CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53803 – scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
https://notcve.org/view.php?id=CVE-2023-53803
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/21fab1d0595eacf781705ec3509012a28f298245 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53802 – wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
https://notcve.org/view.php?id=CVE-2023-53802
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kerne... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53800 – ubi: Fix use-after-free when volume resizing failed
https://notcve.org/view.php?id=CVE-2023-53800
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53799 – crypto: api - Use work queue in crypto_destroy_instance
https://notcve.org/view.php?id=CVE-2023-53799
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue. In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance... • https://git.kernel.org/stable/c/6bfd48096ff8ecabf955958b51ddfa7988eb0a14 •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2023-53794 – cifs: fix session state check in reconnect to avoid use-after-free issue
https://notcve.org/view.php?id=CVE-2023-53794
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2_reconnect_server(), because it will be released soon. Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list. In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-af... • https://git.kernel.org/stable/c/4fcd1813e6404dd4420c7d12fb483f9320f0bf93 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53788 – ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
https://notcve.org/view.php?id=CVE-2023-53788
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/h... • https://git.kernel.org/stable/c/44f0c9782cc6ab71ea947f8f710a46f2078a151c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53786 – dm flakey: fix a crash with invalid table line
https://notcve.org/view.php?id=CVE-2023-53786
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" Fix the crash by checking if arg_name is non-NULL before comparing it. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/a3998799fb4df0b0af8271a7d50c4269032397aa •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2023-53782 – dccp: Fix out of bounds access in DCCP error handler
https://notcve.org/view.php?id=CVE-2023-53782
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required. In the Linux kernel, the following vulnerability has been resolved: dc... • https://git.kernel.org/stable/c/6706a97fec963d6cb3f7fc2978ec1427b4651214 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50656 – nfc: pn533: Clear nfc_target before being used
https://notcve.org/view.php?id=CVE-2022-50656
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call ... • https://git.kernel.org/stable/c/361f3cb7f9cfdb82c80926d0e7843c098c034545 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50653 – mmc: atmel-mci: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50653
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). So fix this by checking the return value and calling mmc_free_host(... • https://git.kernel.org/stable/c/7d2be0749a59096a334c94dc48f43294193cb8ed •