CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68759 – wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
https://notcve.org/view.php?id=CVE-2025-68759
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit. Fix that by jumping to err_free_rings label on error, which calls rtl8180_free_rx_ring() to free the allocations. Remove the free of rx_ring in rtl8180_init_rx_ring() error path, and set the free... • https://git.kernel.org/stable/c/f653211197f3841f383fa9757ef8ce182c6cf627 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68757 – drm/vgem-fence: Fix potential deadlock on release
https://notcve.org/view.php?id=CVE-2025-68757
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put(). In some scenarios, it can run in IRQ context, which is not safe unless TIMER_IRQSAFE is used. One potentially risky scenario was demonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while working on new IGT subtests sy... • https://git.kernel.org/stable/c/4077798484459a2eced2050045099a466ecb618a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54324 – dm: fix a race condition in retrieve_deps
https://notcve.org/view.php?id=CVE-2023-54324
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access. See this description of a UAF with multipath_mes... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50887 – regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
https://notcve.org/view.php?id=CVE-2022-50887
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/pmic@62/regulators/exten In of_get_regulator(), the node is returned from of_parse_phandle() with refcount incremented, after using it, of_node_put() need be called. • https://git.kernel.org/stable/c/69511a452e6dc6b74fe4f3671a51b1b44b9c57e3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54322 – arm64: set __exception_irq_entry with __irq_entry as a default
https://notcve.org/view.php?id=CVE-2023-54322
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related irq entries from its call stack. And in_irqentry_text() which is called by filter_irq_stacks() uses __irqentry_text_start/end symbol to find irq entries in callstack. But it doesn't work correctly as without "CONFIG_FUNCTION_GRAPH_TRACER", arm64 kernel doesn't include gic_handle_irq which is entry point of arm64 ir... • https://git.kernel.org/stable/c/9a5ad7d0e3e1c6c0c11df89fbc5376f8aaf7a90f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54321 – driver core: fix potential null-ptr-deref in device_add()
https://notcve.org/view.php?id=CVE-2023-54321
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in device_add() I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds2482 Tainted: G B W N 6.1.0-rc3+ RIP: 0010:klist_put+0x2d/0xd0 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54319 – pinctrl: at91-pio4: check return value of devm_kasprintf()
https://notcve.org/view.php?id=CVE-2023-54319
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check pointer validity. Identified with coccinelle (kmerr.cocci script). Depends-on: 1c4e5c470a56 ("pinctrl: at91: use devm_kasprintf() to avoid potential leaks") Depends-on: 5a8f9cf269e8 ("pinctrl: at91-pio4: use proper format specifier for unsigned int") • https://git.kernel.org/stable/c/776180848b574c9c01217fa958f10843ffce584f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50886 – mmc: toshsd: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50886
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, free_irq() also needs be called. • https://git.kernel.org/stable/c/a5eb8bbd66ccf9f169419f9652544aec771b7c57 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50885 – RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
https://notcve.org/view.php?id=CVE-2022-50885
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Read of size 8 at addr 0000000000000018 by task mount.cifs/3046 CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50884 – drm: Prevent drm_copy_field() to attempt copying a NULL pointer
https://notcve.org/view.php?id=CVE-2022-50884
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess rou... • https://git.kernel.org/stable/c/22eae947bf76e236ba972f2f11cfd1b083b736ad •