CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53338 – lwt: Fix return values of BPF xmit ops
https://notcve.org/view.php?id=CVE-2023-53338
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive values, such like NET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function skb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return values would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in ip(6)_finish_output2. When this happens, skbs that have been freed would continue to the neighbor subsystem, causing use-after-free... • https://git.kernel.org/stable/c/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53337 – nilfs2: do not write dirty data after degenerating to read-only
https://notcve.org/view.php?id=CVE-2023-53337
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only degeneration, page cache data may be cleared through nilfs_clear_dirty_page() which may also clear the uptodate flag for their buffer heads. However, even aft... • https://git.kernel.org/stable/c/bd89073fc7a5d03b1d06b372addbe405e5a925f4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53336 – media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings
https://notcve.org/view.php?id=CVE-2023-53336
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run sensor->adev is not set yet. So if either of the dev_warn() calls about unknown values are hit this will lead to a NULL pointer deref. Set sensor->adev earlier, with a borrowed ref to avoid making unrolling on errors harder, to fix this. This update provides the initial livepatch for this kernel upda... • https://git.kernel.org/stable/c/485aa3df0dffa62d347ea4e0116f549338accc59 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53335 – RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
https://notcve.org/view.php?id=CVE-2023-53335
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() If get_ep_from_tid() fails to lookup non-NULL value for ep, ep is dereferenced later regardless of whether it is empty. This patch adds a simple sanity check to fix the issue. Found by Linux Verification Center (linuxtesting.org) with SVACE. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatche... • https://git.kernel.org/stable/c/944661dd97f4f257cd914fffec7eb80832ff9141 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50374 – Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
https://notcve.org/view.php?id=CVE-2022-50374
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called without rcu_sync_init() due to hci_uart_tty_open() ignoring percpu_init_rwsem() failure. While we are at it, fix that hci_uart_register_device() ignores percpu_init_rwsem() failure and hci_uart_unregister_device() does not call percpu_free_rwsem(). This update provides the ... • https://git.kernel.org/stable/c/67d2f8781b9f00d1089aafcfa3dc09fcd0f343e2 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50373 – fs: dlm: fix race in lowcomms
https://notcve.org/view.php?id=CVE-2022-50373
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The queue_work() can take the final reference of a dlm_msg and so msg->idx can contain garbage which is signaled by the following warning: [ 676.237050] ------------[ cut here ]------------ [ 676.237052] WARNING: CPU: 0 PID: 1060 at include/linux/srcu.h:189 dlm_lowcomms_commit_msg+0x41/0x50 [ 676.238945] Modules l... • https://git.kernel.org/stable/c/b38bc9c2b3171f4411d80015ecb876bc6f9bcd26 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50372 – cifs: Fix memory leak when build ntlmssp negotiate blob failed
https://notcve.org/view.php?id=CVE-2022-50372
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 (size 448): comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s) hex dump (first 32 bytes): fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000060609a61>] mempool_alloc+0xe1/0x260 [<00000000ad... • https://git.kernel.org/stable/c/49bd49f983b5026e4557d31c5d737d9657c4113e • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50371 – led: qcom-lpg: Fix sleeping in atomic
https://notcve.org/view.php?id=CVE-2022-50371
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: led: qcom-lpg: Fix sleeping in atomic lpg_brighness_set() function can sleep, while led's brightness_set() callback must be non-blocking. Change LPG driver to use brightness_set_blocking() instead. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/0 preempt_count: 101, expected: 0 INFO: lockdep is turned off. CPU: 0 PID: 0 Comm: swapper/0 ... • https://git.kernel.org/stable/c/24e2d05d1b68981f22c984c766fabc5a93c83dba •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50370 – i2c: designware: Fix handling of real but unexpected device interrupts
https://notcve.org/view.php?id=CVE-2022-50370
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs") caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where system crashes to NULL pointer dereference in i2c_dw_xfer_msg() when system resumes from S3 sleep state ("deep"). I was able to debug the issue on Gigabyte Z690 AORUS ELITE and made following notes: - Issue happens ... • https://git.kernel.org/stable/c/c7b79a75287141cef5bbaeaf1c942269c08cd52e •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50369 – drm/vkms: Fix null-ptr-deref in vkms_release()
https://notcve.org/view.php?id=CVE-2022-50369
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->output.composer_workq in vkms_release(). KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 5 PID: 17193 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf #24 RIP: 0010:destroy_workqueue+0x2f/0x710 ... Call Trace: