CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53244 – media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
https://notcve.org/view.php?id=CVE-2023-53244
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe t... • https://git.kernel.org/stable/c/e15d1c12c5878b3a80d6573af1721e17264e0286 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53243 – btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
https://notcve.org/view.php?id=CVE-2023-53243
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile Callers of `btrfs_reduce_alloc_profile` expect it to return exactly one allocation profile flag, and failing to do so may ultimately result in a WARN_ON and remount-ro when allocating new blocks, like the below transaction abort on 6.1. `btrfs_reduce_alloc_profile` has two ways of determining the profile, first it checks if a conversion balance is currently running and uses ... • https://git.kernel.org/stable/c/47e6f7423b9196ad6832d26cae52b7015f81ee7f •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50315 – ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
https://notcve.org/view.php?id=CVE-2022-50315
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS UBSAN complains about array-index-out-of-bounds: [ 1.980703] kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 [ 1.980709] kernel: index 15 is out of range for type 'ahci_em_priv [8]' [ 1.980713] kernel: CPU: 0 PID: 209 Comm: scsi_eh_8 Not tainted 5.15.0-25-generic #25-Ubuntu [ 1.980716] kernel: Hardware name: System manufacturer Sy... • https://git.kernel.org/stable/c/18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50314 – nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
https://notcve.org/view.php?id=CVE-2022-50314
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbd_start_device_ioctl() syzbot reported hung task [1]. The following program is a simplified version of the reproducer: int main(void) { int sv[2], fd; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0) return 1; if ((fd = open("/dev/nbd0", 0)) < 0) return 1; if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0) return 1; if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0) return 1; if (ioctl(fd, NBD_DO_IT) < 0) return 1; re... • https://git.kernel.org/stable/c/5ea8d10802ec4c153a6e21eebaf412e2abd29736 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50313 – erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
https://notcve.org/view.php?id=CVE-2022-50313
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size As syzbot reported [1], the root cause is that i_size field is a signed type, and negative i_size is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly. Let's fall back to the generic path to deal with such unusual i_size. [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com In the Linux kernel, the following vulnerabi... • https://git.kernel.org/stable/c/431339ba90423a038914c6032bfd71f0ba7ef2f2 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50312 – drivers: serial: jsm: fix some leaks in probe
https://notcve.org/view.php?id=CVE-2022-50312
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just returning directly. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/03a8482c17dd0ae3251451d54cbbc03f930f21d5 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50311 – cxl: Fix refcount leak in cxl_calc_capp_routing
https://notcve.org/view.php?id=CVE-2022-50311
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. This function only calls of_node_put() in normal path, missing it in the error path. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_paren... • https://git.kernel.org/stable/c/f24be42aab37c6d07c05126673138e06223a6399 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50309 – media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
https://notcve.org/view.php?id=CVE-2022-50309
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented,... • https://git.kernel.org/stable/c/df3305156f989339529b3d6744b898d498fb1f7b •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50308 – ASoC: qcom: Add checks for devm_kcalloc
https://notcve.org/view.php?id=CVE-2022-50308
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. This update provides the initial livepatch for this kernel update. This upda... • https://git.kernel.org/stable/c/24caf8d9eb108c52e144bcc7af94bb1edcb70700 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50306 – ext4: fix potential out of bound read in ext4_fc_replay_scan()
https://notcve.org/view.php?id=CVE-2022-50306
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4_fc_replay_scan() For scan loop must ensure that at least EXT4_FC_TAG_BASE_LEN space. If remain space less than EXT4_FC_TAG_BASE_LEN which will lead to out of bound read when mounting corrupt file system image. ADD_RANGE/HEAD/TAIL is needed to add extra check when do journal scan, as this three tags will read data during scan, tag length couldn't less than data length which will read. In the Linu... • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 • CWE-125: Out-of-bounds Read •