CVE-2023-53496

CVE-2023-53496 – In the Linux kernel, the UV (socketnode lookup) code loops over CPUs to build socket tables; when nr_cpus is less than actual CPUs, cpu_to_node() data for unused CPUs is missing, leading to -1 entries and potential oops. The fix replaces the CPU-loop with a loop over APICIDs mapp...

CVE-2022-50541

CVE-2022-50541 affects the Linux kernel dmaengine: ti: k3-udma driver. The vulnerability arises from 32-bit UDMA_CHAN_RT real-time bytecount counters (BCNT_REG) overflowing when transferring more than 4GB, which corrupts completion status. The fix resets/decreases the per-transaction byte count a...

CVE-2022-50548

CVE-2022-50548 affects the Linux kernel (media: i2c: hi846) with a memory leak in hi846_parse_dt. The issue occurs when checks related to supported link frequencies fail, causing V4L2 fwnode resources not to be released, leading to a leak. The fix provided releases and frees the V4L2 fwnode data ...

CVE-2022-50554

CVE-2022-50554 affects the Linux kernel's blk-mq subsystem. The vulnerability arises from a race around IO request queuing, where an in-flight ->queue_rq() may be double-called due to an timeout occurring after blk_mq_start_request() but before completion, potentially causing a kernel panic. T...

CVE-2023-53148

In CVE-2023-53148, the Linux kernel igb driver had a task-hang vulnerability when a Thunderbolt hub is unplugged. The igb_down path could be invoked twice (via igb_io_error_detected and igb_remove), causing a hang at napi_synchronize and breaking Ethernet. The patch prevents the non-fatal PCIe er...

CVE-2023-53163

CVE-2023-53163 affects the Linux kernel NTFS-3 driver: a deadlock occurs when ntfs_truncate() calls truncate_setsize() while holding ni_lock, due to interaction with PG_locked set by filemap_update_page() -> filemap_read_folio() after folio_trylock(). This can cause a hung task (do_user_addr_f...

CVE-2023-53170

CVE-2023-53170 relates to the Linux kernel where the patch eliminates an unnecessary of_node_put in felix_parse_ports_node (net: dsa). The fix removes the of_node_put from the continue path to prevent the child node from being released twice, which could otherwise lead to resource leaks or other ...

CVE-2023-53182

Technical details about CVE-2023-53182 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2023-53201

CVE-2023-53201: In Linux kernel RDMA/bnxt_re, the producer index for the mailbox could wrap around incorrectly; when the 0x80000000 bit (bit 31) was set after long runtimes, the FW could enter initialization and hang. The fix is to wrap the mbox producer index at u16 max instead of allowing u32 w...

CVE-2023-53243

CVE-2023-53243 : In the Linux kernel’s btrfs code, the function btrfs_reduce_alloc_profile was not updated to include new allocation flags (DUP, RAID1C34); it can return multiple flags when blocks have mixed/unknown profiles, risking a WARN_ON and a remount-ro during new block allocations. The is...

CVE-2023-53297

CVE-2023-53297 — Linux kernel Bluetooth L2CAP vulnerability : The issue arises in the L2CAP disconnect response path where conn->chan_lock is not held before calling l2cap_get_chan_by_scid; if that function returns NULL, a “bad unlock balance” condition can be triggered, potentially impacting ...

CVE-2023-53312

CVE-2023-53312 : In the Linux kernel, a trace-event interaction with skb_transport_offset() in net_dev_start_xmit could lead to unsafe skb_transport_offset usage. The issue arises after a blamed commit and is fixed by the kernel remediation described in the initial document (commit references inc...

CVE-2023-53338

CVE-2023-53338 affects the Linux kernel’s LWT/BPF path. The vulnerability arises from BPF encap ops returning various positive values (e.g., NET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY) from skb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook these values were implicitly treated as LWTUNNEL_X...

