CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50815 – ext2: Add sanity checks for group and filesystem size
https://notcve.org/view.php?id=CVE-2022-50815
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext2: Add sanity checks for group and filesystem size Add sanity check that filesystem size does not exceed the underlying device size and that group size is big enough so that metadata can fit into it. This avoid trying to mount some crafted filesystems with extremely large group counts. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50786 – media: s5p-mfc: Clear workbit to handle error condition
https://notcve.org/view.php?id=CVE-2022-50786
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic. This patch fixes this issue by making sure to clear ctx_work_bits always. • https://git.kernel.org/stable/c/818cd91ab8c6e42c2658c8e61f8462637c6f586b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68750 – usb: potential integer overflow in usbg_make_tpg()
https://notcve.org/view.php?id=CVE-2025-68750
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and a... • https://git.kernel.org/stable/c/c52661d60f636d17e26ad834457db333bd1df494 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54140 – nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
https://notcve.org/view.php?id=CVE-2023-54140
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can panic if the kernel is booted with panic_on_warn. This is because nilfs2 keeps buffer pointers in local structures for some metadata and reuses them, but such buffers may be fo... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54134 – autofs: fix memory leak of waitqueues in autofs_catatonic_mode
https://notcve.org/view.php?id=CVE-2023-54134
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'..... 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'............. backtrace: [
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54127 – fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
https://notcve.org/view.php?id=CVE-2023-54127
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800 Free of addr ffff888086408000 by task syz-executor.4/12750 [...] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54121 – btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
https://notcve.org/view.php?id=CVE-2023-54121
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range In production we were seeing a variety of WARN_ON()'s in the extent_map code, specifically in btrfs_drop_extent_map_range() when we have to call add_extent_mapping() for our second split. Consider the following extent map layout PINNED [0 16K) [32K, 48K) and then we call btrfs_drop_extent_map_range for [0, 36K), with skip_pinned == true. The initial loop will have start = 0 end =... • https://git.kernel.org/stable/c/55ef68990029fcd8d04d42fc184aa7fb18cf309e •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54120 – Bluetooth: Fix race condition in hidp_session_thread
https://notcve.org/view.php?id=CVE-2023-54120
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called in hidp_session_thread(). After hidp_session_put, then 'session' will be freed, causing kernel panic when hidp_idle_timeout is running. The solution is to use del_timer_sync instead of del_timer. Here is the call trace: ? • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54119 – inotify: Avoid reporting event with invalid wd
https://notcve.org/view.php?id=CVE-2023-54119
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotify_freeing_mark() races with inotify_handle_inode_event() it can happen that inotify_handle_inode_event() sees that i_mark->wd got already reset to -1 and reports this value to userspace which can confuse the inotify listener. Avoid the problem by validating that wd is sensible (and pretend the mark got removed before the event got generated otherwise). In the Linux kernel, the follow... • https://git.kernel.org/stable/c/7e790dd5fc937bc8d2400c30a05e32a9e9eef276 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54118 – serial: sc16is7xx: setup GPIO controller later in probe
https://notcve.org/view.php?id=CVE-2023-54118
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xx_gpio... • https://git.kernel.org/stable/c/dfeae619d781dee61666d5551b93ba3be755a86b •