CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50540 – dmaengine: qcom-adm: fix wrong sizeof config in slave_config
https://notcve.org/view.php?id=CVE-2022-50540
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slave_config Fix broken slave_config function that uncorrectly compare the peripheral_size with the size of the config pointer instead of the size of the config struct. This cause the crci value to be ignored and cause a kernel panic on any slave that use adm driver. To fix this, compare to the size of the struct and NOT the size of the pointer. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/03de6b273805b3c552ff158f8688555937375926 • CWE-1025: Comparison Using Wrong Factors •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50539 – ARM: OMAP2+: omap4-common: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50539
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_... • https://git.kernel.org/stable/c/1306c08a7cd7e6136490ab2bc728d2c39741003e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50538 – vme: Fix error not catched in fake_init()
https://notcve.org/view.php?id=CVE-2022-50538
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fake_init() In fake_init(), __root_device_register() is possible to fail but it's ignored, which can cause unregistering vme_root fail when exit. general protection fault, probably for non-canonical address 0xdffffc000000008c KASAN: null-ptr-deref in range [0x0000000000000460-0x0000000000000467] RIP: 0010:root_device_unregister+0x26/0x60 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50537 – firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
https://notcve.org/view.php?id=CVE-2022-50537
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will not be freed through rpi_firmware_delete(), fix this leak by calling kfree() in the error path. In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'f... • https://git.kernel.org/stable/c/60831f5ae6c713afceb6d29f40899ed112f36059 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50536 – bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
https://notcve.org/view.php?id=CVE-2022-50536
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the eval variable is assigned to __SK_REDIRECT after the apply_bytes data is sent, if msg has more_data, sock_put() will be called multiple times. We should reset the eval variable to __SK_NONE every time more_data starts. This causes: IPv4: Attempt to release TCP socket in state 1 00000000b4c925d7 ------------[ cut here ]-----------... • https://git.kernel.org/stable/c/5f0bfe21c853917aae4bc5a70fe57ddb4054443e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53654 – octeontx2-af: Add validation before accessing cgx and lmac
https://notcve.org/view.php?id=CVE-2023-53654
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPM_USX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization, the driver is assuming they are contiguous and trying to access cgx or lmac with their id which is resulting in kernel panic. This patch fixes the issue by adding proper checks. [ 23.219150] pc : cgx_lmac_read+0x3... • https://git.kernel.org/stable/c/91c6945ea1f9059fea886630d0fd8070740e2aaf • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53653 – media: amphion: fix REVERSE_INULL issues reported by coverity
https://notcve.org/view.php?id=CVE-2023-53653
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: amphion: fix REVERSE_INULL issues reported by coverity null-checking of a pointor is suggested before dereferencing it The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/9f599f351e86acf0fc13e42771f97b7fb4dbbea4 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53652 – vdpa: Add features attr to vdpa_nl_policy for nlattr length check
https://notcve.org/view.php?id=CVE-2023-53652
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-37... • https://git.kernel.org/stable/c/90fea5a800c3dd80fb8ad9a02929bcef5fde42b8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53651 – Input: exc3000 - properly stop timer on shutdown
https://notcve.org/view.php?id=CVE-2023-53651
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops. In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/7e577a17f2eefeef32f1106ebf91e7cd143ba654 •