CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53661 – bnxt: avoid overflow in bnxt_get_nvram_directory()
https://notcve.org/view.php?id=CVE-2023-53661
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow. Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid ove... • https://git.kernel.org/stable/c/d5eaf2a6b077f32a477feb1e9e1c1f60605b460e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53657 – ice: Don't tx before switchdev is fully configured
https://notcve.org/view.php?id=CVE-2023-53657
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if switchdev configuration was finished. In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit... • https://git.kernel.org/stable/c/5760a72b3060150b587eff3e879648c7470efddd • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50554 – blk-mq: avoid double ->queue_rq() because of early timeout
https://notcve.org/view.php?id=CVE-2022-50554
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then ... • https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50552 – blk-mq: use quiesced elevator switch when reinitializing queues
https://notcve.org/view.php?id=CVE-2022-50552
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the qui... • https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-50551 – wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
https://notcve.org/view.php?id=CVE-2022-50551
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BIT(chiprev) when a 'chiprev' provided by the device is too large. It should also not be equal to or greater than BITS_PER_TYPE(u32) as we do bitwise AND with a u32 variable and BIT(chiprev). The patch adds a check that makes the function return NULL if that is the case. Note that the NULL case is l... • https://git.kernel.org/stable/c/1db036d13e10809943c2dce553e2fa7fc9c6cd80 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50544 – usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
https://notcve.org/view.php?id=CVE-2022-50544
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to a memory leak. We can fix it by releasing the stream_info->stream_ctx_array with xhci_free_stream_ctx() on the error path to avoid the potential memory leak. In t... • https://git.kernel.org/stable/c/7fc6bab3413e6a42bb1264ff7c9149808c93a4c7 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50542 – media: si470x: Fix use-after-free in si470x_int_in_callback()
https://notcve.org/view.php?id=CVE-2022-50542
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which contains struct si470x_device object, is freed when si470x_int_in_callback() is called. The cause of this issue is that si470x_int_in_callback() is called for freed urb. si470x_usb_driver_probe() calls si470x_start_usb(), which then calls usb_submit_urb() and si470x_start(). If... • https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50541 – dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
https://notcve.org/view.php?id=CVE-2022-50541
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to monitor the operational progress status for a channel, when transferring more than 4GB of data it was observed that these counters overflow and completion calculation of a operation gets affected and the transf... • https://git.kernel.org/stable/c/d68da10b0cceb4177b653833e794b2923a4ffbd7 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50539 – ARM: OMAP2+: omap4-common: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50539
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_... • https://git.kernel.org/stable/c/1d9452ae3bdb830f9309cf10a2f65977999cb14e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/fd79b61af2782f8875c78f50cdb8630ec43e2990 • CWE-476: NULL Pointer Dereference •