CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50509 – media: coda: Add check for kmalloc
https://notcve.org/view.php?id=CVE-2022-50509
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. The ... • https://git.kernel.org/stable/c/cb1d3a336371e35c3920cc50a701c5403c255644 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53616 – jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
https://notcve.org/view.php?id=CVE-2023-53616
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674 Free of addr ffff88806f410000 by task syz-executor131/3632 CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0 Hardware name: Google Google Compute Engine/Google Comp... • https://git.kernel.org/stable/c/c3c0f0ddd851b3fa3e9d3450bbcd561f4f850469 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53612 – hwmon: (coretemp) Simplify platform device handling
https://notcve.org/view.php?id=CVE-2023-53612
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation and the registration of the hwmon interface in a long-winded round-trip through the driver core. The whole logic of dynamically creating and destroying platform devices to bring the interfaces up and down is erro... • https://git.kernel.org/stable/c/4000384684f612b3645a944f6acde0e65ac370b8 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53608 – nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
https://notcve.org/view.php?id=CVE-2023-53608
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected. At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member of "struct nilfs_sc_info" to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this us... • https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53606 – nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
https://notcve.org/view.php?id=CVE-2023-53606
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath There are two different flavors of the nfsd4_copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically allocated, refcounted and tracked in the client struture. For the embedded one, the cleanup just involves releasing any nfsd_files held on its behalf. For the async one, the cleanup is a bit more involved, and we need ... • https://git.kernel.org/stable/c/fd63299db8090307eae66f2aef17c8f00aafa0a9 • CWE-911: Improper Update of Reference Count •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53596 – drivers: base: Free devm resources when unregistering a device
https://notcve.org/view.php?id=CVE-2023-53596
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices where the device might never get freed if a managed resource holds a reference to the device. This is happening in the DRM framework for example. We should thus call devres_release_all() in the device_del() functi... • https://git.kernel.org/stable/c/a525a3ddeaca69f405d98442ab3c0746e53168dc • CWE-771: Missing Reference to Active Allocated Resource •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53594 – driver core: fix resource leak in device_add()
https://notcve.org/view.php?id=CVE-2023-53594
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NUL... • https://git.kernel.org/stable/c/cebf8fd16900fdfd58c0028617944f808f97fe50 • CWE-771: Missing Reference to Active Allocated Resource •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53593 – cifs: Release folio lock on fscache read hit.
https://notcve.org/view.php?id=CVE-2023-53593
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the folio once the read has completed, > whether it was successful or not. Without this change, when fscache is in use and cache hit occurs during a read, the ... • https://git.kernel.org/stable/c/c3ac8323f2f5b50e32681c254b8318f7fa2dc3f4 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53589 – wifi: iwlwifi: mvm: don't trust firmware n_channels
https://notcve.org/view.php?id=CVE-2023-53589
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it cor... • https://git.kernel.org/stable/c/dcaf9f5ecb6f395152609bdc40660d9b593dca63 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53588 – wifi: mac80211: check for station first in client probe
https://notcve.org/view.php?id=CVE-2023-53588
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. In the Linux kernel, the following vulnerability has been resolved: wifi: mac8... • https://git.kernel.org/stable/c/7e1cda5cf07f848e6b50b4e5e7761ffbce905a3d •