CVE-2022-50545

CVE-2022-50545 concerns the Linux kernel where kmemleak reported leaks during the r6040 driver probe/remove flow. The root cause was a phy_device not being disconnected when removing an r6040 device or during error handling after a successful r6040_mii_probe, causing reference counts to stay elev...

CVE-2022-50552

CVE-2022-50552 : In the Linux kernel, the blk-mq path had a race where hctx->run_work could race with the elevator switch during reinitialization of hardware queues, potentially leading to use-after-free and kernel panics. The fix switches to a quiesced elevator switch and makes the previous e...

CVE-2023-53147

The CVE-2023-53147 entry maps to a Linux kernel vulnerability in the IPsec XFRM subsystem: a NULL pointer dereference via xfrm_new_ae that could crash the kernel. The root cause is a missing NULL check when updating AE parameters; xfrm_update_ae_params could dereference a NULL x->replay_esn/x-...

CVE-2023-53164

CVE-2023-53164 concerns a Linux kernel issue in the TI-SCI IRQ domain handling. The vulnerability arises from a refcount leak in ti_sci_intr_irq_domain_probe: of_irq_find_parent() returns a node pointer with an incremented refcount, and a missing of_node_put() could prevent proper release. The pr...

CVE-2023-53174

CVE-2023-53174 is a Linux kernel local vulnerability affecting the SCSI core: memory leak on the error path from device_add() when allocation of the device name fails. The root cause is that the name allocated by dev_set_name() is not freed and reference counting is mishandled; the fix adds a put...

CVE-2023-53189

CVE-2023-53189: Linux kernel IPv6 addrconf component had a potential refcount underflow for idev due to a race in rs_timer handling. The issue arises when rs_timer is activated while pending status changes, potentially causing addrconf_rs_timer() to run without the idev reference. The fix is in a...

CVE-2023-53192

The CVE-2023-53192 issue is a Linux kernel bug in vxlan nexthop hashing. The nexthop code expected a 31-bit hash, but skb_get_hash() can return a 32-bit value which becomes negative in a signed int. This can trigger incorrect nexthop selection (nexthop_select_path_hthr) or out-of-bounds access in...

CVE-2023-53205

CVE-2023-53205 affects the Linux kernel KVM on s390, specifically the diag 9c handler where a race exists around the target CPU value (-1). The fix stores the physical target CPU in a local variable to prevent out-of-bounds accesses to CPU arrays. The CVE’s risk is described as high (CVSS v3.1: A...

CVE-2023-53215

CVE-2023-53215 affects the Linux kernel sched/fair component. The issue occurs when the load balancer tries to migrate a task that is migration-disabled to its current CPU, triggering a warning in set_task_cpu() during balance. The root cause is how the new_dst_cpu is selected from env->dst_gr...

CVE-2023-53236

The CVE-2023-53236 entry pertains to the Linux kernel (iommufd) and is described as resolved. The root cause is improper ordering when batch carrying PFNs (batch->end == 0, setting npfns[0] before updating pfns leads to incorrect PFN adjustments). This can cause various page meta-data corrupti...

CVE-2023-53238

In MODE C: The CVE-2023-53238 issue affects the Linux kernel’s Hisilicon Inno PHY code. The flaw is an out-of-bounds write in the probe path: priv->ports[] has size INNO_PHY_PORT_NUM, but the loop uses i with a comparison that allows i == INNO_PHY_PORT_NUM; this requires the check to be i >...

CVE-2023-53252

The CVE-2023-53252 entry applies to the Linux kernel Bluetooth stack. The vulnerability arises in hci_update_accept_list_sync where hci_conn_params/hci_sync lists are iterated while the lists can be modified (e.g., by le_scan_cleanup) without holding the device lock, risking an invalid list curso...

CVE-2023-53260

Technical details for CVE-2023-53260 are not publicly available in the provided documents; monitor for updates.

CVE-2023-53265

CVE-2023-53265 : In the Linux kernel, the ubi code fixes a slab out-of-bounds condition by ensuring that the VID header offset plus VID header size does not exceed the allocation. The advisory indicates a KASAN slab-OOB read in crc32 paths during VID header handling, with the fix preventing write...

CVE-2023-53268

The CVE-2023-53268 entry concerns the Linux kernel ASoC: fsl_mqs component. A use-after-success reference leak occurred due to of_node_put() not being invoked at the correct point after mqs_priv->regmap = syscon_node_to_regmap(gpr_np). The fix moves of_node_put() to the proper location and con...

CVE-2023-53272

CVE-2023-53272 relates to the Linux kernel ENA driver (net: ena) where a UBSAN shift-out-of-bounds in the exponential backoff was observed during device reset. The issue stems from exponent calculations that could overflow 32-bit types, causing UBSAN panics when backoff delays grow large. The adv...

CVE-2023-53282

CVE-2023-53282 concerns the Linux kernel, specifically the lpfc SCSI driver path used during a sysfs firmware write. The issue is a use-after-free KFENCE violation in lpfc_wr_object() where a pointer referencing mailbox memory is recycled before the memory is no longer in use, causing a potential...

