CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53751 – cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
https://notcve.org/view.php?id=CVE-2023-53751
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential use-after-free bugs. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many t... • https://git.kernel.org/stable/c/64d62ac6d6514cba1305bd08e271ec1843bdd612 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53748 – media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
https://notcve.org/view.php?id=CVE-2023-53748
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vc... • https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53747 – vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-53747
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_scre... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53742 – kcsan: Avoid READ_ONCE() in read_instrumented_memory()
https://notcve.org/view.php?id=CVE-2023-53742
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000283... • https://git.kernel.org/stable/c/706ae665747b629bcf87a2d7e6438602f904b8d5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50627 – wifi: ath11k: fix monitor mode bringup crash
https://notcve.org/view.php?id=CVE-2022-50627
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix monitor mode bringup crash When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is extracted for a SKB. This extraction which is present in the received msdu delivery path,is not needed for the monitor ring packets since they are all RAW packets. Hence appending the flags with "RX_FLAG_ONLY_MONITOR" to skip that extraction. Observed calltrace:... • https://git.kernel.org/stable/c/d6ea1ca1d456bb661e5a9d104e69d2c261161115 •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50626 – media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
https://notcve.org/view.php?id=CVE-2022-50626
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's adapter->priv in case of an error. Currently if an error occurs, it will exit before incrementing "num_adapters_initalized", which is used as a reference counter to free all adap->priv in "dvb_usb_adapter_exit()". There are multiple error paths that can exit... • https://git.kernel.org/stable/c/733bc9e226da2a7f43b10031b8ebfc26d89ec4bd •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50622 – ext4: fix potential memory leak in ext4_fc_record_modified_inode()
https://notcve.org/view.php?id=CVE-2022-50622
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in this case 'state->fc_modified_inodes' may not be freed by krealloc, but 'state->fc_modified_inodes' already set NULL. Then will lead to 'state->fc_modified_inodes' memory leak. In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in t... • https://git.kernel.org/stable/c/c9ce7766dc4e88e624c62a68221a3bbe8f06e856 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50616 – regulator: core: Use different devices for resource allocation and DT lookup
https://notcve.org/view.php?id=CVE-2022-50616
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulator and mfd. https://lore.kernel.org/all/20221128143601.1698148-1-yangyingliang@huawei.com/ From the analysis of Yingliang CPU A |CPU B mt6370_probe() | devm_mfd_add_devices() | |mt6370_regulator_probe() | regulator_register() | //allocate init_data and add it to devres | regulator_of_... • https://git.kernel.org/stable/c/cb29811d989bcb7ea81ca111c4b13878b344e086 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50583 – md/raid0, raid10: Don't set discard sectors for request queue
https://notcve.org/view.php?id=CVE-2022-50583
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use disk_stack_limits to get a proper max_discard_sectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational devices, raid0/raid10 set max_discard_sectors. So the member devices are not ssd/nvme, but raid0/raid10 export the wrong value. It reports warning messages in function __blkdev_issue_discard when mkfs.xfs like thi... • https://git.kernel.org/stable/c/e80bef070699d2e791badefccb1ddabd6998d468 •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40323 – fbcon: Set fb_display[i]->mode to NULL when the mode is released
https://notcve.org/view.php?id=CVE-2025-40323
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fb_display[i]->mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by task syz.xxx ... Call Trace: