CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68765 – mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
https://notcve.org/view.php?id=CVE-2025-68765
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. In the Linux kernel, the following vulnerability has been resolved: mt76: mt761... • https://git.kernel.org/stable/c/99c457d902cf90bdc0df5d57e6156ec108711068 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68764 – NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
https://notcve.org/view.php?id=CVE-2025-68764
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag. In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the... • https://git.kernel.org/stable/c/f2aedb713c284429987dc66c7aaf38decfc8da2a •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68759 – wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
https://notcve.org/view.php?id=CVE-2025-68759
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit. Fix that by jumping to err_free_rings label on error, which calls rtl8180_free_rx_ring() to free the allocations. Remove the free of rx_ring in rtl8180_init_rx_ring() error path, and set the free... • https://git.kernel.org/stable/c/f653211197f3841f383fa9757ef8ce182c6cf627 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68758 – backlight: led-bl: Add devlink to supplier LEDs
https://notcve.org/view.php?id=CVE-2025-68758
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree ... • https://git.kernel.org/stable/c/ae232e45acf9621f2c96b41ca3af006ac7552c33 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68757 – drm/vgem-fence: Fix potential deadlock on release
https://notcve.org/view.php?id=CVE-2025-68757
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put(). In some scenarios, it can run in IRQ context, which is not safe unless TIMER_IRQSAFE is used. One potentially risky scenario was demonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while working on new IGT subtests sy... • https://git.kernel.org/stable/c/4077798484459a2eced2050045099a466ecb618a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68755 – staging: most: remove broken i2c driver
https://notcve.org/view.php?id=CVE-2025-68755
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e ("staging: most: remove device from interface structure") started requiring drivers to set the interface device pointer before registration, but the I2C driver was never updated which results in a NULL pointer dereference if anyone ever tries to pro... • https://git.kernel.org/stable/c/723de0f9171eeb49a3ae98cae82ebbbb992b3a7c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54326 – misc: pci_endpoint_test: Free IRQs before removing the device
https://notcve.org/view.php?id=CVE-2023-54326
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be received with the test device memory already released, causing the IRQ handler to access invalid memory, resulting in an oops. Free the device IRQs before removing the device to avoid this issue. • https://git.kernel.org/stable/c/e03327122e2c8e6ae4565ef5b3d3cbe4364546a1 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54325 – crypto: qat - fix out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-54325
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing the key, caus... • https://git.kernel.org/stable/c/67916c9516893528ecce060ada1f58af0ce33d93 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54324 – dm: fix a race condition in retrieve_deps
https://notcve.org/view.php?id=CVE-2023-54324
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access. See this description of a UAF with multipath_mes... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50889 – dm integrity: Fix UAF in dm_integrity_dtr()
https://notcve.org/view.php?id=CVE-2022-50889
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dm_integrity_dtr() Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in dm_integrity_dtr(). • https://git.kernel.org/stable/c/7eada909bfd7ac90a4522e56aa3179d1fd68cd14 •