CVE-2023-53284

The CVE-2023-53284 issue occurs in the Linux kernel DRM MSM DPU code path: if devm_kzalloc() fails during dpu_writeback_init(), dpu_wb_conn may become NULL and trigger a null pointer dereference later. The connected Astra Linux and SUSE advisories reproduce the same description and confirm the un...

CVE-2023-53305

The CVE-2023-53305 entry refers to a Linux kernel vulnerability in Bluetooth L2CAP that fixes a use-after-free condition in l2cap_le_command_rej. The issue is described as a use-after-free (UAF) in Bluetooth code, leading to potential impact with a CVSSv3.1 score of 7.8 (HIGH) and a LOCAL attack ...

CVE-2023-53306

CVE-2023-53306 involves the Linux kernel fsdax path used by XFS for CoW on non-shared extents. The issue arises when a previous non-shared extent is mwrited and its dax entry is left dirty, which produced a WARN at dax_insert_entry. The connected documents consistently describe this as a resolved...

CVE-2023-53316

Technical details about CVE-2023-53316 are not publicly available in the provided documents. Monitor for updates.

CVE-2023-53329

The CVE-2023-53329 entry concerns a data race in the Linux kernel workqueue code (pwq->stats[] increment) reported by KCSAN. The vulnerability involves concurrent writes/reads to pwq->stats entries inside process_one_work, traced to kernel/workqueue.c:2598–2606, and is mitigated by moving t...

CVE-2023-53336

The CVE-2023-53336 vulnerability in the Linux kernel affects the media: ipu-bridge code. It causes a NULL pointer dereference in ipu_bridge_parse_rotation() or ipu_bridge_parse_orientation() when sensor->adev is not yet set, triggered by dev_warn() warnings about unknown values. The root cause...

CVE-2023-53337

The CVE concerns the Linux kernel nilfs2 subsystem. After metadata corruption is detected, nilfs2 may degenerate to read-only mode and still perform log writes, causing mark_buffer_dirty() to be invoked on buffer heads lacking the uptodate flag. The vulnerability arises from writes to a read‑only...

CVE-2023-53339

CVE-2023-53339 : In the Linux kernel’s Btrfs code, a race between pausing and balancing can cause a BUG_ON panic in btrfs_cancel_balance due to an unaccounted race. The race has no other side effects, and a fix has been applied in the upstream patch set. The vulnerability affects local attackers ...

CVE-2023-53346

The CVE-2023-53346 entry concerns a memory-leak in the Linux kernel’s kernel/fail_function logic. The issue occurs when using debugfs_lookup(): the returned object must be released with dput(), otherwise memory leaks accrue over time. The associated advisories indicate a straightforward remediati...

CVE-2023-53386

The CVE-2023-53386 entry corresponds to a Linux kernel Bluetooth vulnerability: a potential use-after-free when clear keys could lead to accessing k after kfree_rcu(). The description notes this is resolved in the Linux kernel with fixes similar to earlier use-after-free fixes (e.g., in hci_remov...

CVE-2023-53388

Summary of CVE-2023-53388 : In the Linux kernel, the DRM/Mediatek driver had a dangling pointer in the error path of the bind sequence. When mtk_drm_bind() fails, the code previously called drm_dev_put() to destroy the drm_device, but a private object still held a pointer to that device. If a sus...

CVE-2023-53403

CVE-2023-53403: Linux kernel vulnerability in time/debug causing potential memory leak when using debugfs_lookup(). The issue arises because the result of debugfs_lookup() must be dput()-ed; if not, memory leaks occur over time. The documented mitigation is to replace the call with debugfs_lookup...

CVE-2023-53434

In the Linux kernel, CVE-2023-53434 concerns remoteproc: imx_dsp_rproc. The fix adds a custom memory copy implementation (and memset) for the i.MX DSP cores because the HiFi DSP IRAM requires 32‑bit writes; violating this can trigger a Kernel panic. The vulnerability is mitigated by the patched m...

CVE-2023-53449

CVE-2023-53449 affects the Linux kernel in the s390/dasd area. The root cause was a potential memory leak in dasd_eckd_init() where dasd_reserve_req was allocated before dasd_vol_info_req and could not be freed on error. The fix ensures dasd_reserve_req is freed before error returns, matching the...

CVE-2023-53462

CVE-2023-53462 affects the Linux kernel with the HSR driver. The issue was an uninitialized value access in fill_frame_info() that could occur during VLAN handling. The provided fix states that VLAN (ETH_P_8021Q) is not yet supported by the hsr driver and instructs returning an error from fill_fr...

CVE-2023-53492

The CVE-2023-53492 entry describes a Linux kernel nf_tables issue: when adding a rule that refers to a chain by ID, Genmask was ignored if the chain had been deleted in the same batch, causing the rule to reference a deleted chain and trigger a warning. The root cause is nf_tables_lookup_byid ign...

CVE-2023-53514

CVE-2023-53514 concerns the Linux kernel gpu: host1x memory leak of device names. Root cause: device names allocated by dev_set_name() were not freed because the kobject refcount set in device_initialize() wasn’t decreased to 0; cleanup relied on put_device() and device_del() semantics, but freei...

