CVE-2023-53509

CVE-2023-53509 : In the Linux kernel qed_mcp_trace_dump() path, the code previously slept due to a 10µs-delayed loop in qed_mcp_cmd_and_union() which can spin up to 500k iterations, potentially blocking a thread for several seconds. The vulnerability description states that sleeping is permitted ...

CVE-2023-53495

The CVE-2023-53495 issue in the Linux kernel concerns the mvpp2 ethernet driver (mvpp2_main). A fix was implemented to prevent an OOB write in mvpp2_ethtool_get_rxnfc() by validating rule_cnt before iterating over rules allocated in ethtool_get_rxnfc(). The underlying problem was that the rules b...

CVE-2023-53518

CVE-2023-53518 affects the Linux kernel: a leak in PM / devfreq handling due to an unreleased resources path. Specifically, srcu_init_notifier_head() allocates resources that must be released with srcu_cleanup_notifier_head(), and the devfreq subsystem leak was reported by kmemleak. The available...

CVE-2023-53521

CVE-2023-53521 affects the Linux kernel as reported by EulerOS advisories: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove(). The bug occurs when edev->components is zero, causing reads from edev->component[0] to access invalid memory, resulting in a slab-out-of-bounds condition (read ...

CVE-2023-53526

CVE-2023-53526 (Linux kernel) fixes a jbd2 checkpoint removal race in ext4 by adding a check for jh->b_transaction before removing a journal handle from the checkpoint list. The issue could cause corruption of an ext4 image during power loss if trans2 commits before trans1; in particular, __jb...

CVE-2023-53528

CVE-2023-53528 affects the Linux kernel RDMA/rxe subsystem. The vulnerability arises from an unsafe drain-work-queue path in qp cleanup when create_qp does not fully complete; cleanup could attempt to drain send/recv queues before the queues exist, leading to a segfault. The fixed patch adds a gu...

CVE-2023-53538

CVE-2023-53538 affects the Linux kernel via a race in btrfs tree modification log rewind that can lead to a kernel NULL pointer dereference and potential crash. The issue arises during logical inode resolution as a tree mod log rewind processes a sequence of moves/removes/adds and may overwrite m...

CVE-2023-53545

Summary: CVE-2023-53545 is a Linux kernel AMDGPU VM management issue. The root cause was improper handling of VM bo_va unmapping/removal: the Root PD BO was not reserved before unmapping/removing a bo_va from the VM, which could trigger a lockdep warning. The patch adds a guard by ensuring fpriv-...

CVE-2023-53554

CVE-2023-53554 affects the Linux kernel staging/ ks7010 driver: ks_wlan_set_encode_ext() uses exc->key_len (u16) from user, and if it exceeds IW_ENCODING_TOKEN_MAX (64) this can cause memory corruption. The connected advisories (SUSE/OpenVAS/Nessus blocks) confirm kernel remediation but do not...

CVE-2023-53556

CVE-2023-53556 is a Linux kernel use-after-free in the iavf driver (free_netdev) when removing virtual functions during SR-IOV handling. The connected Nessus/SUSE advisories enumerate this CVE among a large set of kernel issues and indicate the vulnerability is addressed by kernel updates in Eule...

CVE-2023-53560

CVE-2023-53560 concerns the Linux kernel tracing subsystem, specifically the tracing/histograms feature. The issue arises when hist triggers reference variables that are not exposed as direct fields, such as when variables are added for trigger actions; in this case the new references may lack a ...

CVE-2023-53562

CVE-2023-53562 affects the Linux kernel DRM MSM driver. The issue is a VRAM leak that occurs when a subcomponent fails to bind, and the fix releases the VRAM buffer on bind errors. The vulnerability is mitigated by applying the patch that adds VRAM release on error paths (patch reference: patchwo...