CVE-2023-53344

In CVE-2023-53344, the Linux kernel patch addresses a KMSAN uninitialized-value issue in bcm_tx_setup triggered by uninitialized memory during aio_write handling after a memcpy_from_msg call. The vulnerability chain involves can/bcm code allocating an op frame and copying data, with a comparison ...

CVE-2023-53387

The CVE-2023-53387 issue affects the Linux kernel SCSI/UFS stack. In the UFS error handling flow, when a device management NOP OUT times out and doorbell clearing also fails, the dev_cmd.complete pointer is not NULL, causing __ufshcd_transfer_req_compl() to call complete() on a stack-allocated st...

CVE-2023-53398

The CVE-2023-53398 entry describes a Linux kernel vulnerability in the mlx5 driver where fifo pop operations did not validate indices, enabling a potential use-after-free when popping from an empty queue during resync. The root cause was out-of-order CQEs that could drain the FIFO, allowing a SKB...

CVE-2023-53455

CVE-2023-53455 concerns the Linux kernel DRM vc4 deadlock: vc4_hdmi_reset_link() returning -EDEADLK may deadlock in the locking context. The accepted fix is to drop held locks and back off using drm_modeset_backoff(), per the cited kernel DRM-KMS guidance. The vulnerability entry provides example...

CVE-2023-53484

CVE-2023-53484 affects the Linux kernel’s cpu_rmap logic. The vulnerability arises in the lib: cpu_rmap path where, if irq_set_affinity_notifier() is called with a NULL notify, the glue pointer in the corresponding rmap->obj array entry is freed but the pointer remains non-null. A subsequent f...

CVE-2023-53485

CVE-2023-53485 affects the Linux kernel JFS code path. The UBSAN out-of-bounds access in fs/jfs/jfs_dmap.c:1965 was triggered when dbAllocDmapLev accessed dp->tree.stree[leafidx + LEAFIND] with a negative leafidx. The patch adds a guard in dbAllocDmapLev to return an I/O error if leafidx is ne...

CVE-2023-53487

CVE-2023-53487 concerns the Linux kernel under POWERPC: the powerpc/rtas_flash path allowed a user to copy memory into flash_block_cache objects when hardened usercopy is enabled (CONFIG_HARDENED_USERCOPY=y). The flaw is triggered via the /proc/powerpc/rtas/firmware_update interface, causing a ke...

CVE-2023-53505

CVE-2023-53505 concerns the Linux kernel: a memory leak in the clk: tegra: tegra124-emc path where the tegra resources allocated in error paths were not freed, leading to leaks. The vulnerability is in the error handling path for freeing the tegra resources; the fix is described as resolving the ...

CVE-2023-53509

CVE-2023-53509 : In the Linux kernel qed_mcp_trace_dump() path, the code previously slept due to a 10µs-delayed loop in qed_mcp_cmd_and_union() which can spin up to 500k iterations, potentially blocking a thread for several seconds. The vulnerability description states that sleeping is permitted ...

CVE-2023-53511

The CVE-2023-53511 entry corresponds to a Linux kernel issue in the io_uring flow where fget() leaked when a filesystem (ocfs2) does not support nowait buffered reads. Root cause: during io_issue_sqe, the path io_assign_file → io_read → io_iter_do_read → ocfs2_file_read_iter can lead to a leak wh...

CVE-2023-53522

CVE-2023-53522 concerns the Linux kernel, specifically the cgroup/freezer path. The data show a circular locking dependency between cpu_hotplug_lock and freezer_mutex triggered by a rewrite of core freezer logic (commit f5d39b020809) that replaced atomic_inc() with static_branch_inc() in freezer_...

CVE-2023-53537

Summary: CVE-2023-53537 concerns a Linux kernel F2FS use-after-free involving a cached IPU bio. Root cause: after cp_error is set, f2fs_submit_merged_ipu_write() failed to validate the bio parameter in f2fs_write_single_data_page(), leading to submission of a random cached bio from another IO con...

CVE-2023-53538

CVE-2023-53538 affects the Linux kernel via a race in btrfs tree modification log rewind that can lead to a kernel NULL pointer dereference and potential crash. The issue arises during logical inode resolution as a tree mod log rewind processes a sequence of moves/removes/adds and may overwrite m...

CVE-2023-53539

The CVE-2023-53539 entry refers to a Linux kernel issue in RDMA/rxe (rxe_requester) where the state save/restore missed part of the wqe’s DMA state, causing corruption of DMA state on packet resend after an IP-drop. The fix corrects how the wqe and DMA struct state are saved/restored, enabling sa...

CVE-2023-53567

CVE-2023-53567 – Linux kernel : The issue affects the kernel SPI QUP driver. The root cause is returning early from a platform driver’s remove callback, which prevents releasing DMA resources in the error path, causing a permanent resource leak. The fix ensures proper cleanup by not skipping hard...

CVE-2023-53569

The CVE-2023-53569 entry refers to the Linux kernel ext2 filesystem check during mount, where the log of the block size stored in the superblock must be validated to prevent an overflow in the block size calculation. This vulnerability can cause undefined behavior if the block size value is not s...

CVE-2023-53570

CVE-2023-53570 is a Linux kernel local-privilege issue in the wireless stack. The vulnerability arises from nl80211_parse_mbssid_elems() using an unsigned 8-bit counter (num_elems) to track MBSSID elements, which can overflow when a userspace nl80211 attribute specifies 256 or more elements. This...

CVE-2023-53571

The CVE-2023-53571 entry concerns the Linux kernel DRM/I915: the fix changes intel_get_crtc_new_encoder() to fetch the dev pointer from the atomic state instead of relying on a potentially NULL encoder, avoiding a WARN that could lead to an oops when a connector for the CRTC isn’t found in the at...

CVE-2023-53575

In CVE-2023-53575, the Linux kernel wifi driver (iwlwifi, mvm) fixes a potential array out-of-bounds access by accounting for IWL_SEC_WEP_KEY_OFFSET when verifying key_len in iwl_mvm_sec_key_add(). The fix is implemented in the kernel code referenced in the stable commits: https://git.kernel.org/...

CVE-2023-53576

CVE-2023-53576 affects the Linux kernel’s null_blk driver. The patch ensures queue mode is always validated from configfs by checking queue_mode in null_validate_conf() and returning an error for NULL_Q_RQ to prevent a NULL I/O path OOPs when queue_mode is set to 1. Reproduction steps are provide...

CVE-2023-53580

CVE-2023-53580 : In the Linux kernel, a deadlock could occur when unbinding a UVC gadget driver because gadget_unbind_driver() holds udc->connect_lock while invoking the driver’s unbind(), while usb_gadget_deactivate() also tries to acquire that lock. The fix removes the mutex around the unbin...

CVE-2023-53583

CVE-2023-53583 concerns the Linux kernel RISC‑V PMU driver. The issue arises from the perf subsystem: after perf_event_overflow(), the RISC‑V PMU driver did not update PERF_HES_STOPPED, and the unthrottle path could trigger riscv_pmu_start(), emitting a WARN_ON_ONCE. The fixed change removes the ...

CVE-2023-53600

CVE-2023-53600 relates to the Linux kernel, where a KASAN slab-out-of-bounds condition could occur when the kernel emits an ICMP error in response to a nonlinear skb in tunnels (e.g., VXLAN PMTU path). The root cause is that ip_compute_csum() cannot handle nonlinear skbs, leading to a read of siz...

CVE-2023-53616

CVE-2023-53616 affects the Linux kernel’s JFS IMAP unmount path. The issue is a double-free during diUnmount in jfs_imap.c where JFS_IP(ipimap)->i_imap is freed but not nulled, risking a subsequent free if remounts fail at diMount. The root cause is i_imap not being set to NULL after free, pot...

