CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39838 – cifs: prevent NULL pointer dereference in UTF16 conversion
https://notcve.org/view.php?id=CVE-2025-39838
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash. This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and returns NULL early to prevent dereferencing NULL pointer. F... • https://git.kernel.org/stable/c/65b98a7e65e7a8f3894d8760cd194eaf20504c99 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53443 – mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
https://notcve.org/view.php?id=CVE-2023-53443
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase the refcnt even when it returns an error. In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get... • https://git.kernel.org/stable/c/7195e642b49af60d4120fa1b45bd812ba528174f • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53438 – x86/MCE: Always save CS register on AMD Zen IF Poison errors
https://notcve.org/view.php?id=CVE-2023-53438
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch (IF) units on current AMD Zen-based systems do not guarantee a synchronous #MC is delivered for poison consumption errors. Therefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the microarchitecture does guarantee that the exception is delivered within the same context. In other words, the exact rIP is not known, but the context is known to not have chan... • https://git.kernel.org/stable/c/e6e6a5f50f58fadec397b23064b7e4830292863d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53437 – media: uvcvideo: Handle cameras with invalid descriptors
https://notcve.org/view.php?id=CVE-2023-53437
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/c8f4a424af5879baefb0fb8a8a09b09ea1779483 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53432 – firewire: net: fix use after free in fwnet_finish_incoming_packet()
https://notcve.org/view.php?id=CVE-2023-53432
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference it to save the skb->len. In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference it to save the skb->len. This update provides the initial livepatch for this kernel update.... • https://git.kernel.org/stable/c/2ea70379e4f4efa95c9daa7f3f9bdd4d40aec927 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53429 – btrfs: don't check PageError in __extent_writepage
https://notcve.org/view.php?id=CVE-2023-53429
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in __extent_writepage __extent_writepage currenly sets PageError whenever any error happens, and the also checks for PageError to decide if to call error handling. This leads to very unclear responsibility for cleaning up on errors. In the VM and generic writeback helpers the basic idea is that once I/O is fired off all error handling responsibility is delegated to the end I/O handler. But if that end I/O handle... • https://git.kernel.org/stable/c/d40be032ecd8ee1ca033bee43c7755d21fb4d72a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53425 – media: platform: mediatek: vpu: fix NULL ptr dereference
https://notcve.org/view.php?id=CVE-2023-53425
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. This fixes this smatch warning: drivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer 'pdev' This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/099e929e7477f37ca16738fc158d7101c0189ca1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53419 – rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
https://notcve.org/view.php?id=CVE-2023-53419
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall if (special.b.blocked) READ_ONCE(rnp->exp_tasks) != NULL raw_spin_lock_rcu_node np = rcu_next_node_entry(t, rnp) if (&t->rcu_node_entry == rnp->exp_tasks) WRITE_ONCE(rnp->exp_tasks, np) .... raw_spin_unloc... • https://git.kernel.org/stable/c/a7d21b8585894e6fff973f6ddae42f02b13f600f •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50411 – ACPICA: Fix error code path in acpi_ds_call_control_method()
https://notcve.org/view.php?id=CVE-2022-50411
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns ... • https://git.kernel.org/stable/c/38e251d356a01b61a86cb35213cafd7e8fe7090c •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50410 – NFSD: Protect against send buffer overflow in NFSv2 READ
https://notcve.org/view.php?id=CVE-2022-50410
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This works because there are no cases where an operation needs a large RPC Call message and a large RPC Reply at the same time. Once an RPC Call has been received, svc_process() updates svc_rqst::rq_res to describe the pa... • https://git.kernel.org/stable/c/2007867c5874134f2271eb276398208070049dd3 • CWE-787: Out-of-bounds Write •