CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39932 – smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
https://notcve.org/view.php?id=CVE-2025-39932
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) In smbd_destroy() we may destroy the memory so we better wait until post_send_credits_work is no longer pending and will never be started again. I actually just hit the case using rxe: WARNING: CPU: 0 PID: 138 at drivers/infiniband/sw/rxe/rxe_verbs.c:1032 rxe_post_recv+0x1ee/0x480 [rdma_rxe] ... [ 5305.686979] [ T138] smbd_post_recv+0x445/0xc10 [cifs] [ 53... • https://git.kernel.org/stable/c/f198186aa9bbd60fae7a2061f4feec614d880299 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39931 – crypto: af_alg - Set merge to zero early in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39931
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set mer... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39929 – smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
https://notcve.org/view.php?id=CVE-2025-39929
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown() In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdow... • https://git.kernel.org/stable/c/f198186aa9bbd60fae7a2061f4feec614d880299 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53532 – wifi: ath11k: fix deinitialization of firmware resources
https://notcve.org/view.php?id=CVE-2023-53532
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11k_ahb_fw_resources_init(), iommu domain mapping is done only for the chipsets having fixed firmware memory. Also, for such chipsets, mapping is done only if it does not have TrustZone support. During deinitialization, only if TrustZone support is not there, iommu is unmapped back. However, for non fixed firmware memory chipsets, TrustZone support is not there and th... • https://git.kernel.org/stable/c/f9eec4947add999e1251bf14365a48a655b786a4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53531 – null_blk: fix poll request timeout handling
https://notcve.org/view.php?id=CVE-2023-53531
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. [1] BUG: kernel NULL pointer dereference, address: 0000000000000008 Workqueue: kblockd blk_mq_timeout_work RIP: 0010:null_timeout_rq+0x4e/0x91 Call Trace: ? null_timeout_rq+0x4e/0x91 blk_mq_handle_expired+0x31/0x4b bt_iter+0x68/0x84 ? bt_tags_iter+0x81/0x81 __sbitma... • https://git.kernel.org/stable/c/0a593fbbc245a85940ed34caa3aa1e4cb060c54b • CWE-366: Race Condition within a Thread •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53529 – wifi: rtw88: Fix memory leak in rtw88_usb
https://notcve.org/view.php?id=CVE-2023-53529
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix memory leak in rtw88_usb Kmemleak shows the following leak arising from routine in the usb probe routine: unreferenced object 0xffff895cb29bba00 (size 512): comm "(udev-worker)", pid 534, jiffies 4294903932 (age 102751.088s) hex dump (first 32 bytes): 77 30 30 30 00 00 00 00 02 2f 2d 2b 30 00 00 00 w000...../-+0... 02 00 2a 28 00 00 00 00 ff 55 ff ff ff 00 00 00 ..*(.....U...... backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53526 – jbd2: check 'jh->b_transaction' before removing it from checkpoint
https://notcve.org/view.php?id=CVE-2023-53526
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh->b_transaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2_journal_commit_transaction __jbd2_journal_insert_checkpoint(jh, commit_transaction) // Put jh into trans1->t_checkpoint_list journal->j_checkpoint_transactions = commit_transaction // Put trans1 into journal->j_checkpoint_transactions Step 2: do_get_write_access test_clear_buffer_dirty(bh) // clear buffer dirty,set jbd ... • https://git.kernel.org/stable/c/b832174b7f89df3ebab02f5b485d00127a0e1a6e •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53525 – RDMA/cma: Allow UD qp_type to join multicast only
https://notcve.org/view.php?id=CVE-2023-53525
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qp_type to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is UD compatible. In this case qkey also needs to be set [1]. This patch allows only UD qp_type to join multicast, and set qkey to default if it's not set, to fix an uninit-value error: the ib->rec.qkey field is accessed without being initialized. ============... • https://git.kernel.org/stable/c/b5de0c60cc30c2a3513c7188c73f3f29acc29234 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53524 – wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
https://notcve.org/view.php?id=CVE-2023-53524
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function. static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count, void *buf, ssize_t *size, ssize_t *bytes_copied) { int buf_size_left = count - *bytes_copied; buf_size_left = buf_size_left - (buf_size_left % sizeof(u32)); if (*size > buf_s... • https://git.kernel.org/stable/c/f7805b33f9b13a87b1fcf9dfbc3dcbce281a1436 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53523 – can: gs_usb: fix time stamp counter initialization
https://notcve.org/view.php?id=CVE-2023-53523
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: fix time stamp counter initialization If the gs_usb device driver is unloaded (or unbound) before the interface is shut down, the USB stack first calls the struct usb_driver::disconnect and then the struct net_device_ops::ndo_stop callback. In gs_usb_disconnect() all pending bulk URBs are killed, i.e. no more RX'ed CAN frames are send from the USB device to the host. Later in gs_can_close() a reset control message is send to ea... • https://git.kernel.org/stable/c/45dfa45f52e66f8eee30a64b16550a9c47915044 •