CVE-2023-53251

The CVE-2023-53251 issue affects the Linux kernel (wicwifi/iwlwifi PCIe path) where a NULL pointer dereference could occur in iwl_pcie_irq_rx_msix_handler due to rxq becoming NULL when trans_pcie->rxq is NULL and entry->entry is zero; the patch adds a proper check for trans_pcie->rxq. Re...

CVE-2023-53252

The CVE-2023-53252 entry applies to the Linux kernel Bluetooth stack. The vulnerability arises in hci_update_accept_list_sync where hci_conn_params/hci_sync lists are iterated while the lists can be modified (e.g., by le_scan_cleanup) without holding the device lock, risking an invalid list curso...

CVE-2023-53267

The CVE-2023-53267 issue affects the Linux kernel driver for Xilinx SoC where memory allocated for cb_data in xlnx_add_cb_for_notify_event() could leak if kfree() is not invoked on allocation failure. The connected documents confirm a fix was applied to ensure kfree() is called to prevent leaks. ...

CVE-2023-53269

CVE-2023-53269 is a Linux kernel vulnerability affecting the block layer in the ublk path. The issue centers on ensuring the block size is set correctly; an incorrect size could cause a kernel panic. The documented fix enforces proper block size handling and, when ublk_validate_params() fails, cl...

CVE-2023-53276

In CVE-2023-53276, the Linux kernel ubifs code leaks memory: fscrypt_setup_filename allocates memory for the tmpfile name, but this memory is not freed after the name is copied into the directory entry inode (ubifs_tmpfile → vfs_tmpfile → path_openat). The kmemleak report shows an unreferenced ob...

CVE-2023-53281

Technical details for CVE-2023-53281 (affected product, root cause, impact, or mitigation) are not provided in the connected documents. Monitor for updates from vendors or advisories.

CVE-2023-53289

The CVE-2023-53289 issue affects the Linux kernel, specifically the media/bdisp component. The root cause is a missing check for the return value of create_workqueue, which could lead to a NULL pointer dereference. The publicly available connected documents confirm a fix that adds the necessary c...

CVE-2023-53295

CVE-2023-53295 affects the Linux kernel, specifically the UDF module. The issue occurs when writing to inline files fails (or is only partially successful); the kernel wrongly updates the file length as if the entire write had succeeded. Root cause: updating length of inline data on failed writes...

CVE-2023-53309

CVE-2023-53309 affects the Linux kernel’s drm/radeon path. The vulnerability stems from an overflow in radeon_cs_parser_init: the size field is unsigned, and if size equals 0x40000000, the calculation size *= sizeof(uint32_t) overflows, causing size to wrap to zero and leading to use of uninitial...

CVE-2023-53310

CVE-2023-53310 concerns the Linux kernel power: supply: axp288_fuel_gauge code. The root cause is a race where external_power_changed can run after info->bat is not yet set during axp288_fuel_gauge_probe(), leading to a NULL dereference. The fix is to stop dereferencing info->bat and instea...

CVE-2023-53318

CVE-2023-53318 affects the Linux kernel and is associated with memory leaks in the recordmcount flow, specifically in the uwrite function. The vulnerability’s impact is listed as local access with medium base severity (CVSSv3.1: AV Local, AC Low, PR Low, UI None, S Unchanged, C None, I None, A Hi...

CVE-2023-53324

CVE-2023-53324 affects the Linux kernel DRM MSM MDP5: it fixes a leak of plane_state state (plane_state->commit refcount) that could degrade availability. The root cause was plane_state reference counting; the patch uses the correct helpers to prevent leakage. Affected component: drm/msm/mdp5....

CVE-2023-53328

Technical details for CVE-2023-53328 are not present in the provided documents. Public details, affected products, and fixes are not disclosed here. Monitor for updates from SUSE/NVD and related advisories.

CVE-2023-53350

Technical details beyond the summary are not provided in the supplied documents. Monitor for updated advisories or vendor advisories for affected products, versions, and mitigation.

CVE-2023-53358

CVE-2023-53358 relates to the Linux kernel’s ksmbd component, where a race condition during concurrent smb2 tree disconnect led to a use-after-free (UAF). The issue is addressed by a patch that adds TREE_CONN_EXPIRE flags for tcon to prevent concurrent access. The connected documents confirm the ...

CVE-2023-53452

Observation: CVE-2023-53452 concerns a race condition in the Linux kernel affecting the wifi driver path for rtW89. When a netdev is registered but NAPI isn’t initialized yet, a race can occur if user space opens the netdev and enables NAPI, causing a kernel BUG at net/core/dev.c:6423 and an inva...

CVE-2023-53467

CVE-2023-53467 (Linux kernel) affects the wifi driver rtwr89: a leak in rtW89_append_probe_req_ie() was fixed by ensuring kfree_skb(new) is called before goto out. The issue is a potential skb leak in that path; the documented patch closes the leak in the affected code path. The connected documen...

CVE-2023-53473

The CVE-2023-53473 entry concerns Linux kernel ext4_dirhash() and its error handling when the hash tree feature is used with encrypted/casefolded file names. The vulnerability arises because ext4_dirhash() can fail and callers must propagate the error back up. Public documents provided do not inc...

CVE-2023-53486

CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...

CVE-2023-53496

CVE-2023-53496 – In the Linux kernel, the UV (socketnode lookup) code loops over CPUs to build socket tables; when nr_cpus is less than actual CPUs, cpu_to_node() data for unused CPUs is missing, leading to -1 entries and potential oops. The fix replaces the CPU-loop with a loop over APICIDs mapp...

CVE-2023-53497

Mode C: The CVE-2023-53497 issue affects the Linux kernel’s vsp1 driver where vb2_is_streaming() is checked in .buf_queue(); a change (commit a10b21532574) to set the vb2_queue .streaming flag in vb2_core_streamon() before enqueuing buffers caused the driver to believe .start_streaming() had been...

CVE-2023-53510

CVE-2023-53510 : Linux kernel SCSI UFS core vulnerability. The issue is that ufshcd_queuecommand() could be invoked twice for a SCSI command before completion, caused by improper handling of lrbp->cmd in command submission paths. The fix, per the description, disables checking/clearing of the ...

CVE-2023-53515

CVE-2023-53515 affects the Linux kernel virtio-mmio subsystem. The issue stems from allocating vm_dev with devres, which breaks the vm_dev lifecycle tied to a struct device; when the platform_device is removed, the memory is freed before vm_dev release, causing a use-after-free when the release c...

CVE-2023-53519

CVE-2023-53519 affects the Linux kernel media/v4l2-mem2mem path. The issue is a data race in v4l2_m2m_buf_queue when reading the parameter num_rdy, mitigated by introducing a lock to protect that parameter (as described in the OSV and SUSE advisories). Affected component: media: v4l2-mem2mem. Roo...

CVE-2023-53523

Technical details for CVE-2023-53523 are not publicly provided in the connected documents; no specific affected products, versions, risks, or fixes are listed beyond the initial description. Monitor for updates.

CVE-2023-53524

CVE-2023-53524 involves an integer overflow in the Linux kernel’s iwl_write_to_user_buf() used by iwl_dbgfs_monitor_data_read() in iwlwifi PCIe. The bug computes buf_size_left from count and *bytes_copied, then reduces it and may pass a negative value to copy_to_user, causing a heap overflow. It ...

CVE-2023-53527

CVE-2023-53527: In the Linux kernel Thunderbolt code, tb_handle_dp_bandwidth_request() leaks memory allocated in tb_queue_dp_bandwidth_request() if not freed after the request, with a fix that ensures memory is released. References point to kernel commits 596a5123cc... and 0752bb32ae... (no explo...

CVE-2023-53529

CVE-2023-53529 : In the Linux kernel, the wifi driver stack (rtw88) had a memory leak in the USB probe path (rtw_usb_probe) that can leak memory via a kmemleak-detected allocation during USB device init. The leak is tied to a 512-byte allocation in the usb probe routine and was verified as real w...

CVE-2023-53543

Technical details for CVE-2023-53543 are not publicly provided in the supplied documents; monitor SUSE/kernel advisories for updates.

CVE-2023-53555

CVE-2023-53555 relates to the Linux kernel (Damon/DAMON subsystem). The issue: in damos_new_filter(), the newly allocated filter object’s list field was not initialized, and the sysfs DAMON interface and DAMON_RECLAIM path did not reinitialize it after calling damos_new_filter(). This allowed acc...

CVE-2023-53559

CVE-2023-53559 affects the Linux kernel ip_vti path when an ip_vti device is using the sfb qdisc. The cb field of the skb may be modified during enqueuing, causing slab-use-after-free on IPv6 packet transmission. The root cause is that IP6CB(skb)->nhoff is not set during transmit, as described...

CVE-2023-53564

CVE-2023-53564 affects the OCFS2 defragmentation code in the Linux kernel. The vulnerability arises when ocfs2_move_extents and __ocfs2_move_extent incorrectly invoke journal access/dirty pairs (via ocfs2_journal_access_di and ocfs2_journal_dirty) during defragmentation, allowing a crash caused b...

CVE-2023-53573

CVE-2023-53573 affects the Linux kernel (clk: rs9) and was resolved by enabling the flat cache again during suspend/resume. The issue occurred when disabling the cache in the commit for clk: rs9: Fix I2C accessors without removing cache synchronization in the resume path, causing a kernel panic b...

CVE-2023-53588

CVE-2023-53588: In the Linux kernel, the wifi/mac80211 code fix ensures we verify station presence before checking the channel context during client probes, preventing the warning when the AP isn’t started yet. The issue was resolved in the kernel, with a Local attack vector, Low privileges requi...