CVE-2023-53530

CVE-2023-53530 details a Linux kernel issue in the qla2xxx SCSI driver: code path using smp_processor_id() in preemptible work leads to a bug trace. The patch replaces smp_processor_id() with raw_smp_processor_id() and updates driver scheduling to queue_work() (instead of queue_work_on()) to avoi...

CVE-2023-53535

CVE-2023-53535 is a Linux kernel issue in the bcmgenet driver. It patches a vulnerability where some hardware could deliver packets larger than the 2 KiB SKB buffer, introducing a risk of skb_over_panic. The fix adds an early length check to drop oversized packets and proceed with the next frame,...

CVE-2023-53548

CVE-2023-53548 affects the Linux kernel USB networking stack, specifically the usbnet driver. The issue arises when usbnet trusts the bulk endpoint addresses reported by the probe routine in the driver_info structure and does not verify that the endpoints exist and have the correct type/direction...

CVE-2023-53581

CVE-2023-53581 affects the Linux kernel mlx5 core (net/mlx5e). The issue is a race: NOT_READY flag is checked before acquiring the necessary lock, allowing a flow to be concurrently removed from unready_flows by a workqueue, which can cause a double removal and a crash (as shown by the crash trac...

CVE-2023-53585

CVE-2023-53585 : In the Linux kernel, a bug in bpf_sk_assign could leak a refcount when a newly created unhashed UDP socket is bound after being added to a sockmap. The issue arises because bpf_sk_assign may be invoked in an RCU-critical section before the sk’s final state (SOCK_RCU_FREE) is appl...

CVE-2023-53607

CVE-2023-53607 involves the Linux kernel ALSA ymfpci driver. The bug is caused by snd_ymfpci_probe using snd_BUG_ON() with snd_dma_buffer.bytes that were not accounting for the aligned size, leading to a faulty check and a kernel warning in snd_ymfpci_create. The issue manifests as a local, low-p...

CVE-2023-53608

CVE-2023-53608 affects the Linux kernel nilfs2 subsystem. The issue is a potential use-after-free in nilfs_segctor_thread() where finalization can race with nilfs_segctor_kill_thread() terminating the thread, possibly freeing the nilfs_sc_info structure before the notification occurs. The race ha...

CVE-2023-53611

CVE-2023-53611 : In the Linux kernel’s ipmi_si driver, a memleak could occur in try_smi_init() when an error happens before shutdown_smi() is registered, causing a previously allocated si_sm to be leaked. The leak was detected by kmemleak (example shows an unreferenced object in try_smi_init). Th...

CVE-2023-53637

CVE-2023-53637 affects the Linux kernel ov772x I2C driver. The root cause is in ov772x_probe: when priv->hdl.error is set, the code jumps to error_mutex_destroy without calling v4l2_ctrl_handler_free(), leaking resources allocated by v4l2_ctrl_handler_init() and v4l2_ctrl_new_std(). The memlea...

CVE-2023-53647

The CVE-2023-53647 issue in the Linux kernel arises from an ACPI namespace traversal in the Hyper-V VMBus driver (hv_vmbus). If Hyper-V MMIO ranges cannot be found, the code may dereference the ACPI namespace root object (which has an all-ones handle), causing a NULL pointer dereference and an oo...

CVE-2023-53665

CVE-2023-53665 : Linux kernel vulnerability in md/mdadm handling where after export_rdev(), mddev may be dereferenced via rdev->kobject; if the last rdev is freed, mddev might be invalid. This is caused by mddev->kobject being referenced by rdev->kobject and using mddev after export_rdev...

CVE-2023-53667

CVE-2023-53667 affects the Linux kernel net/cdc_ncm path. The vulnerability arises when dwNtbOutMaxSize is lower than the calculated minimum but greater than zero, causing skb allocation in cdc_ncm_fill_tx_frame() to run out of space and potentially panic due to skb bounds checks. The patch/clamp...

CVE-2023-53672

CVE-2023-53672 affects the Linux kernel's btrfs code. When inserting a new inline backref, a WARN_ON() can trigger if the inline backref cannot be found, which is only possible in insert scenarios. The fix enhances debugging by dumping all parameters and the extent tree leaf after the WARN_ON(). ...

CVE-2023-53674

Technical details about CVE-2023-53674 are not provided in the supplied documents. The initial description mentions a Linux kernel clock notifier devm resource leak fix, but no vendor/version specifics are included here. Monitor for updates.

CVE-2023-53676

The CVE-2023-53676 vulnerability affects the Linux kernel’s iSCSI target (lio_target_nacl_info_show) where printf-style buffer handling in a loop could overflow a configfs buffer. Root cause: sprintf() used without bounds checking for each iSCSI connection, enabling memory corruption with many co...

CVE-2023-53679

CVE-2023-53679 pertains to the Linux kernel Bluetooth/WiFi stack, specifically the mt7601u driver in the wifi subsystem. The issue is an integer underflow in the URB handling path that can allow a null pointer dereference when processing RX segments. The root cause is a manipulated dma_len in the...