CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50486 – net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50486
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to ... • https://git.kernel.org/stable/c/a447479ea2cf35603b5739ea947885024b901222 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50485 – ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
https://notcve.org/view.php?id=CVE-2022-50485
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_iget() returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, because the inode may not be initialized. This mechanism can be used to bypass some checks and cause panic. To solve this problem, we add a special iget flag EXT4_IGET_BAD. Only with this flag we'd be returning bad... • https://git.kernel.org/stable/c/2142dfa1de61e25b83198af0308ec7689cca25d3 • CWE-654: Reliance on a Single Factor in a Security Decision •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50484 – ALSA: usb-audio: Fix potential memory leaks
https://notcve.org/view.php?id=CVE-2022-50484
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the partially allocated URBs might be left without released, because ep->nurbs is still zero at that point. Fix it by setting ep->nurbs at first, so that the error handle... • https://git.kernel.org/stable/c/0604e5e5537af099ea2f6dfd892afe5c92db8a80 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50478 – nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
https://notcve.org/view.php?id=CVE-2022-50478
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug of the same kind. Although they are triggered by the same super block data anomaly, I divided it into the above two because the details of the issues and how to fix it are different. Both are required to elimi... • https://git.kernel.org/stable/c/6b0ea3df56cccd53398d0289f399f19d43136b2e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50470 – xhci: Remove device endpoints from bandwidth list when freeing the device
https://notcve.org/view.php?id=CVE-2022-50470
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then the endpoints aren't dropped cleanly due to functions returning early to avoid interacting with a non-accessible host controller. So check and delete endpoints that are still on the bandwidth list when freeing the vi... • https://git.kernel.org/stable/c/5e4ce28ad907aa54f13b21d5f1dc490525957b0c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39952 – wifi: wilc1000: avoid buffer overflow in WID string configuration
https://notcve.org/view.php?id=CVE-2025-39952
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: avoid buffer overflow in WID string configuration Fix the following copy overflow warning identified by Smatch checker. drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame() error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537) This patch introduces size check before accessing the memory buffer. The checks are base on the WID type of received data from the firmware. For WID strin... • https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e5812d524ebd5d1711 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39940 – dm-stripe: fix a possible integer overflow
https://notcve.org/view.php?id=CVE-2025-39940
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits->io_min and limits->io_opt; In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow ha... • https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53530 – scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
https://notcve.org/view.php?id=CVE-2023-53530
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092 localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291" l... • https://git.kernel.org/stable/c/1a541999f31fcb10ea50eba2a563e6c451fd5c7d • CWE-663: Use of a Non-reentrant Function in a Concurrent Context •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53524 – wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
https://notcve.org/view.php?id=CVE-2023-53524
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function. static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count, void *buf, ssize_t *size, ssize_t *bytes_copied) { int buf_size_left = count - *bytes_copied; buf_size_left = buf_size_left - (buf_size_left % sizeof(u32)); if (*size > buf_s... • https://git.kernel.org/stable/c/0ad8dd870aa187d0c21d032bb2c6433559075eec •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53521 – scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
https://notcve.org/view.php?id=CVE-2023-53521
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev->components is zero, accessing edev->component[0] members is wrong. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_... • https://git.kernel.org/stable/c/76f7050537476ac062ec23a544fbca8270f2d08b • CWE-125: Out-of-bounds Read •