CVE-2023-53591

CVE-2023-53591 affects the Linux kernel’s mlx5e offload path. The issue is a deadlock in the tc route query code when peer flows are created while holding the devcom rw semaphore. The patch refactors the code for lockless execution by making the devcom data pointer RCU-friendly, wrapping the pair...

CVE-2023-53597

CVE-2023-53597 affects the Linux kernel CIFS code: after STATUS_IO_TIMEOUTs exceed NUM_STATUS_IO_TIMEOUT, reconnection could leak mids and corrupt server->in_flight; the patch relocates the MID-return/credit handling to after decrypting the response (including transform-header paths), and expa...

CVE-2023-53624

The CVE-2023-53624 issue affects the Linux kernel’s net/sched implementation, specifically sch_fq. It arises when the initial quantum (configured for sch_fq) exceeds INT_MAX, causing the first assignment to the credit field to overflow to a very negative value. This can trigger a CPU soft-lockup ...

CVE-2023-53625

CVE-2023-53625 : In the Linux kernel, the vgpu debugfs cleanup path for drm/i915/gvt could dereference a null or destroyed debugfs root while destroying a virtual GPU, causing a kernel NULL pointer dereference and an oops. The issue occurs in remove paths where the drm minor’s debugfs root may al...

CVE-2023-53626

CVE-2023-53626 : In the Linux kernel, the vulnerability is in the ext4 code and is caused by a possible double unlock when moving a directory. Affected component is ext4 within the kernel, with fixes committed in the upstream kernel (see references to stable kernel patches). The EulerOS/OSS advis...

CVE-2023-53627

CVE-2023-53627 affects the Linux kernel SCSI HISI SAS path. Root cause: concurrency on sas_dev.list during slot completion/deregistration can trigger a NULL pointer dereference. The fix is to grab the sas_dev lock when traversing sas_dev.list in dereg_device_v3_hw() and in hisi_sas_release_tasks(...

CVE-2023-53642

The CVE-2023-53642 entry relates to the Linux kernel (x86) where the clear_user_rep_good() exception handling annotation was fixed. The issue stemmed from an incorrect exception-table annotation that pointed to the wrong instruction, which could turn a user-space fault into a kernel oops rather t...

CVE-2023-53648

The CVE CVE-2023-53648 fixes a NULL pointer dereference in ALSA: ac97 in snd_ac97_mixer() within the Linux kernel. The issue occurred because rac97 could be NULL; the patch removes a redundant assignment and returns an error if rac97 is NULL. The documented impact is a local denial of service due...

CVE-2023-53662

CVE-2023-53662 affects the Linux kernel ext4 filesystem. The issue is a memory leak in ext4_fname_setup_filename() and ext4_fname_prepare_lookup() when filename casefolding fails, leaking fscrypt_name.name. The patch adds freeing of the allocated memory in the error paths of both functions. Affec...

CVE-2023-53680

CVE-2023-53680 affects the Linux kernel NFSD component: nfsd4_decode_compound may call OPDESC() with opnum == OP_ILLEGAL (10044), leading to out-of-bounds access in nfsd4_ops[]. The vulnerability has been resolved by a kernel fix (commits referenced in the advisory). Connected advisories from Eul...

CVE-2025-38017

CVE-2025-38017 affects the Linux kernel, specifically the fs/eventpoll path used by epoll_pwait2. After the fix in the commit described as setting epoll timeout when in the future, a non-zero timeout (e.g., 1 ns) could cause an endless busy loop if the timeout expires before ep_poll() is entered,...

CVE-2025-38661

In the Linux kernel (platform/x86), CVE-2025-38661 is resolved by fixing the alienware-wmi-wmax path: the dmi_system_id array was corrected by adding a missing empty member to awcc_dmi_table. The vulnerability arises from this array misconfiguration, and the CVSSv3.1 vector indicates a LOCAL, LOW...

CVE-2025-38690

The CVE-2025-38690 entry applies to the Linux kernel code path drm/xe/migrate. The vulnerability concerns incorrect handling of alignment for a bounce buffer when buf+offset is not aligned to XE_CACHELINE_BYTES, which could lead to recursive retries and a stack/recursion risk. The root cause desc...

CVE-2025-39690

The CVE-2025-39690 issue affects the Linux kernel: iio: accel: sca3300, where uninitialized iio scan data could leak via the channels array. The root cause is that the channels array was not zeroed before use, potentially exposing stack data to userspace. A fix was applied in the Linux kernel (公开...

CVE-2025-39696

CVE-2025-39696 affects the Linux kernel ALSA HDA path for tas2781. The root cause was a wrong reference assignment during calibration data management: tasdevice_priv was set to h->hda_priv instead of h->priv, causing memory corruption and crashes due to a void pointer. The issue is resolved...

CVE-2025-39741

The CVE-2025-39741 issue affects the Linux kernel DRM Xe migrator (drm/xe/migrate) where copying with non-page-aligned data could overflow the max copy size since the calculated copy dimensions could exceed the S16_MAX limit. The root cause is not fully described in the Initial document alone, bu...