{"vulnerability": "cve-2023-5302", "sightings": [{"uuid": "be534339-8bc1-4351-9109-580ba1a8d846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2023-53020", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "b31db856-e393-4cdc-b09a-66b83f0bef79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53025", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9149", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-53025\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix use-after-free in nfsd4_ssc_setup_dul()\n\nIf signal_pending() returns true, schedule_timeout() will not be executed,\ncausing the waiting task to remain in the wait queue.\nFixed by adding a call to finish_wait(), which ensures that the waiting\ntask will always be removed from the wait queue.\n\ud83d\udccf Published: 2025-03-27T16:43:50.536Z\n\ud83d\udccf Modified: 2025-03-27T17:08:23.270Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/6ac4c383c39f8f2f955f868d1ad9365c2363e80b\n2. https://git.kernel.org/stable/c/0a27dcd5343026ac0cb168ee63304255372b7a36\n3. https://git.kernel.org/stable/c/32d5eb95f8f0e362e37c393310b13b9e95404560\n4. https://git.kernel.org/stable/c/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd", "creation_timestamp": "2025-03-27T17:26:38.000000Z"}, {"uuid": "1f5ae9d5-a6e2-496a-b3b9-18293b5319df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53021", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9148", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-53021\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_taprio: fix possible use-after-free\n\nsyzbot reported a nasty crash [1] in net_tx_action() which\nmade little sense until we got a repro.\n\nThis repro installs a taprio qdisc, but providing an\ninvalid TCA_RATE attribute.\n\nqdisc_create() has to destroy the just initialized\ntaprio qdisc, and taprio_destroy() is called.\n\nHowever, the hrtimer used by taprio had already fired,\ntherefore advance_sched() called __netif_schedule().\n\nThen net_tx_action was trying to use a destroyed qdisc.\n\nWe can not undo the __netif_schedule(), so we must wait\nuntil one cpu serviced the qdisc before we can proceed.\n\nMany thanks to Alexander Potapenko for his help.\n\n[1]\nBUG: KMSAN: uninit-value in queued_spin_trylock include/asm-generic/qspinlock.h:94 [inline]\nBUG: KMSAN: uninit-value in do_raw_spin_trylock include/linux/spinlock.h:191 [inline]\nBUG: KMSAN: uninit-value in __raw_spin_trylock include/linux/spinlock_api_smp.h:89 [inline]\nBUG: KMSAN: uninit-value in _raw_spin_trylock+0x92/0xa0 kernel/locking/spinlock.c:138\n queued_spin_trylock include/asm-generic/qspinlock.h:94 [inline]\n do_raw_spin_trylock include/linux/spinlock.h:191 [inline]\n __raw_spin_trylock include/linux/spinlock_api_smp.h:89 [inline]\n _raw_spin_trylock+0x92/0xa0 kernel/locking/spinlock.c:138\n spin_trylock include/linux/spinlock.h:359 [inline]\n qdisc_run_begin include/net/sch_generic.h:187 [inline]\n qdisc_run+0xee/0x540 include/net/pkt_sched.h:125\n net_tx_action+0x77c/0x9a0 net/core/dev.c:5086\n __do_softirq+0x1cc/0x7fb kernel/softirq.c:571\n run_ksoftirqd+0x2c/0x50 kernel/softirq.c:934\n smpboot_thread_fn+0x554/0x9f0 kernel/smpboot.c:164\n kthread+0x31b/0x430 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:732 [inline]\n slab_alloc_node mm/slub.c:3258 [inline]\n __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970\n kmalloc_reserve net/core/skbuff.c:358 [inline]\n __alloc_skb+0x346/0xcf0 net/core/skbuff.c:430\n alloc_skb include/linux/skbuff.h:1257 [inline]\n nlmsg_new include/net/netlink.h:953 [inline]\n netlink_ack+0x5f3/0x12b0 net/netlink/af_netlink.c:2436\n netlink_rcv_skb+0x55d/0x6c0 net/netlink/af_netlink.c:2507\n rtnetlink_rcv+0x30/0x40 net/core/rtnetlink.c:6108\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0xabc/0xe90 net/socket.c:2482\n ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536\n __sys_sendmsg net/socket.c:2565 [inline]\n __do_sys_sendmsg net/socket.c:2574 [inline]\n __se_sys_sendmsg net/socket.c:2572 [inline]\n __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n\ud83d\udccf Published: 2025-03-27T16:43:47.860Z\n\ud83d\udccf Modified: 2025-03-27T17:08:23.724Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1200388a0b1c3c6fda48d4d2143db8f7e4ef5348\n2. https://git.kernel.org/stable/c/c60fe70078d6e515f424cb868d07e00411b27fbc\n3. https://git.kernel.org/stable/c/c53acbf2facfdfabdc6e6984a1a38f5d38b606a1\n4. https://git.kernel.org/stable/c/d3b2d2820a005e43855fa71b80c4a4b194201c60\n5. https://git.kernel.org/stable/c/3a415d59c1dbec9d772dbfab2d2520d98360caae", "creation_timestamp": "2025-03-27T17:26:36.000000Z"}, {"uuid": "c7233730-7297-4800-bca2-95deba9d304a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53026", "type": "seen", "source": "https://t.me/cvedetector/21322", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-53026 - InfiniBand RDMA Linux Kernel Iterator Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-53026 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/core: Fix ib block iterator counter overflow  \n  \nWhen registering a new DMA MR after selecting the best aligned page size  \nfor it, we iterate over the given sglist to split each entry to smaller,  \naligned to the selected page size, DMA blocks.  \n  \nIn given circumstances where the sg entry and page size fit certain  \nsizes and the sg entry is not aligned to the selected page size, the  \ntotal size of the aligned pages we need to cover the sg entry is &gt;= 4GB.  \nUnder this circumstances, while iterating page aligned blocks, the  \ncounter responsible for counting how much we advanced from the start of  \nthe sg entry is overflowed because its type is u32 and we pass 4GB in  \nsize. This can lead to an infinite loop inside the iterator function  \nbecause the overflow prevents the counter to be larger  \nthan the size of the sg entry.  \n  \nFix the presented problem by changing the advancement condition to  \neliminate overflow.  \n  \nBacktrace:  \n[  192.374329] efa_reg_user_mr_dmabuf  \n[  192.376783] efa_register_mr  \n[  192.382579] pgsz_bitmap 0xfffff000 rounddown 0x80000000  \n[  192.386423] pg_sz [0x80000000] umem_length[0xc0000000]  \n[  192.392657] start 0x0 length 0xc0000000 params.page_shift 31 params.page_num 3  \n[  192.399559] hp_cnt[3], pages_in_hp[524288]  \n[  192.403690] umem-&gt;sgt_append.sgt.nents[1]  \n[  192.407905] number entries: [1], pg_bit: [31]  \n[  192.411397] biter-&gt;__sg_nents [1] biter-&gt;__sg [0000000008b0c5d8]  \n[  192.415601] biter-&gt;__sg_advance [665837568] sg_dma_len[3221225472]  \n[  192.419823] biter-&gt;__sg_nents [1] biter-&gt;__sg [0000000008b0c5d8]  \n[  192.423976] biter-&gt;__sg_advance [2813321216] sg_dma_len[3221225472]  \n[  192.428243] biter-&gt;__sg_nents [1] biter-&gt;__sg [0000000008b0c5d8]  \n[  192.432397] biter-&gt;__sg_advance [665837568] sg_dma_len[3221225472] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:53.000000Z"}, {"uuid": "4baa2903-79e5-42f2-8f40-7bc11b133f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53027", "type": "seen", "source": "https://t.me/cvedetector/21323", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-53027 - Linux EROFS Kernel Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-53027 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nerofs: fix kvcalloc() misuse with __GFP_NOFAIL  \n  \nAs reported by syzbot [1], kvcalloc() cannot work with  __GFP_NOFAIL.  \nLet's use kcalloc() instead.  \n  \n[1]  \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:57.000000Z"}, {"uuid": "6a08924a-9b12-434c-99ad-b689f2f3a54f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53029", "type": "seen", "source": "https://t.me/cvedetector/21329", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-53029 - Marvell OcteonTX CN96XX Linux Kernel Octeontx2-pf Ratchet Sleep Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-53029 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nocteontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt  \n  \nThe commit 4af1b64f80fb (\"octeontx2-pf: Fix lmtst ID used in aura  \nfree\") uses the get/put_cpu() to protect the usage of percpu pointer  \nin -&gt;aura_freeptr() callback, but it also unnecessarily disable the  \npreemption for the blockable memory allocation. The commit 87b93b678e95  \n(\"octeontx2-pf: Avoid use of GFP_KERNEL in atomic context\") tried to  \nfix these sleep inside atomic warnings. But it only fix the one for  \nthe non-rt kernel. For the rt kernel, we still get the similar warnings  \nlike below.  \n  BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46  \n  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0  \n  preempt_count: 1, expected: 0  \n  RCU nest depth: 0, expected: 0  \n  3 locks held by swapper/0/1:  \n   #0: ffff800009fc5fe8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x24/0x30  \n   #1: ffff000100c276c0 (&amp;mbox-&gt;lock){+.+.}-{3:3}, at: otx2_init_hw_resources+0x8c/0x3a4  \n   #2: ffffffbfef6537e0 (&amp;cpu_rcache-&gt;lock){+.+.}-{2:2}, at: alloc_iova_fast+0x1ac/0x2ac  \n  Preemption disabled at:  \n  [] otx2_rq_aura_pool_init+0x14c/0x284  \n  CPU: 20 PID: 1 Comm: swapper/0 Tainted: G        W          6.2.0-rc3-rt1-yocto-preempt-rt #1  \n  Hardware name: Marvell OcteonTX CN96XX board (DT)  \n  Call trace:  \n   dump_backtrace.part.0+0xe8/0xf4  \n   show_stack+0x20/0x30  \n   dump_stack_lvl+0x9c/0xd8  \n   dump_stack+0x18/0x34  \n   __might_resched+0x188/0x224  \n   rt_spin_lock+0x64/0x110  \n   alloc_iova_fast+0x1ac/0x2ac  \n   iommu_dma_alloc_iova+0xd4/0x110  \n   __iommu_dma_map+0x80/0x144  \n   iommu_dma_map_page+0xe8/0x260  \n   dma_map_page_attrs+0xb4/0xc0  \n   __otx2_alloc_rbuf+0x90/0x150  \n   otx2_rq_aura_pool_init+0x1c8/0x284  \n   otx2_init_hw_resources+0xe4/0x3a4  \n   otx2_open+0xf0/0x610  \n   __dev_open+0x104/0x224  \n   __dev_change_flags+0x1e4/0x274  \n   dev_change_flags+0x2c/0x7c  \n   ic_open_devs+0x124/0x2f8  \n   ip_auto_config+0x180/0x42c  \n   do_one_initcall+0x90/0x4dc  \n   do_basic_setup+0x10c/0x14c  \n   kernel_init_freeable+0x10c/0x13c  \n   kernel_init+0x2c/0x140  \n   ret_from_fork+0x10/0x20  \n  \nOf course, we can shuffle the get/put_cpu() to only wrap the invocation  \nof -&gt;aura_freeptr() as what commit 87b93b678e95 does. But there are only  \ntwo -&gt;aura_freeptr() callbacks, otx2_aura_freeptr() and  \ncn10k_aura_freeptr(). There is no usage of perpcu variable in the  \notx2_aura_freeptr() at all, so the get/put_cpu() seems redundant to it.  \nWe can move the get/put_cpu() into the corresponding callback which  \nreally has the percpu variable usage and avoid the sprinkling of  \nget/put_cpu() in several places. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:10:05.000000Z"}, {"uuid": "00a97ee4-f8d2-4e7b-93a7-d1d3828d7694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53025", "type": "seen", "source": "https://t.me/cvedetector/21328", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-53025 - Linux Kernel NFS Daemon Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-53025 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nNFSD: fix use-after-free in nfsd4_ssc_setup_dul()  \n  \nIf signal_pending() returns true, schedule_timeout() will not be executed,  \ncausing the waiting task to remain in the wait queue.  \nFixed by adding a call to finish_wait(), which ensures that the waiting  \ntask will always be removed from the wait queue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:10:04.000000Z"}, {"uuid": "4e0f1876-1f52-470b-a607-caffad5f0635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53028", "type": "seen", "source": "https://t.me/cvedetector/21324", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-53028 - Linux Kernel WiFi mac80211 Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-53028 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRevert \"wifi: mac80211: fix memory leak in ieee80211_if_add()\"  \n  \nThis reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293.  \n  \nieee80211_if_free() is already called from free_netdev(ndev)  \nbecause ndev-&gt;priv_destructor == ieee80211_if_free  \n  \nsyzbot reported:  \n  \ngeneral protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN  \nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]  \nCPU: 0 PID: 10041 Comm: syz-executor.0 Not tainted 6.2.0-rc2-syzkaller-00388-g55b98837e37d #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022  \nRIP: 0010:pcpu_get_page_chunk mm/percpu.c:262 [inline]  \nRIP: 0010:pcpu_chunk_addr_search mm/percpu.c:1619 [inline]  \nRIP: 0010:free_percpu mm/percpu.c:2271 [inline]  \nRIP: 0010:free_percpu+0x186/0x10f0 mm/percpu.c:2254  \nCode: 80 3c 02 00 0f 85 f5 0e 00 00 48 8b 3b 48 01 ef e8 cf b3 0b 00 48 ba 00 00 00 00 00 fc ff df 48 8d 78 20 48 89 f9 48 c1 e9 03 &lt;803c 11 00 0f 85 3b 0e 00 00 48 8b 58 20 48 b8 00 00 00 00 00 fc  \nRSP: 0018:ffffc90004ba7068 EFLAGS: 00010002  \nRAX: 0000000000000000 RBX: ffff88823ffe2b80 RCX: 0000000000000004  \nRDX: dffffc0000000000 RSI: ffffffff81c1f4e7 RDI: 0000000000000020  \nRBP: ffffe8fffe8fc220 R08: 0000000000000005 R09: 0000000000000000  \nR10: 0000000000000000 R11: 1ffffffff2179ab2 R12: ffff8880b983d000  \nR13: 0000000000000003 R14: 0000607f450fc220 R15: ffff88823ffe2988  \nFS: 00007fcb349de700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000  \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 0000001b32220000 CR3: 000000004914f000 CR4: 00000000003506f0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \nCall Trace:  \n  \nnetdev_run_todo+0x6bf/0x1100 net/core/dev.c:10352  \nieee80211_register_hw+0x2663/0x4040 net/mac80211/main.c:1411  \nmac80211_hwsim_new_radio+0x2537/0x4d80 drivers/net/wireless/mac80211_hwsim.c:4583  \nhwsim_new_radio_nl+0xa09/0x10f0 drivers/net/wireless/mac80211_hwsim.c:5176  \ngenl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968  \ngenl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]  \ngenl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065  \nnetlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564  \ngenl_rcv+0x28/0x40 net/netlink/genetlink.c:1076  \nnetlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]  \nnetlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356  \nnetlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932  \nsock_sendmsg_nosec net/socket.c:714 [inline]  \nsock_sendmsg+0xd3/0x120 net/socket.c:734  \n____sys_sendmsg+0x712/0x8c0 net/socket.c:2476  \n___sys_sendmsg+0x110/0x1b0 net/socket.c:2530  \n__sys_sendmsg+0xf7/0x1c0 net/socket.c:2559  \ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]  \ndo_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80  \nentry_SYSCALL_64_after_hwframe+0x63/0xcd \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:58.000000Z"}]}