CVE-2023-53563

CVE-2023-53563 relates to the Linux kernel amd-pstate-ut driver. The root cause is that after calling amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq(), the code uses cpufreq_cpu_get() to obtain the CPU policy but fails to release it with cpufreq_policy_put, causing the policy to remain b...

CVE-2023-53574

CVE-2023-53574 affects the Linux kernel wifi/rtw88 driver. The issue arises when unloading the driver, where the TX purge timer is not properly deleted and the C2H queue is not freed, risking a crash and a memory leak. The documented root cause is improper cleanup in the rtw_core_deinit() path, w...

CVE-2023-53576

CVE-2023-53576 affects the Linux kernel’s null_blk driver. The patch ensures queue mode is always validated from configfs by checking queue_mode in null_validate_conf() and returning an error for NULL_Q_RQ to prevent a NULL I/O path OOPs when queue_mode is set to 1. Reproduction steps are provide...

CVE-2023-53582

Concrete details found: CVE-2023-53582 affects the Linux kernel’s brcmfmac wifi driver. The issue is a stack-out-of-bounds read that occurs when a CLM version string, filled via memcpy() in brcmf_fil_iovar_data_get(), is passed as an argument to strreplace() in brcmf_c_preinit_dcmds() without bei...

CVE-2023-53586

Technical details for CVE-2023-53586 are not present in the provided documents. The included advisories list the CVE but do not expose products, versions, impacts, or fixes here. Monitor vendor advisories for updates.

CVE-2023-53590

CVE-2023-53590 affects the Linux kernel SCTP scheduler code. The root cause was a missing reference counter in sctp_stream_priorities, which could cause a nested loop when freeing a stream priority (potential heavy CPU usage). The advisory notes that a refcnt is now added in sctp_stream_prioritie...

CVE-2023-53596

In CVE-2023-53596, the Linux kernel patch fixes a resource leak by ensuring devm resources are released on device_del() even for bus-less/driver-less devices. The current code only calls devres_release_all() when the device has a bus and has been probed, which could leave device-managed resources...

CVE-2023-53598

The CVE-2023-53598 issue affects the Linux kernel in the MHI bus host path (CHDBOFF/ERDBOFF range checks). The root cause is inadequate range validation of CHDBOFF and ERDBOFF values, which could lead to an invalid address calculation and a kernel panic. Affected firmware/hardware behavior is imp...

CVE-2023-53599

CVE-2023-53599: In the Linux kernel, the af_alg crypto path for gcm-aes-s390 had a missing initialisation in af_alg_alloc_areq. The bug could cause an oops when gcm_walk_start() runs on req->dst because req->dst was incorrectly set from areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling...

CVE-2023-53601

CVE-2023-53601 is a Linux kernel vulnerability in the bonding driver where code could assume skb_mac_header is set in ndo_start_xmit, risking invalid skb handling. The fixed description states that skb->data is sufficient and bonding must not rely on mac_header. Concrete details appear in conn...

CVE-2023-53602

CVE-2023-53602 affects the Linux kernel driver stack for wifi (ath11k). The issue is a memory leak where firmware statistics for pdev, vdev and beacon were allocated but not released on module removal, prompting a fix implemented by calling ath11k_fw_stats_free() before hardware unregister. Addit...

CVE-2023-53604

CVE-2023-53604: In the Linux kernel, the dm_integrity component may leak journal_io_cache if dm_register_target() fails due to an error path that calls kmem_cache_destroy() in dm_integrity_init(). This root cause is documented in the initial report as a resolution for the leak in journal_io_cache...

CVE-2023-53605

CVE-2023-53605 refers to a Linux kernel issue in the DRM AMD display driver where a memory leak occurred in the dc_construct_ctx() path. The fix, as described in the initial document, is a commit that resolves the leak in that function. The entry indicates a local attack vector with low attack co...

CVE-2023-53616

CVE-2023-53616 affects the Linux kernel’s JFS IMAP unmount path. The issue is a double-free during diUnmount in jfs_imap.c where JFS_IP(ipimap)->i_imap is freed but not nulled, risking a subsequent free if remounts fail at diMount. The root cause is i_imap not being set to NULL after free, pot...

