CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39839 – batman-adv: fix OOB read/write in network-coding decode
https://notcve.org/view.php?id=CVE-2025-39839
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. In the Linux ... • https://git.kernel.org/stable/c/2df5278b0267c799f3e877e8eeddbb6e93cda0bb •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53447 – f2fs: don't reset unchangable mount option in f2fs_remount()
https://notcve.org/view.php?id=CVE-2023-53447
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942 Call Trace: lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691 __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline] _raw_write_lock+0x2e/0x40 kernel/locking/spinloc... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53446 – PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
https://notcve.org/view.php?id=CVE-2023-53446
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that pointer when removing function 0, and subsequent ASPM policy changes dereferenced it, resulting in a use-after-free warning from KASAN, e.g.: # echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove # echo powersave > /sys/module/pcie_aspm/parameters/policy BUG: KASAN: sl... • https://git.kernel.org/stable/c/b5a0a9b59c8185aebcd9a717e2e6258b58c72c06 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53445 – net: qrtr: Fix a refcount bug in qrtr_recvmsg()
https://notcve.org/view.php?id=CVE-2023-53445
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25 ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53443 – mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
https://notcve.org/view.php?id=CVE-2023-53443
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase the refcnt even when it returns an error. In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get... • https://git.kernel.org/stable/c/247fa1920deeb1064e36c0a34410f4d63503b3d4 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53441 – bpf: cpumap: Fix memory leak in cpu_map_update_elem
https://notcve.org/view.php?id=CVE-2023-53441
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpu_map_update_elem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 (size 192): comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s) hex dump (first 32 bytes): 00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00 ....J........... 00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff ........(....... backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53440 – nilfs2: fix sysfs interface lifetime
https://notcve.org/view.php?id=CVE-2023-53440
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings. Some of the sysfs attributes for nilfs2 per-filesystem instance refer to metadata file "cpfile", "sufile", or "dat", but nilfs_sysfs_create_device_group that creates those attributes is executed before the inodes for... • https://git.kernel.org/stable/c/dd70edbde2627f47df118d899de6bbb55abcfdbf • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53438 – x86/MCE: Always save CS register on AMD Zen IF Poison errors
https://notcve.org/view.php?id=CVE-2023-53438
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch (IF) units on current AMD Zen-based systems do not guarantee a synchronous #MC is delivered for poison consumption errors. Therefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the microarchitecture does guarantee that the exception is delivered within the same context. In other words, the exact rIP is not known, but the context is known to not have chan... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-53437 – media: uvcvideo: Handle cameras with invalid descriptors
https://notcve.org/view.php?id=CVE-2023-53437
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/6d30cf81ee3c0368175f76c03120af5d81e0c639 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53436 – scsi: snic: Fix possible memory leak if device_add() fails
https://notcve.org/view.php?id=CVE-2023-53436
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp(). In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if... • https://git.kernel.org/stable/c/c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa • CWE-401: Missing Release of Memory after Effective Lifetime •