CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54091 – drm/client: Fix memory leak in drm_client_target_cloned
https://notcve.org/view.php?id=CVE-2023-54091
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+... • https://git.kernel.org/stable/c/1d42bbc8f7f9ce4d852692ef7aa336b133b0830a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54087 – ubi: Fix possible null-ptr-deref in ubi_free_volume()
https://notcve.org/view.php?id=CVE-2023-54087
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether they are added o... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54086 – bpf: Add preempt_count_{sub,add} into btf id deny list
https://notcve.org/view.php?id=CVE-2023-54086
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add preempt_count_{sub,add} into btf id deny list The recursion check in __bpf_prog_enter* and __bpf_prog_exit* leave preempt_count_{sub,add} unprotected. When attaching trampoline to them we get panic as follows, [ 867.843050] BUG: TASK stack guard page was hit at 0000000009d325cf (stack is 0000000046a46a15..00000000537e7b28) [ 867.843064] stack guard page: 0000 [#1] PREEMPT SMP NOPTI [ 867.843067] CPU: 8 PID: 11009 Comm: trace Kdump:... • https://git.kernel.org/stable/c/095018267c87b8bfbbb12eeb1c0ebf2359e1782c •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54081 – xen: speed up grant-table reclaim
https://notcve.org/view.php?id=CVE-2023-54081
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very la... • https://git.kernel.org/stable/c/cd1a8952ff529adc210e62306849fd6f256608c0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54079 – power: supply: bq27xxx: Fix poll_interval handling and races on remove
https://notcve.org/view.php?id=CVE-2023-54079
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix poll_interval handling and races on remove Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item. There are 2 problems with this: 1. If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly 2. This is racy, after it being set poll_interval could be changed before bq2... • https://git.kernel.org/stable/c/8cfaaa811894a3ae2d7360a15a6cfccff3ebc7db •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50782 – ext4: fix bug_on in __es_tree_search caused by bad quota inode
https://notcve.org/view.php?id=CVE-2022-50782
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad quota inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extents_status.c:202! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 810 Comm: mount Not tainted 6.1.0-rc1-next-g9631525255e3 #352 RIP: 0010:__es_tree_search.isra.0+0xb8/0xe0 RSP: 0018:ffffc90001227900 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000077512a0f ... • https://git.kernel.org/stable/c/393d1d1d76933886d5e1ce603214c9987589c6d5 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50780 – net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
https://notcve.org/view.php?id=CVE-2022-50780
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_init() interface is invoked to initialize the net, but ops->init() fails, data is released. However, the ptr pointer in net->gen is invalid. In this case, when nfqnl_nf_hook_drop() is invoked to release the net, invalid address access occurs. The process is as follows: setup_net() ops_init() data = kzalloc(...) ---> alloc "data" net_assign_generic() ---> assign "... • https://git.kernel.org/stable/c/f875bae065334907796da12523f9df85c89f5712 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50776 – clk: st: Fix memory leak in st_of_quadfs_setup()
https://notcve.org/view.php?id=CVE-2022-50776
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in st_of_quadfs_setup() If st_clk_register_quadfs_pll() fails, @lock should be freed before goto @err_exit, otherwise will cause meory leak issue, fix it. In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in st_of_quadfs_setup() If st_clk_register_quadfs_pll() fails, @lock should be freed before goto @err_exit, otherwise will cause meory leak issue, fix it. • https://git.kernel.org/stable/c/5f7aa9071e935c8c0e869306c7ef073df6c409f6 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50774 – crypto: qat - fix DMA transfer direction
https://notcve.org/view.php?id=CVE-2022-50774
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIG_DMA_API_DEBUG is selected, while running the crypto self test on the QAT crypto algorithms, the function add_dma_entry() reports a warning similar to the one below, saying that overlapping mappings are not supported. This occurs in tests where the input and the output scatter list point to the same buffers (i.e. two different scatter lists which point to the same chunks of memory). The lo... • https://git.kernel.org/stable/c/d370cec3219490656d72f5ae6e5df32c113c5a44 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50773 – ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
https://notcve.org/view.php?id=CVE-2022-50773
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt I got a null-ptr-defer error report when I do the following tests on the qemu platform: make defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m, CONFIG_SND_MTS64=m Then making test scripts: cat>test_mod1.sh<