[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 16 15:18:30 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1da0d3f by Salvatore Bonaccorso at 2025-09-16T16:17:45+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2023-53303 [net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()]
+ - linux 6.5.6-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/281f65d29d6da1a9b6907fb0b145aaf34f4e4822 (6.6-rc2)
+CVE-2023-53302 [wifi: iwl4965: Add missing check for create_singlethread_workqueue()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/26e6775f75517ad6844fe5b79bc5f3fa8c22ee61 (6.3-rc1)
+CVE-2023-53301 [f2fs: fix kernel crash due to null io->bio]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/267c159f9c7bcb7009dae16889b880c5ed8759a8 (6.3-rc1)
+CVE-2023-53300 [media: hi846: Fix memleak in hi846_init_controls()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2649c1a20e8e399ee955d0e22192f9992662c3d2 (6.4-rc1)
+CVE-2023-53299 [md/raid10: fix leak of 'r10bio->remaining' for recovery]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/26208a7cffd0c7cbf14237ccd20c7270b3ffeb7e (6.4-rc1)
+CVE-2023-53298 [nfc: fix memory leak of se_io context in nfc_genl_se_io]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/25ff6f8a5a3b8dc48e8abda6f013e8cc4b14ffea (6.3-rc1)
+CVE-2023-53297 [Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/25e97f7b1866e6b8503be349eeea44bb52d661ce (6.4-rc1)
+CVE-2023-53296 [sctp: check send stream number after wait_for_sndbuf]
+ - linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/2584024b23552c00d95b50255e47bd18d306d31a (6.3-rc6)
+CVE-2023-53295 [udf: Do not update file length for failed writes to inline files]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/256fe4162f8b5a1625b8603ca5f7ff79725bfb47 (6.3-rc1)
+CVE-2023-53294 [fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/254e69f284d7270e0abdc023ee53b71401c3ba0c (6.4-rc1)
+CVE-2023-53293 [Bluetooth: btrtl: check for NULL in btrtl_set_quirks()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ NOTE: https://git.kernel.org/linus/253cf30e8d3d001850a95c4729d668f916b037ab (6.4-rc1)
+CVE-2023-53292 [blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none]
+ - linux 6.4.11-1
+ NOTE: https://git.kernel.org/linus/245165658e1c9f95c0fecfe02b9b1ebd30a1198a (6.5-rc1)
+CVE-2023-53291 [rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/23fc8df26dead16687ae6eb47b0561a4a832e2f6 (6.5-rc1)
+CVE-2023-53290 [samples/bpf: Fix fout leak in hbm's run_bpf_prog]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/23acb14af1914010dd0aae1bbb7fab28bf518b8e (6.4-rc1)
+CVE-2023-53289 [media: bdisp: Add missing check for create_workqueue]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/2371adeab717d8fe32144a84f3491a03c5838cfb (6.4-rc1)
+CVE-2023-53288 [drm/client: Fix memory leak in drm_client_modeset_probe]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/2329cc7a101af1a844fbf706c0724c0baea38365 (6.5-rc3)
+CVE-2023-53287 [usb: cdns3: Put the cdns set active part outside the spin lock]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ NOTE: https://git.kernel.org/linus/2319b9c87fe243327285f2fefd7374ffd75a65fc (6.6-rc1)
+CVE-2023-53286 [RDMA/mlx5: Return the firmware result upon destroying QP/RQ]
+ - linux 6.4.13-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/22664c06e997087fe37f9ba208008c948571214a (6.5-rc1)
+CVE-2023-53285 [ext4: add bounds checking in get_max_inline_xattr_value_size()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/2220eaf90992c11d888fe771055d4de330385f01 (6.4-rc2)
+CVE-2023-53284 [drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/21e9a838f505178e109ccb3bf19d7808eb0326f4 (6.3-rc1)
+CVE-2023-53283 [xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/21a235bce12361e64adfc2ef97e4ae2e51ad63d4 (6.5-rc2)
+CVE-2023-53282 [scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/21681b81b9ae548c5dae7ae00d931197a27f480c (6.3-rc1)
+CVE-2023-53281 [drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/215792eda008f6a1e7ed9d77fa20d582d22bb114 (6.4-rc1)
+CVE-2023-53280 [scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/20fce500b232b970e40312a9c97e7f3b6d7a709c (6.5-rc1)
+CVE-2023-53279 [misc: vmw_balloon: fix memory leak with using debugfs_lookup()]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/209cdbd07cfaa4b7385bad4eeb47e5ec1887d33d (6.3-rc1)
+CVE-2023-53278 [ubifs: Fix memory leak in ubifs_sysfs_init()]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/203a55f04f66eea1a1ca7e5a302a7f5c99c62327 (6.3-rc1)
+CVE-2023-53277 [wifi: iwl3945: Add missing check for create_singlethread_workqueue]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/1fdeb8b9f29dfd64805bb49475ac7566a3cb06cb (6.3-rc1)
+CVE-2023-53276 [ubifs: Free memory for tmpfile name]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/1fb815b38bb31d6af9bd0540b8652a0d6fe6cfd3 (6.4-rc1)
+CVE-2023-53275 [ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()]
+ - linux 6.4.13-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/1f4a08fed450db87fbb5ff5105354158bdbe1a22 (6.5-rc1)
+CVE-2023-53274 [clk: mediatek: mt8183: Add back SSPM related clocks]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1eb8d61ac5c9c7ec56bb96d433532807509b9288 (6.5-rc5)
+CVE-2023-53273 [Drivers: vmbus: Check for channel allocation before looking up relids]
+ - linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/1eb65c8687316c65140b48fad27133d583178e15 (6.3-rc6)
CVE-2023-53272 [net: ena: fix shift-out-of-bounds in exponential backoff]
- linux 6.4.11-1
[bookworm] - linux 6.1.52-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1da0d3f143861ba47de2ff4b7fb5931402d81dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1da0d3f143861ba47de2ff4b7fb5931402d81dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/7ef7519f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list