CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53537 – f2fs: fix to avoid use-after-free for cached IPU bio
https://notcve.org/view.php?id=CVE-2023-53537
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folio_end_writeback+0x8a/0x90 Call Trace: end_page_writeback+0x1c/0x60 f2fs_write_end_io+0x199/0x420 bio_endio+0x104/0x180 submit_bio_noacct+0xa5/0x510 submit_bio+0x48/0x80 f2fs_submit_write_bio+0x35/0x300 f2fs_submit_merged_ipu_write+0x2a0/0x2b0 f2fs_write_single_data_page+0x838/0x8b0 f2fs_write_cache_pages+0x3... • https://git.kernel.org/stable/c/0b20fcec8651569935a10afe03fedc0b812d044e •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53536 – blk-crypto: make blk_crypto_evict_key() more robust
https://notcve.org/view.php?id=CVE-2023-53536
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blk_crypto_evict_key() more robust If blk_crypto_evict_key() sees that the key is still in-use (due to a bug) or that ->keyslot_evict failed, it currently just returns while leaving the key linked into the keyslot management structures. However, blk_crypto_evict_key() is only called in contexts such as inode eviction where failure is not an option. So actually the caller proceeds with freeing the blk_crypto_key regardless o... • https://git.kernel.org/stable/c/1b2628397058ebce7277480960b29c788138de90 • CWE-825: Expired Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53535 – net: bcmgenet: Add a check for oversized packets
https://notcve.org/view.php?id=CVE-2023-53535
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid invoking skb_over_panic() and move on to processing the next packet. In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized... • https://git.kernel.org/stable/c/1c1008c793fa46703a2fee469f4235e1c7984333 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53534 – drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
https://notcve.org/view.php?id=CVE-2023-53534
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. The SUSE Linux Enterprise 15 SP5 RT kernel w... • https://git.kernel.org/stable/c/31c5558dae0513bd2bae33ea37543f584c6c35a5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53533 – Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
https://notcve.org/view.php?id=CVE-2023-53533
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe rpi_firmware_get() take reference, we need to release it in error paths as well. Use devm_rpi_firmware_get() helper to handling the resources. Also remove the existing rpi_firmware_put(). In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe rpi_firmware_get() take reference, we need to release it in error paths ... • https://git.kernel.org/stable/c/0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50486 – net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50486
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to ... • https://git.kernel.org/stable/c/84640e27f23041d474c31d3362c3e2185ad68ec2 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50485 – ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
https://notcve.org/view.php?id=CVE-2022-50485
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_iget() returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, because the inode may not be initialized. This mechanism can be used to bypass some checks and cause panic. To solve this problem, we add a special iget flag EXT4_IGET_BAD. Only with this flag we'd be returning bad... • https://git.kernel.org/stable/c/393d1d1d76933886d5e1ce603214c9987589c6d5 • CWE-654: Reliance on a Single Factor in a Security Decision •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50484 – ALSA: usb-audio: Fix potential memory leaks
https://notcve.org/view.php?id=CVE-2022-50484
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the partially allocated URBs might be left without released, because ep->nurbs is still zero at that point. Fix it by setting ep->nurbs at first, so that the error handle... • https://git.kernel.org/stable/c/8fdff6a319e7dac757c558bd283dc4577e68cde7 • CWE-911: Improper Update of Reference Count •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50483 – net: enetc: avoid buffer leaks on xdp_do_redirect() failure
https://notcve.org/view.php?id=CVE-2022-50483
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdp_do_redirect() failure Before enetc_clean_rx_ring_xdp() calls xdp_do_redirect(), each software BD in the RX ring between index orig_i and i can have one of 2 refcount values on its page. We are the owner of the current buffer that is being processed, so the refcount will be at least 1. If the current owner of the buffer at the diametrically opposed index in the RX ring (i.o.w, the other half of this page... • https://git.kernel.org/stable/c/9d2b68cc108db2fdb35022ed2d88cfb305c441a6 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50482 – iommu/vt-d: Clean up si_domain in the init_dmars() error path
https://notcve.org/view.php?id=CVE-2022-50482
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool") when there was a failure in init_dmars(), because the iommu_domain cache still had objects. While the mempool code is now gone, there still is a leak of the si_domain memory if init_dmars() fails. So clean up si_domain in the init_dmars() error p... • https://git.kernel.org/stable/c/86080ccc223aabf8d0b85a504f4f06aa88e82fb3 •