CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50720 – x86/apic: Don't disable x2APIC if locked
https://notcve.org/view.php?id=CVE-2022-50720
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor of one that uses MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR. The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO in... • https://git.kernel.org/stable/c/fb209bd891645bb87b9618b724f0b4928e0df3de •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50716 – wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
https://notcve.org/view.php?id=CVE-2022-50716
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out syzkaller reported use-after-free with the stack trace like below [1]: [ 38.960489][ C3] ================================================================== [ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0 [ 38.966363][ C3] [ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tain... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68740 – ima: Handle error code returned by ima_filter_rule_match()
https://notcve.org/view.php?id=CVE-2025-68740
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and sets 'result = true'. The LSM rule is considered a match, causing extra files to be measured by IMA. This issue can be reproduced in the following scenario: After unloading the SELinux policy module via 'semodule -d', if an IMA measurem... • https://git.kernel.org/stable/c/4af4662fa4a9dc62289c580337ae2506339c4729 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68734 – isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
https://notcve.org/view.php?id=CVE-2025-68734
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when setup_instance() fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also change the error paths to use the goto ladder style. Compile tested only. Issue found using a prototype static analysis tool. • https://git.kernel.org/stable/c/69f52adb2d534afc41fcc658f155e01f0b322f9e •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54032 – btrfs: fix race when deleting quota root from the dirty cow roots list
https://notcve.org/view.php?id=CVE-2023-54032
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fs_info->dirty_cowonly_roots without taking the lock that protects it, which is struct btrfs_fs_info::trans_lock. This unsynchronized list manipulation may cause chaos if there's another concurrent manipulation of this list, such as when adding a root to it with ctree.c:add_root_to_dirty_list(). This can ... • https://git.kernel.org/stable/c/bed92eae26ccf280d1a2168b7509447b56675a27 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54023 – btrfs: fix race between balance and cancel/pause
https://notcve.org/view.php?id=CVE-2023-54023
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465 ------------[ cut here ]------------ kernel BUG at fs/btrfs/messages.c:259! RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259 Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54021 – ext4: set goal start correctly in ext4_mb_normalize_request
https://notcve.org/view.php?id=CVE-2023-54021
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright ... • https://git.kernel.org/stable/c/c9de560ded61faa5b754137b7753da252391c55a •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54017 – powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
https://notcve.org/view.php?id=CVE-2023-54017
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebus_bus_init() If device_register() returns error in ibmebus_bus_init(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. As comment of device_add() says, it should call put_device() to drop the reference count that was set in device_initialize() when it fails, so the name can be freed in kobject_cleanup(). The SUSE Linux Enterprise 15 SP5 RT kernel was u... • https://git.kernel.org/stable/c/d7a301033f1990188f65abf4fe8e5b90ef0e3888 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54007 – vmci_host: fix a race condition in vmci_host_poll() causing GPF
https://notcve.org/view.php?id=CVE-2023-54007
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vmci_host: fix a race condition in vmci_host_poll() causing GPF During fuzzing, a general protection fault is observed in vmci_host_poll(). general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] RIP: 0010:__lock_acquire+0xf3/0x5e00 kernel/locking/lockdep.c:4926 <- omitting registers -> Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54006 – af_unix: Fix data-race around unix_tot_inflight.
https://notcve.org/view.php?id=CVE-2023-54006
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_sock() reads it locklessly. Let's use READ_ONCE() for unix_tot_inflight. Note that the writer side was marked by commit 9d6d7f1cb67c ("af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress") BUG: KCSAN: data-race in unix_inflight / unix_release_sock write (marked) to 0xffffffff871852b8 of 4 bytes by... • https://git.kernel.org/stable/c/9305cfa4443dbfb99faf35c5603ec0c0e91b5ef8 •