924362bf4e2680dd3b07242fe56e8 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53722 – md: raid1: fix potential OOB in raid1_remove_disk()
https://notcve.org/view.php?id=CVE-2023-53722
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows: 1) commit d17f744e883b ("md-raid10: fix KASAN warning") 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk") Fix this bug by checking whether the "number" variable is valid. In the Linux kernel, the following v... • https://git.kernel.org/stable/c/beedf40f73939f248c81802eda08a2a8148ea13e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53721 – wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()
https://notcve.org/view.php?id=CVE-2023-53721
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan() In ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly used in memcpy(), which may lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of arg.extraie.ptr. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 In the Linux kernel, the following vulnerability has been resolved: wifi: a... • https://git.kernel.org/stable/c/5a263df398b581189fe632b4ab8440f3dd76c251 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53719 – serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
https://notcve.org/view.php?id=CVE-2023-53719
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lines: 631. In arc_serial_probe(), if uart_add_one_port() fails, port->membase is not released, which would cause a resource leak. To fix this, I replace of_iomap with devm_platform_ioremap_resource. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a •