CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54281 – btrfs: release path before inode lookup during the ino lookup ioctl
https://notcve.org/view.php?id=CVE-2023-54281
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget() needs to lookup the inode from the root's btree, because it's not currently loaded in memory, then it will need to lock another or the same path in the same root btree. This may result in a deadlock and trigger the following lockde... • https://git.kernel.org/stable/c/23d0b79dfaed2305b500b0215b0421701ada6b1a •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50881 – wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
https://notcve.org/view.php?id=CVE-2022-50881
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that has already been freed by ieee80211_free_hw(), called by ath9k_htc_hw_deinit(). The patch moves ath9k_destroy_wmi() before ieee80211_free_hw(). Note that urbs from the driver should be killed before freeing 'wmi' with ath9k_destroy_wmi(... • https://git.kernel.org/stable/c/abeaa85054ff8cfe8b99aafc5c70ea067e5d0908 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50880 – wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
https://notcve.org/view.php?id=CVE-2022-50880
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdev_id and address, it has only one struct ath10k_peer, it is allocated in ath10k_peer_map_event(). When connected to an AP, it has more than one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the array peer_map of struct ath10k will be se... • https://git.kernel.org/stable/c/d0eeafad118940fe445ca00f45be5624fea2ec34 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50879 – objtool: Fix SEGFAULT
https://notcve.org/view.php?id=CVE-2022-50879
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference. • https://git.kernel.org/stable/c/13810435b9a7014fb92eb715f77da488f3b65b99 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50876 – usb: musb: Fix musb_gadget.c rxstate overflow bug
https://notcve.org/view.php?id=CVE-2022-50876
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt); The SUSE... • https://git.kernel.org/stable/c/03840fad004ce8a56bc8b3bb60a2df10f6f9481e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50875 – of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
https://notcve.org/view.php?id=CVE-2022-50875
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/2fe0e8769df9fed5098daea7db933bc414c329d7 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54279 – MIPS: fw: Allow firmware to pass a empty env
https://notcve.org/view.php?id=CVE-2023-54279
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference. • https://git.kernel.org/stable/c/14aecdd419217e041fb5dd2749d11f58503bdf62 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54274 – RDMA/srpt: Add a check for valid 'mad_agent' pointer
https://notcve.org/view.php?id=CVE-2023-54274
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent'... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54271 – blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init
https://notcve.org/view.php?id=CVE-2023-54271
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:_raw_spin_lock+0x17/0x30 Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54270 – media: usb: siano: Fix use after free bugs caused by do_submit_urb
https://notcve.org/view.php?id=CVE-2023-54270
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware name: QEMU Standa... • https://git.kernel.org/stable/c/dd47fbd40e6ea6884e295e13a2e50b0894258fdf •