CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53302 – wifi: iwl4965: Add missing check for create_singlethread_workqueue()
https://notcve.org/view.php?id=CVE-2023-53302
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwl4965: Add missing check for create_singlethread_workqueue() Add the check for the return value of the create_singlethread_workqueue() in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/b481de9ca074528fe8c429604e2777db8b89806a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2023-53299 – md/raid10: fix leak of 'r10bio->remaining' for recovery
https://notcve.org/view.php?id=CVE-2023-53299
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio->remaining' for recovery raid10_sync_request() will add 'r10bio->remaining' for both rdev and replacement rdev. However, if the read io fails, recovery_request_write() returns without issuing the write io, in this case, end_sync_request() is only called once and 'remaining' is leaked, cause an io hang. Fix the problem by decreasing 'remaining' according to if 'bio' and 'repl_bio' is valid. • https://git.kernel.org/stable/c/24afd80d99f80a79d8824d2805114b8b067e9823 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53298 – nfc: fix memory leak of se_io context in nfc_genl_se_io
https://notcve.org/view.php?id=CVE-2023-53298
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and supposed to be eventually freed in se_io_cb callback function. However, there are several error paths where the bwi_timer is not charged to call se_io_cb later, and the cb_context is leaked. The patch proposes to free the cb_context explicitly on those error paths... • https://git.kernel.org/stable/c/5ce3f32b5264b337bfd13a780452a17705307725 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53297 – Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
https://notcve.org/view.php?id=CVE-2023-53297
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered. • https://git.kernel.org/stable/c/5f352a56f0e607e6ff539cbf12156bfd8af232be •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-53296 – sctp: check send stream number after wait_for_sndbuf
https://notcve.org/view.php?id=CVE-2023-53296
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after wait_for_sndbuf This patch fixes a corner case where the asoc out stream count may change after wait_for_sndbuf. When the main thread in the client starts a connection, if its out stream count is set to N while the in stream count in the server is set to N - 2, another thread in the client keeps sending the msgs with stream number N - 1, and waits for sndbuf before processing INIT_ACK. However, after pro... • https://git.kernel.org/stable/c/5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53295 – udf: Do not update file length for failed writes to inline files
https://notcve.org/view.php?id=CVE-2023-53295
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Do not update file length for failed writes to inline files When write to inline file fails (or happens only partly), we still updated length of inline data as if the whole write succeeded. Fix the update of length of inline data to happen only if the write succeeds. • https://git.kernel.org/stable/c/5621f7a8139053d0c3c47fb68ee9f602139eb40a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53294 – fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53294
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_for_inode fs/dca... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53293 – Bluetooth: btrtl: check for NULL in btrtl_set_quirks()
https://notcve.org/view.php?id=CVE-2023-53293
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_set_quirks() The btrtl_set_quirks() has accessed btrtl_dev->ic_info->lmp_subver since b8e482d02513. However, if installing a Realtek Bluetooth controller without the driver supported, it will hit the NULL point accessed. Add a check for NULL to avoid the Kernel Oops. • https://git.kernel.org/stable/c/ea160ece08668a30ce69f92cc08e87da54a64a9c •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2023-53292 – blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none
https://notcve.org/view.php?id=CVE-2023-53292
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch. Fix the NULL dereference on q->elevator by checking it with lock. • https://git.kernel.org/stable/c/3e977386521b71471e66ec2ba82efdfcc456adf2 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2023-53291 – rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
https://notcve.org/view.php?id=CVE-2023-53291
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale Running the 'kfree_rcu_test' test case [1] results in a splat [2]. The root cause is the kfree_scale_thread thread(s) continue running after unloading the rcuscale module. This commit fixes that isue by invoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing the rcuscale module. [1] modprobe rcuscale kfree_rcu_test=1 // After some time rmmod rcuscale rmmo... • https://git.kernel.org/stable/c/e6e78b004fa7e0ab455d46d27f218bf6ce178a18 •