CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53308 – net: fec: Better handle pm_runtime_get() failing in .remove()
https://notcve.org/view.php?id=CVE-2023-53308
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pm_runtime_get() failing in .remove() In the (unlikely) event that pm_runtime_get() (disguised as pm_runtime_resume_and_get()) fails, the remove callback returned an error early. The problem with this is that the driver core ignores the error value and continues removing the device. This results in a resource leak. Worse the devm allocated resources are freed and so if a callback of the driver is called later the reg... • https://git.kernel.org/stable/c/982d424239d7fae74938557428d45c717567ea9b • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53307 – rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
https://notcve.org/view.php?id=CVE-2023-53307
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_ad... • https://git.kernel.org/stable/c/1643dfa4c2c827d6e2aa419df8c17b0f24090278 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53305 – Bluetooth: L2CAP: Fix use-after-free
https://notcve.org/view.php?id=CVE-2023-53305
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/71fb419724fadab4efdf98210aa3fe053bd81d29 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50352 – net: hns: fix possible memory leak in hnae_ae_register()
https://notcve.org/view.php?id=CVE-2022-50352
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns: fix possible memory leak in hnae_ae_register() Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). unreferenced object 0xffff00c01aba2100 (size 128): comm "systemd-udevd", pid 1259, jiffies 4294903284 (age 294.152s) hex dump... • https://git.kernel.org/stable/c/6fe6611ff275522a4e4c0359e2f46cdd07780d2f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50350 – scsi: target: iscsi: Fix a race condition between login_work and the login thread
https://notcve.org/view.php?id=CVE-2022-50350
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between login_work and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk_data_ready() callback will schedule the login_work and, at the same time, the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are required to complete the login). The login has been completed but the... • https://git.kernel.org/stable/c/d381a8010a052813a88e20e089be4a58aad8b40a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50349 – misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
https://notcve.org/view.php?id=CVE-2022-50349
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized. This update provides the initial livepatch for this kernel update. This update... • https://git.kernel.org/stable/c/2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50348 – nfsd: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-50348
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few lines above should be freed. Otherwise it leaks. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/6ee95d1c899186c0798cafd25998d436bcdb9618 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50347 – mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50347
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and calling mmc_free_host() in the error path, besides, led_classdev_unregister() and pm_runtime_disable() also need be called.... • https://git.kernel.org/stable/c/c7f6558d84afe60016b8103c0737df6e376a1c2d • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50346 – ext4: init quota for 'old.inode' in 'ext4_rename'
https://notcve.org/view.php?id=CVE-2022-50346
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128 __ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128 ext4... • https://git.kernel.org/stable/c/6dd4ee7cab7e3a17c571aebd444f4344c8c4946e • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50344 – ext4: fix null-ptr-deref in ext4_write_info
https://notcve.org/view.php?id=CVE-2022-50344
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_files... • https://git.kernel.org/stable/c/a1177825719ccef3f76ef39bbfd5ebb6087d53c7 • CWE-476: NULL Pointer Dereference •