CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53826 – ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
https://notcve.org/view.php?id=CVE-2023-53826
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Wear-leveling entry could be freed in error path, which may be accessed again in eraseblk_count_seq_show(), for example: __erase_worker eraseblk_count_seq_show wl = ubi->lookuptbl[*block_number] if (wl) wl_entry_destroy ubi->lookuptbl[e->pnum] = NULL kmem_cache_free(ubi_wl_entry_slab, e) erase_count = wl->ec // UAF! Wear-leveling entry updating/accessing in ubi->lookuptbl should ... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50670 – mmc: omap_hsmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50670
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path wihch wi... • https://git.kernel.org/stable/c/a45c6cb816474cefe56059fce422a9bdcd77e0dc •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50664 – media: dvb-frontends: fix leak of memory fw
https://notcve.org/view.php?id=CVE-2022-50664
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw • https://git.kernel.org/stable/c/55f51efdb696ff6e9d2056377d05268a97f3d4e4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50660 – wifi: ipw2200: fix memory leak in ipw_wdev_init()
https://notcve.org/view.php?id=CVE-2022-50660
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw_wdev_init() In the error path of ipw_wdev_init(), exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipw_pci_probe(). As a result, memory leakage occurs. So memory release needs to be added to the error path of ipw_wdev_init(). In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw... • https://git.kernel.org/stable/c/a3caa99e6c68f466c13cfea74097f6fb01b45e25 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50659 – hwrng: geode - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50659
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' ... • https://git.kernel.org/stable/c/ef5d862734b84239e0140319a95fb0bbff5ef394 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53817 – crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
https://notcve.org/view.php?id=CVE-2023-53817
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() In the Linux ... • https://git.kernel.org/stable/c/fde791e8a96a64ea7b0ad2440e43586447a209c6 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53804 – nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
https://notcve.org/view.php?id=CVE-2023-53804
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue b... • https://git.kernel.org/stable/c/f31e18131ee2ce80a4da5c808221d25b1ae9ad6d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53803 – scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
https://notcve.org/view.php?id=CVE-2023-53803
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/da1a955c48a16e16e925d6544793914e52a6fa51 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53802 – wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
https://notcve.org/view.php?id=CVE-2023-53802
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kerne... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53800 – ubi: Fix use-after-free when volume resizing failed
https://notcve.org/view.php?id=CVE-2023-53800
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •