CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53584 – ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
https://notcve.org/view.php?id=CVE-2023-53584
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifs_releasepage() which means there exists pages being private but not dirty. Reproducer[1] shows that it could occur (which maybe related to [2]) with following process: PA PB PC lock(page)[PA] ubifs_write_end attach_page_private // set Private __s... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53583 – perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()
https://notcve.org/view.php?id=CVE-2023-53583
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Since commit 096b52fd2bb4 ("perf: RISC-V: throttle perf events") the perf_sample_event_took() function was added to report time spent in overflow interrupts. If the interrupt takes too long, the perf framework will lower the sysctl_perf_event_sample_rate and max_samples_per_tick. When hwc->interrupts is larger than max_samples_per_tick, the hwc->interrupts will be set ... • https://git.kernel.org/stable/c/096b52fd2bb4996fd68d22b3b7ad21a1296db9d3 •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53582 – wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
https://notcve.org/view.php?id=CVE-2023-53582
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace() in brcmf_c_preinit_dcmds(). This buffer is filled with a CLM version string by memcpy() in brcmf_fil_iovar_data_get(). Ensure buf is null-terminated. Found by a modified version of syzkaller. [ 33.004414][ T1896] brcmfmac: b... • https://git.kernel.org/stable/c/fdd0bd88ceaecf729db103ac8836af5805dd2dc1 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53581 – net/mlx5e: Check for NOT_READY flag state after locking
https://notcve.org/view.php?id=CVE-2023-53581
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from unready_flows list by the workqueue task, which causes a double-removal from the list and a crash[0]. Fix the issue by moving the flag check inside the section protected by uplink_priv->unready_flows_lock mutex. ... • https://git.kernel.org/stable/c/ad86755b18d5edf1956f6d25c844f27289216877 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53580 – USB: Gadget: core: Help prevent panic during UVC unconfigure
https://notcve.org/view.php?id=CVE-2023-53580
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated interaction between the kernel driver and a userspace component (as described in the Link tag below), but the analysis did make one thing clear: The Gadget core should accomodate gadget drivers calling usb_gadget_deact... • https://git.kernel.org/stable/c/d8195536ce2624e2947d9f56b1a61e7a27874bd3 • CWE-764: Multiple Locks of a Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50508 – wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power
https://notcve.org/view.php?id=CVE-2022-50508
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit ba45841ca5eb ("wifi: mt76: mt76x02: simplify struct mt76x02_rate_power")', mt76x02 relies on ht[0-7] rate_power data for vht mcs{0,7}, while it uses vth[0-1] rate_power for vht mcs {8,9}. Fix a possible out-of-bound access in mt76x0_phy_get_target_power routine. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob acces... • https://git.kernel.org/stable/c/ba45841ca5eb29245f9c9f452a39586d9d68bc12 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50507 – fs/ntfs3: Validate data run offset
https://notcve.org/view.php?id=CVE-2022-50507
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access behaviors. [ 82.940342] BUG: KASAN: use-after-free in run_unpack+0x2e3/0x570 [ 82.941180] Read of size 1 at addr ffff888008a8487f by task mount/240 [ 82.941670] [ 82.942069] CPU: 0 PID: 240 Comm: mount Not tainted ... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50506 – drbd: only clone bio if we have a backing device
https://notcve.org/view.php?id=CVE-2022-50506
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier", from drbd_request_prepare to drbd_req_new. The problem is that this accesses device->ldev->backing_bdev, which is not NULL-checked at this point. When we don't have an ldev (i.e. when the DRBD device is diskless), this leads to a null pointer deref. So, only allocat... • https://git.kernel.org/stable/c/c347a787e34cba0e5a80a04082dacaf259105605 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50505 – iommu/amd: Fix pci device refcount leak in ppr_notifier()
https://notcve.org/view.php?id=CVE-2022-50505
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it before returning from ppr_notifier() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifi... • https://git.kernel.org/stable/c/daae2d25a4779b272a66ddd01f5810bcee822b9e • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50504 – powerpc/rtas: avoid scheduling in rtas_os_term()
https://notcve.org/view.php?id=CVE-2022-50504
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0 preempt_count: 2, expected: 0 CPU: 7 PID: 1 Comm:... • https://git.kernel.org/stable/c/507279db1819aacf4022e790b3fc8bc8cf56debf •