CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53150 – scsi: qla2xxx: Pointer may be dereferenced
https://notcve.org/view.php?id=CVE-2023-53150
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be de... • https://git.kernel.org/stable/c/005961bd8f066fe931104f67c34ebfcc7f240099 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53149 – ext4: avoid deadlock in fs reclaim with page writeback
https://notcve.org/view.php?id=CVE-2023-53149
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4_writepages() calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock like: CPU0 CPU1 ext4_writepages() percpu_down_read(sbi->s_writepages_rwsem); ext4_change_inode_journal_flag() percpu_down_write(sbi->s_writepages_rwsem); - blocks, all readers block from now on ext4_do_writepages... • https://git.kernel.org/stable/c/c8585c6fcaf2011de54c3592e80a634a2b9e1a7f •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53148 – igb: Fix igb_down hung on surprise removal
https://notcve.org/view.php?id=CVE-2023-53148
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix igb_down hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type-C, users may experience a hung task timeout when they remove the cable between the PC and the Thunderbolt hub. This is because the igb_down function is called multiple times when the Thunderbolt hub is unplugged. For example, the igb_io_error_detected triggers the first call, and the igb_remove triggers the secon... • https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53147 – xfrm: add NULL check in xfrm_update_ae_params
https://notcve.org/view.php?id=CVE-2023-53147
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrm_update_ae_params Normally, x->replay_esn and x->preplay_esn should be allocated at xfrm_alloc_replay_state_esn(...) in xfrm_state_construct(...), hence the xfrm_update_ae_params(...) is okay to update them. However, the current implementation of xfrm_new_ae(...) allows a malicious user to directly dereference a NULL pointer and crash the kernel like below. BUG: kernel NULL pointer dereference, address: 000000000... • https://git.kernel.org/stable/c/d8647b79c3b7e223ac051439d165bc8e7bbb832f •
CVSS: 8.8EPSS: %CPEs: 9EXPL: 0CVE-2022-50261 – drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
https://notcve.org/view.php?id=CVE-2022-50261
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang... • https://git.kernel.org/stable/c/b2c92b2a3801b09b709cbefd9a9e4944b72400bf •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-50260 – drm/msm: Make .remove and .shutdown HW shutdown consistent
https://notcve.org/view.php?id=CVE-2022-50260
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Make .remove and .shutdown HW shutdown consistent Drivers' .remove and .shutdown callbacks are executed on different code paths. The former is called when a device is removed from the bus, while the latter is called at system shutdown time to quiesce the device. This means that some overlap exists between the two, because both have to take care of properly shutting down the hardware. But currently the logic used in these two callba... • https://git.kernel.org/stable/c/9d5cbf5fe46e350715389d89d0c350d83289a102 •
CVSS: 7.8EPSS: %CPEs: 6EXPL: 0CVE-2022-50259 – bpf, sockmap: fix race in sock_map_free()
https://notcve.org/view.php?id=CVE-2022-50259
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sock_map_free() sock_map_free() calls release_sock(sk) without owning a reference on the socket. This can cause use-after-free as syzbot found [1] Jakub Sitnicki already took care of a similar issue in sock_hash_free() in commit 75e68e5bf2c7 ("bpf, sockhash: Synchronize delete from bucket list on map free") [1] refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 0 PID: 3785 at lib/refcount.c:31 refcount_warn... • https://git.kernel.org/stable/c/20ae0cb8983b05136d5293c47fadc99a8ca8ca2d •
CVSS: 7.3EPSS: %CPEs: 8EXPL: 0CVE-2022-50258 – wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
https://notcve.org/view.php?id=CVE-2022-50258
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() This patch fixes a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strsep() in brcmf_c_preinit_dcmds(). This buffer is filled with a firmware version string by memcpy() in brcmf_fil_iovar_data_get(). The patch ensures buf is null-terminated. Found by a modified version of syzkaller. [ 47.569679][ T... • https://git.kernel.org/stable/c/89243a7b0ea19606ba1c2873c9d569026ccb344f •
CVSS: 7.1EPSS: %CPEs: 10EXPL: 0CVE-2022-50257 – xen/gntdev: Prevent leaking grants
https://notcve.org/view.php?id=CVE-2022-50257
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed partially, some of the entries in the map_ops array would be invalid, whereas all of the entries in the kmap_ops array would be valid. This in turn would cause the following logic in gntdev_map_grant_pages to become invalid: for (i = 0; i < map->count; i++) { if (map->map_ops[i].status == GNTST_okay) { map->unmap_ops[i].handle = map->map_ops[i].hand... • https://git.kernel.org/stable/c/36cd49b071fceca70326d9db786aa15e9fffd677 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-50256 – drm/meson: remove drm bridges at aggregate driver unbind time
https://notcve.org/view.php?id=CVE-2022-50256
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: remove drm bridges at aggregate driver unbind time drm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init were not manually removed at module unload time, which caused dangling references to freed memory to remain linked in the global bridge_list. When loading the driver modules back in, the same functions would again call drm_bridge_add, and when traversing the global bridge_list, would end up peeking into free... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •