7.8
CVE-2023-53037 - scsi: mpi3mr: Bad drive in topology results kernel crash
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an internaβ¦
7.1
CVE-2023-53057 - Bluetooth: HCI: Fix global-out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is valid as long as stage[i-1].func is valid. Thus, the last element of stage[].func should be intentionβ¦
7.8
CVE-2023-53072 - mptcp: use the workqueue to destroy unaccepted sockets
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260β¦
5.5
CVE-2023-53104 - kernel: net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.8
CVE-2023-53142 - ice: copy last block omitted in ice_get_module_eeprom()
In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() reads the eeprom in bβ¦
5.5
CVE-2023-53124 - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we β¦
5.5
CVE-2023-53102 - ice: xsk: disable txq irq before flushing hw
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw ice_qp_dis() intends to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps is to disable interrupts on these queues. It currently is broken in a way tβ¦
5.5
CVE-2023-53099 - firmware: xilinx: don't make a sleepable memory allocation from an atomic context
In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep: [ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209β¦
7.8
CVE-2023-53084 - drm/shmem-helper: Remove another errant put in error path
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem GEM object getting prematurely freed leading to a later use-after-free.
5.5
CVE-2023-53126 - scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove() Free mrioc->sas_hba.phy at .remove.