CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50670 – mmc: omap_hsmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50670
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path wihch wi... • https://git.kernel.org/stable/c/a45c6cb816474cefe56059fce422a9bdcd77e0dc •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50668 – ext4: fix deadlock due to mbcache entry corruption
https://notcve.org/view.php?id=CVE-2022-50668
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4_xattr_block_set() where we constantly keep finding xattr block for reuse in mbcache but we are unable to reuse it because its reference count is too big. This happens because cache entry for the xattr block is marked as reusable (e_reusable set) although its reference count is too big. When this inconsistency hap... • https://git.kernel.org/stable/c/6048c64b26097a0ffbd966866b599f990e674e9b •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50664 – media: dvb-frontends: fix leak of memory fw
https://notcve.org/view.php?id=CVE-2022-50664
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw • https://git.kernel.org/stable/c/afccb6ac63fc4328bc61ba086a3cad30054d87c1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50660 – wifi: ipw2200: fix memory leak in ipw_wdev_init()
https://notcve.org/view.php?id=CVE-2022-50660
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw_wdev_init() In the error path of ipw_wdev_init(), exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipw_pci_probe(). As a result, memory leakage occurs. So memory release needs to be added to the error path of ipw_wdev_init(). In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw... • https://git.kernel.org/stable/c/a3caa99e6c68f466c13cfea74097f6fb01b45e25 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50659 – hwrng: geode - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50659
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' ... • https://git.kernel.org/stable/c/ef5d862734b84239e0140319a95fb0bbff5ef394 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53820 – loop: loop_set_status_from_info() check before assignment
https://notcve.org/view.php?id=CVE-2023-53820
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop... • https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53819 – amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
https://notcve.org/view.php?id=CVE-2023-53819
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_update_range when offset_in_bo+map_size overflows. v2: keep the validations in amdgpu_vm_bo_map v3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map rather than to amdgpu_gem_va_ioctl In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB acce... • https://git.kernel.org/stable/c/9f7eb5367d0001536c361bd1400e14521f854ff1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53818 – ARM: zynq: Fix refcount leak in zynq_early_slcr_init
https://notcve.org/view.php?id=CVE-2023-53818
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynq_early_slcr_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on error path. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynq_early_slcr_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put... • https://git.kernel.org/stable/c/3329659df0300d1d0aa22f5e7063f83a88ef92aa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53817 – crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
https://notcve.org/view.php?id=CVE-2023-53817
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() In the Linux ... • https://git.kernel.org/stable/c/fde791e8a96a64ea7b0ad2440e43586447a209c6 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53816 – drm/amdkfd: fix potential kgd_mem UAFs
https://notcve.org/view.php?id=CVE-2023-53816
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex is held. As soon as the mutex is unlocked, another thread can free the BO. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex... • https://git.kernel.org/stable/c/5045360f3bb62ccd4f87202e33489f71f8bbc3fc •