CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50355 – staging: vt6655: fix some erroneous memory clean-up loops
https://notcve.org/view.php?id=CVE-2022-50355
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some clean-up codes in case of allocation failure, which free memory in reverse order with 'i' decreasing to 0. However, there are some problems: - The case i=0 is left out. Thus memory is leaked. - In case memory allocation... • https://git.kernel.org/stable/c/5341ee0adb17d12a96dc5344e0d267cd12b52135 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50353 – mmc: wmt-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50353
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, clk_disable_unprepare() also needs be called. This update provides the... • https://git.kernel.org/stable/c/3a96dff0f828ae9dfb43efd49a9b67a74c6dc360 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53334 – USB: chipidea: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53334
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/8f6c7c5a11ec599be524190122a56dbb730069a3 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53333 – netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
https://notcve.org/view.php?id=CVE-2023-53333
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nf_conntrack_dccp_packet() has an unique: dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); And nothing more is 'pulled' from the packet, depending on the content. dh->dccph_doff, and/or dh->dccph_x ...) So dccp_ack_seq() is happily reading stuff past the _dh buffer. BUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134... • https://git.kernel.org/stable/c/2bc780499aa33311ec0f3e42624dfaa7be0ade5e • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53332 – genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
https://notcve.org/view.php?id=CVE-2023-53332
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() If ipi_send_{mask|single}() is called with an invalid interrupt number, all the local variables there will be NULL. ipi_send_verify() which is invoked from these functions does verify its 'data' parameter, resulting in a kernel oops in irq_data_get_affinity_mask() as the passed NULL pointer gets dereferenced. Add a missing NULL pointer check in ipi_send_verify()... Found by ... • https://git.kernel.org/stable/c/3b8e29a82dd16c1f2061e0b955a71cd36eeb061b • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-53331 – pstore/ram: Check start of empty przs during init
https://notcve.org/view.php?id=CVE-2023-53331
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_notifier_call_chain... • https://git.kernel.org/stable/c/e1e3a46706bd4037e8b7407dc660ae6e05b8ac56 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53330 – caif: fix memory leak in cfctrl_linkup_request()
https://notcve.org/view.php?id=CVE-2023-53330
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrl_linkup_request() When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/b482cd2053e3b90a7b33a78c63cdb6badf2ec383 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53328 – fs/ntfs3: Enhance sanity check while generating attr_list
https://notcve.org/view.php?id=CVE-2023-53328
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance sanity check while generating attr_list ni_create_attr_list uses WARN_ON to catch error cases while generating attribute list, which only prints out stack trace and may not be enough. This repalces them with more proper error handling flow. [ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e [ 59.673268] #PF: supervisor read access in kernel mode [ 59.678354] #PF: error_code(0x0000) - not-present p... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53326 – powerpc: Don't try to copy PPR for task with NULL pt_regs
https://notcve.org/view.php?id=CVE-2023-53326
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly done for other archs. This is fine, except when PF_IO_WORKER's have been created and the task does something that causes a coredump to be generated. Then we get this crash: Kernel attempted to read user page (160) - exploit attempt? (uid: 1000) BUG: Kernel NUL... • https://git.kernel.org/stable/c/fa439810cc1b3c927ec24ede17d02467e1b143a1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53324 – drm/msm/mdp5: Don't leak some plane state
https://notcve.org/view.php?id=CVE-2023-53324
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced plane_state->commit refcount a few years ago in 21a01abbe32a ("drm/atomic: Fix freeing connector/plane state too early by tracking commits, v3.") Fix it by using the right helpers. Patchwork: https://patchwork.freedesktop.org/patch/551236/ This update provides the initial livepatch for this kernel update. Thi... • https://git.kernel.org/stable/c/21a01abbe32a3cbeb903378a24e504bfd9fe0648 •