CVE-2023-53618

The CVE-2023-53618 entry corresponds to a Linux kernel issue affecting Btrfs reloc trees. The problem was an invalid reloc tree root key being present for quota-related reloc trees, which could lead to a crash via an ASSERT() in prepare_to_merge() when the reloc tree is not properly referenced by...

CVE-2023-53620

The issue CVE-2023-53620 affects the Linux kernel md (mdadm) status_resync logic. status_resync() reads curr_resync and recovery_active concurrently, which can cause an overflow in the expression curr_resync - recovery_active and lead to an extremely long loop that results in a soft lockup. The f...

CVE-2023-53622

Summary of CVE-2023-53622 (Linux kernel, gfs2): A data race can occur in gfs2_show_options() when accessing fields of gfs2_tune (eg, gt_logd_secs) without holding the gt_spin lock, allowing concurrent execution with gfs2_reconfigure() to race. The fix acquires the lock (sdp->sd_tune.gt_spin) b...

CVE-2023-53628

CVE-2023-53628 affects the Linux kernel drm/amdgpu path. The issue arises from the gfx_v11_0_cp_ecc_error_irq_funcs being retired in gfx11; gfx_v11_0_hw_fini still called amdgpu_irq_put to disable the interrupt, which led to a call trace during suspend/reset. The patch history (v2–v5) shows separ...

CVE-2023-53630

CVE-2023-53630 affects the Linux kernel iommufd path. The issue: batch_last_index could be computed incorrectly, causing an unmap to run past the end of pages and corrupt unmapped pages. This is mitigated by a kernel fix that uses start_index when calculating batch_last_index, preventing out-of-b...

CVE-2023-53633

CVE-2023-53633 pertains to the Linux kernel where the leak occurs in accel/qaic’s map_user_pages() path. If get_user_pages_fast() allocates some pages but not as many as requested, the current code fails to release the pages, causing a leak. The root cause is improper page accounting in the get_u...

CVE-2023-53636

CVE-2023-53636 : Linux kernel vulnerability in clk: microchip auxdev handling causes a use-after-free. If auxiliary_device_add() fails, the release callback can be invoked twice, leading to a UAF. The fix moves auxiliary_device_uninit() to the unregister callback to ensure proper teardown. Exploi...

CVE-2023-53652

CVE-2023-53652 is tied to the Linux kernel vulnerability where the vdpa_nl_policy lacked a proper nla_policy validation for the vdpa features attribute, creating a risk of parsing an invalid nlattr and potential OOB reads as described in related CVEs (e.g., CVE-2023-3773). The connected documents...

CVE-2023-53654

CVE-2023-53654 affects the Linux kernel’s octeontx2-af/RVU initialization. The issue occurs because CN10K RPM and CN10KB RPM_USX LMAC blocks are noncontiguous, and CGX blocks are noncontiguous, but RVU initialization assumed contiguity and accessed cgx/lmac by id, causing kernel panic. A patch ad...

CVE-2023-53659

CVE-2023-53659 : Linux kernel iavf driver fix for an out-of-bounds write when setting channels during remove. The issue could cause the number of active queues to exceed allocated tx/rx_rings on iavf_remove(), leading to an OOB condition. Reproduction in the report shows a KASAN slab-out-of-bound...

CVE-2023-53666

CVE-2023-53666 relates to the Linux kernel ASoC codecs (snd_soc_wcd_mbhc, wcd938x) where MBHC initialisation could fail and lead to a NULL/error pointer dereference while configuring the jack. The patch fixes missing error handling to prevent dereferencing an error pointer, addressing an issue th...

