CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50263 – vdpasim: fix memory leak when freeing IOTLBs
https://notcve.org/view.php?id=CVE-2022-50263
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix memory leak when freeing IOTLBs After commit bda324fd037a ("vdpasim: control virtqueue support"), vdpasim->iommu became an array of IOTLB, so we should clean the mappings of each free one by one instead of just deleting the ranges in the first IOTLB which may leak maps. In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix memory leak when freeing IOTLBs After commit bda324fd037a ("vdpasim: control vi... • https://git.kernel.org/stable/c/bda324fd037a6b0d44da5699574ce741ca161bc4 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50262 – fs/ntfs3: Validate BOOT record_size
https://notcve.org/view.php?id=CVE-2022-50262
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT record_size When the NTFS BOOT record_size field < 0, it represents a shift value. However, there is no sanity check on the shift result and the sbi->record_bits calculation through blksize_bits() assumes the size always > 256, which could lead to NPD while mounting a malformed NTFS image. [ 318.675159] BUG: kernel NULL pointer dereference, address: 0000000000000158 [ 318.675682] #PF: supervisor read access in kernel... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53198 – raw: Fix NULL deref in raw_get_next().
https://notcve.org/view.php?id=CVE-2023-53198
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in raw_get_next(). Dae R. Jeong reported a NULL deref in raw_get_next() [0]. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another netns. unshare(0x40060200) r0 = syz_open_procfs(0x0, &(0x7f0000002080)='net/raw\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) pread64(r0, &(0x7f0000000000)=""/10, 0xa, 0x10000000007f) After commit 0daf07e52709 ... • https://git.kernel.org/stable/c/0daf07e527095e64ee8927ce297ab626643e9f51 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53197 – USB: uhci: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53197
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result m... • https://git.kernel.org/stable/c/5649d86f537887c2be88689986ec4dd493d4babe • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53196 – usb: dwc3: qcom: Fix potential memory leak
https://notcve.org/view.php?id=CVE-2023-53196
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak Function dwc3_qcom_probe() allocates memory for resource structure which is pointed by parent_res pointer. This memory is not freed. This leads to memory leak. Use stack memory to prevent memory leak. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/2bc02355f8ba2c1f108ec8b16a673b467a17228c • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53195 – mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
https://notcve.org/view.php?id=CVE-2023-53195
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init The line cards array is not freed in the error path of mlxsw_m_linecards_init(), which can lead to a memory leak. Fix by freeing the array in the error path, thereby making the error path identical to mlxsw_m_linecards_fini(). In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init The line card... • https://git.kernel.org/stable/c/01328e23a476a47179b07125eabac439bc1d5fd3 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53194 – fs/ntfs3: Add length check in indx_get_root
https://notcve.org/view.php?id=CVE-2023-53194
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add length check in indx_get_root This adds a length check to guarantee the retrieved index root is legit. [ 162.459513] BUG: KASAN: use-after-free in hdr_find_e.isra.0+0x10c/0x320 [ 162.460176] Read of size 2 at addr ffff8880037bca99 by task mount/243 [ 162.460851] [ 162.461252] CPU: 0 PID: 243 Comm: mount Not tainted 6.0.0-rc7 #42 [ 162.461744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53193 – drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini
https://notcve.org/view.php?id=CVE-2023-53193
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini The gmc.ecc_irq is enabled by firmware per IFWI setting, and the host driver is not privileged to enable/disable the interrupt. So, it is meaningless to use the amdgpu_irq_put function in gmc_v10_0_hw_fini, which also leads to the call trace. [ 82.340264] Call Trace: [ 82.340265]
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53192 – vxlan: Fix nexthop hash size
https://notcve.org/view.php?id=CVE-2023-53192
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix nexthop hash size The nexthop code expects a 31 bit hash, such as what is returned by fib_multipath_hash() and rt6_multipath_hash(). Passing the 32 bit hash returned by skb_get_hash() can lead to problems related to the fact that 'int hash' is a negative number when the MSB is set. In the case of hash threshold nexthop groups, nexthop_select_path_hthr() will disproportionately select the first nexthop group entry. In the case of ... • https://git.kernel.org/stable/c/1274e1cc42264d4e629841e4f182795cb0becfd2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53191 – irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
https://notcve.org/view.php?id=CVE-2023-53191
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains of_irq_find_parent() returns a node pointer with refcount increm... • https://git.kernel.org/stable/c/e6b78f2c3e14a9e3a909be3e6ec305d9f1cbabbd •