CVE-2023-53620

The issue CVE-2023-53620 affects the Linux kernel md (mdadm) status_resync logic. status_resync() reads curr_resync and recovery_active concurrently, which can cause an overflow in the expression curr_resync - recovery_active and lead to an extremely long loop that results in a soft lockup. The f...

CVE-2023-53621

CVE-2023-53621: Linux kernel memcg/memcontrol bug could cause a NULL pointer dereference during eviction if the memcg retrieved by the stored id is not the original one. Impact is local, with a high base score (7.8) and local access required. The issue stems from eviction recency checks in mem_cg...

CVE-2023-53656

The CVE-2023-53656 issue affects the Linux kernel perf path (drivers/perf: hisi) where a migration of the perf context to the CPU going to teardown can occur because cpu_online_mask() has not yet updated during cpuhp teardown. The result is a call trace (example: __switch_to, __schedule, mutex_lo...

CVE-2023-53685

The CVE-2023-53685 issue affects the Linux kernel tun driver when a TUN device is configured with IFF_TUN, IFF_NAPI, and IFF_MULTI_QUEUE and the queue is detached while a write happens. A memory leak can occur by enqueuing skbs into tfile->sk_write_queue after the queue is detached, due to a r...

CVE-2025-38667

CVE-2025-38667 relates to the Linux kernel iio path, where a potential out-of-bounds write occurred when writing to a 20-character buffer. The fix adds a size check to ensure input fits the buffer and appends a zero terminator after copying the data, preventing OoB access. Impact is described as ...

CVE-2025-39769

The CVE refers to a Linux kernel issue in the bnxt_en driver where a lockdep warning could trigger during rmmod (bnxt_remove_one) due to an assertion on the netdev lock. The fix adds netdev_assert_locked_or_invisible() in bnxt_free_ntp_fltrs() so the assertion does not fire if the netdev is alrea...

CVE-2025-39786

The CVE-2025-39786 issue affects the Linux kernel IIO ADC driver for ad7173. The root cause is an index mismatch when accessing the syscalib_mode channel: the address field is 0-based (same as scan_index) used to locate entries in ad7173_channels, while the channels field may not match the addres...

CVE-2025-39802

CVE-2025-39802 affects the Linux kernel’s poly1305 implementation (lib/crypto: arm/poly1305). The root cause is register corruption when SIMD is unusable; the patch restores a cheap SIMD usability check (may_use_simd) that was removed by a prior commit and ensures poly1305 code behaves safely rat...

CVE-2025-39803

CVE-2025-39803 affects the Linux kernel in the SCSI/UFShCD UFS path. The vulnerability arises from a warning path in the UIC command completion: when the UIC completion interrupt is re-enabled mid-processing, an interrupt could trigger and hit WARN_ON_ONCE(!cmd). The fix is a patch that removes t...

CVE-2025-39814

In CVE-2025-39814, the Linux kernel ice driver contains a NULL pointer dereference when resetting a device without RDMA support. Specifically, ice_unplug_aux_dev() dereferences pf->cdev_info->adev, and pf->cdev_info may be NULL, leading to a crash during reset described in the trace. A f...

CVE-2025-39837

The CVE-2025-39837 entry concerns the Linux kernel, specifically the platform/x86 asus-wmi subsystem. The issue stems from racey driver registrations where asus_wmi_register_driver() could be invoked concurrently by multiple drivers, causing unsafe list operations and potential memory corruption ...

CVE-2025-39874

CVE-2025-39874 - Linux kernel macsec feature synchronization race : The issue occurs in macsec feature updates where lower (real) and upper device feature states can become out of sync during ETHTOOL_SFEATURES handling, potentially causing a lock in the lower device while updating features. The r...

CVE-2025-39897

The CVE-2025-39897 issue affects the Linux kernel net: xilinx: axienet driver. It arises when retrieving the RX metadata pointer via dmaengine_desc_get_metadata_ptr(), which can return an error pointer. The vulnerability is mitigated by adding proper error checking, unmapping the DMA buffer, free...