CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50542 – media: si470x: Fix use-after-free in si470x_int_in_callback()
https://notcve.org/view.php?id=CVE-2022-50542
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which contains struct si470x_device object, is freed when si470x_int_in_callback() is called. The cause of this issue is that si470x_int_in_callback() is called for freed urb. si470x_usb_driver_probe() calls si470x_start_usb(), which then calls usb_submit_urb() and si470x_start(). If... • https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50539 – ARM: OMAP2+: omap4-common: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50539
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_... • https://git.kernel.org/stable/c/1d9452ae3bdb830f9309cf10a2f65977999cb14e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/fd79b61af2782f8875c78f50cdb8630ec43e2990 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53650 – fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
https://notcve.org/view.php?id=CVE-2023-53650
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() If 'mipid_detect()' fails, we must free 'md' to avoid a memory leak. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/66d2f99d0bb5a2972fb5c1d88b61169510e540d6 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53648 – ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
https://notcve.org/view.php?id=CVE-2023-53648
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072) remove redundant assignment, return error if rac97 is NULL. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() e... • https://git.kernel.org/stable/c/da3cec35dd3c31d8706db4bf379372ce70d92118 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53644 – media: radio-shark: Add endpoint checks
https://notcve.org/view.php?id=CVE-2023-53644
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Goo... • https://git.kernel.org/stable/c/3ed6a312ac1e7278f92b1b3d95377b335ae21e89 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53641 – wifi: ath9k: hif_usb: fix memory leak of remain_skbs
https://notcve.org/view.php?id=CVE-2023-53641
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of remain_skbs hif_dev->remain_skb is allocated and used exclusively in ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is processed and subsequently freed (in error paths) only during the next call of ath9k_hif_usb_rx_stream(). So, if the urbs are deallocated between those two calls due to the device deinitialization or suspend, it is possible that ath9k_hif_usb_rx_stream() is not... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53639 – wifi: ath6kl: reduce WARN to dev_dbg() in callback
https://notcve.org/view.php?id=CVE-2023-53639
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN() hinders automated testing. Reducing severity. In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is corr... • https://git.kernel.org/stable/c/de2070fc4aa7c0205348010f500f5abce012e67b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53627 – scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list
https://notcve.org/view.php?id=CVE-2023-53627
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(), it is possible that sas_dev.list is being traversed elsewhere, and it may trigger a NULL pointer exception, such as follows: ==>cq thread ==>scsi_eh_6 ==>scsi_error_handler() ==>sas_eh_handle_sas_errors() ==>sas_scsi_find_task() ==>lldd_abort_task() ==>slot_complete_v3_hw() ==>hisi_sas_abort_task() ==>hisi_sas_... • https://git.kernel.org/stable/c/6e2a40b3a332ea84079983be21c944de8ddbc4f3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53624 – net/sched: sch_fq: fix integer overflow of "credit"
https://notcve.org/view.php?id=CVE-2023-53624
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with "initial quantum" having values greater than INT_MAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this situation, the syzkaller script provided by Cristoph triggers the CPU soft-lockup warning even with few sockets. It's not an infinite loop, but "credit" wasn't probably meant to be minus 2Gb for each new flow. Cap... • https://git.kernel.org/stable/c/afe4fd062416b158a8a8538b23adc1930a9b88dc •