CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53009 – drm/amdkfd: Add sync after creating vram bo
https://notcve.org/view.php?id=CVE-2023-53009
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization completion is to resolve this issue. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initializa... • https://git.kernel.org/stable/c/92af2d3b57a1afdfdcafb1c6a07ffd89cf3e98fb •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53008 – cifs: fix potential memory leaks in session setup
https://notcve.org/view.php?id=CVE-2023-53008
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting. • https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53001 – drm/drm_vma_manager: Add drm_vma_node_allow_once()
https://notcve.org/view.php?id=CVE-2023-53001
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/drm_vma_manager: Add drm_vma_node_allow_once() Currently there is no easy way for a drm driver to safely check and allow drm_vma_offset_node for a drm file just once. Allow drm drivers to call non-refcounted version of drm_vma_node_allow() so that a driver doesn't need to keep track of each drm_vma_node_allow() to call subsequent drm_vma_node_revoke() to prevent memory leak. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53000 – netlink: prevent potential spectre v1 gadgets
https://notcve.org/view.php?id=CVE-2023-53000
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) { /* error or continue */ } @type is then used as an array index and can be used as a Spectre v1 gadget. array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. This should take care of vast majority of ... • https://git.kernel.org/stable/c/bfa83a9e03cf8d501c6272999843470afecb32ed •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52993 – x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
https://notcve.org/view.php?id=CVE-2023-52993
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code. This happens because the legacy timer interrupt (IRQ0) is resent in software which happens in soft interrupt (tasklet) context. In this context get_irq_regs() returns NULL which leads to the NULL pointer derefere... • https://git.kernel.org/stable/c/a4633adcdbc15ac51afcd0e1395de58cee27cf92 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52992 – bpf: Skip task with pid=1 in send_signal_common()
https://notcve.org/view.php?id=CVE-2023-52992
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52990 – s390: workaround invalid gcc-11 out of bounds read warning
https://notcve.org/view.php?id=CVE-2023-52990
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: s390: workaround invalid gcc-11 out of bounds read warning GCC 11.1.0 and 11.2.0 generate a wrong warning when compiling the kernel e.g. with allmodconfig: arch/s390/kernel/setup.c: In function ‘setup_lowcore_dat_on’: ./include/linux/fortify-string.h:57:33: error: ‘__builtin_memcpy’ reading 128 bytes from a region of size 0 [-Werror=stringop-overread] ... arch/s390/kernel/setup.c:526:9: note: in expansion of macro ‘memcpy’ 526 | memcpy(abs_... • https://git.kernel.org/stable/c/1fc24f9da259b675c3cc74ad5aa92dac286543b3 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52989 – firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
https://notcve.org/view.php?id=CVE-2023-52989
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. The subsystem allows multiple user space listeners to the region, while data of the payload was likely released before the listeners execute read(2) to access to it for copying to user space. The... • https://git.kernel.org/stable/c/281e20323ab72180137824a298ee9e21e6f9acf6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52988 – ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
https://notcve.org/view.php?id=CVE-2023-52988
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a ne... • https://git.kernel.org/stable/c/30b4503378c976cf66201a1e81820519f6bd79ac •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52975 – scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52975
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #... • https://git.kernel.org/stable/c/17b738590b97fb3fc287289971d1519ff9b875a1 • CWE-416: Use After Free •