CVE-2023-53668

CVE-2023-53668 affects the Linux kernel ring-buffer subsystem used by tracing_read_pipe/trace_pipe. The issue is a deadloop where a non-empty buffer cannot be read because rb_num_of_entries() == 0, leading to endless waiting when user-space buffers aren’t filled. Root cause: when the ringbuffer i...

CVE-2023-53677

CVE-2023-53677 is associated with a Linux kernel issue in the drm/i915 area. The affected component is the i915 selftests code path, where the patch fixes memory leaks on error escapes in function fake_get_pages (cherry-picked from a kernel commit). The vulnerability was resolved in the kernel, a...

CVE-2023-53686

CVE-2023-53686: Linux kernel vulnerability in net/handshake/netlink.c fix null-ptr-deref in handshake_nl_done_doit(); ensures trace_handshake_cmd_done_err() is not called if socket lookup fails and is invoked before releasing the file to avoid dereferencing sock->sk. Affects kernel networking ...

CVE-2023-54285

CVE-2023-54285 : In the Linux kernel, a vulnerability in iomap_write_delalloc_scan could overflow when folio_next_index() (unsigned long) is left shifted by PAGE_SHIFT on 32-bit systems. The fix replaces the overflow-prone calculation with folio_pos(folio) + folio_size(folio), ensuring correct ov...

CVE-2025-39900

CVE-2025-39900: Linux kernel net_sched: gen_estimator est_timer vulnerability fixed. When CONFIG_PREEMPT_RT=y, timer callbacks could be preempted, risking seqcount/seqlock integrity. A fix in net/core/gen_estimator.c updates est_timer() by adopting preempt_disable_nested()/preempt_enable_nested()...

CVE-2025-39920

CVE-2025-39920 : In the Linux kernel, pcmcia: add error handling for add_interval() in do_validate_mem(). If kmalloc() fails in add_interval(), a null pointer could be inserted into a linked list, leading to illegal memory access when sub_interval() is called next. The patch adds error handling s...

CVE-2025-39940

CVE-2025-39940 concerns the Linux kernel’s dm-stripe component. A potential integer overflow can occur in stripe_io_hints when the chunk size is too large. The fix tests for an overflow and, if detected, avoids setting limits->io_min and limits->io_opt. This mitigates a local-privilege vect...

CVE-2025-39944

CVE-2025-39944 affects the Linux kernel OcteonTX2 PCI device driver (octeontx2-pf). It fixes a use-after-free in otx2_sync_tstamp() caused by a race with a running delayed work item; cancel_delayed_work() could leave synctstamp_work dereferencing a freed otx2_ptp. The mitigation in the fix is to ...

CVE-2025-39947

Affected software: Linux kernel with mlx5e uplink netdev handling. Issue: mlx5_uplink_netdev_get() may return a NULL pointer when the uplink netdevice is removed during unbind, leading to a kernel panic. Root cause: the uplink netdev pointer can be cleared while in use. Impact: potential kernel p...

CVE-2025-68223

CVE-2025-68223 concerns the Linux kernel code path for DRM/Radeon fence handling. The fix removes an attempted forward progress on the queue inside is_signaled, preventing a potential self-deadlock when the fence lock also serves as the wait-queue lock. The underlying issue was that dma-fence_ops...

CVE-2025-71074

The CVE-2025-71074 issue affects Linux kernel functionfs, where open/removal races can leave file->private_data as a freed object, causing UAF on read/write. Root cause: ffs->opened is misused; synchronization via atomic_dec_and_test() is insufficient. The fix approach, as documented, is to...

CVE-2025-71093

Technical details for CVE-2025-71093 are not provided in the connected documents. The Initial Description mentions an OOB read in e1000_tbi_should_accept() and a fix. Monitor for updates.

CVE-2025-71108

CVE-2025-71108 refers to a Linux kernel vulnerability in the USB Type-C UCSI handling. The underlying issue is that the 8th bit of the num_connectors field is reserved and should be zero, but some buggy firmware sets it, which can cause a system to fail to boot. The description notes that the ker...