CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50378 – drm/meson: reorder driver deinit sequence to fix use-after-free bug
https://notcve.org/view.php?id=CVE-2022-50378
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [ +0.006275] ============================================================= [ +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0 [ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695 [ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1 [ +0.000013... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50376 – orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
https://notcve.org/view.php?id=CVE-2022-50376
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmal... • https://git.kernel.org/stable/c/f7ab093f74bf638ed98fd1115f3efa17e308bb7f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50375 – tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
https://notcve.org/view.php?id=CVE-2022-50375
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can abort. Set lpuart_dma_tx_use and the corresponding rx flag lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not accessed after they are ... • https://git.kernel.org/stable/c/6250cc30c4c4e25393ba247f71bdc04b6af3191b •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53368 – tracing: Fix race issue between cpu buffer write and swap
https://notcve.org/view.php?id=CVE-2023-53368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sch... • https://git.kernel.org/stable/c/f1affcaaa861f27752a769f889bf1486ebd301fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53367 – accel/habanalabs: fix mem leak in capture user mappings
https://notcve.org/view.php?id=CVE-2023-53367
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: fix mem leak in capture user mappings This commit fixes a memory leak caused when clearing the user_mappings info when a new context is opened immediately after user_mapping is captured and a hard reset is performed. In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: fix mem leak in capture user mappings This commit fixes a memory leak caused when clearing the user_mappings info when a ne... • https://git.kernel.org/stable/c/0feaf86d4e69507ab9b2af7dcc63a6886352d5db • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53365 – ip6mr: Fix skb_under_panic in ip6mr_cache_report()
https://notcve.org/view.php?id=CVE-2023-53365
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),... • https://git.kernel.org/stable/c/14fb64e1f449ef6666f1c3a3fa4e13aec669b98d • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53357 – md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
https://notcve.org/view.php?id=CVE-2023-53357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in md_bitmap_get_counter() in order to set *blocks value and slab-out-of-bounds occurs. Move check of 'page >= bitmap->pages' to md_bitmap_get_counter() and return directly if true. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/ef4256733506f2459a0c436b62267d22a3f0cec6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53356 – usb: gadget: u_serial: Add null pointer check in gserial_suspend
https://notcve.org/view.php?id=CVE-2023-53356
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_suspend Consider a case where gserial_disconnect has already cleared gser->ioport. And if gserial_suspend gets called afterwards, it will lead to accessing of gser->ioport and thus causing null pointer dereference. Avoid this by adding a null pointer check. Added a static spinlock to prevent gser->ioport from becoming null after the newly added null pointer check. In the Linux kernel,... • https://git.kernel.org/stable/c/aba3a8d01d623a5efef48ab8e78752d58d4c90c3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53355 – staging: pi433: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53355
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This requires saving off the root directory dentry to make creation of individual device subdirectories easier. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/874bcba65f9a3a2a304b5f520529c046887c3cdc • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53354 – skbuff: skb_segment, Call zero copy functions before using skbuff frags
https://notcve.org/view.php?id=CVE-2023-53354
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb") added the call to zero copy functions in skb_segment(). The change introduced a bug in skb_segment() because skb_orphan_frags() may possibly change the number of fragments or allocate new fragments altogether leaving nrfrags and frag to point to the old values. This can cause a panic w... • https://git.kernel.org/stable/c/bf5c25d608613eaf4dcdba5a9cac5b2afe67d635 • CWE-476: NULL Pointer Dereference •