CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54319 – pinctrl: at91-pio4: check return value of devm_kasprintf()
https://notcve.org/view.php?id=CVE-2023-54319
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check pointer validity. Identified with coccinelle (kmerr.cocci script). Depends-on: 1c4e5c470a56 ("pinctrl: at91: use devm_kasprintf() to avoid potential leaks") Depends-on: 5a8f9cf269e8 ("pinctrl: at91-pio4: use proper format specifier for unsigned int") • https://git.kernel.org/stable/c/776180848b574c9c01217fa958f10843ffce584f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50886 – mmc: toshsd: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50886
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, free_irq() also needs be called. • https://git.kernel.org/stable/c/a5eb8bbd66ccf9f169419f9652544aec771b7c57 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50885 – RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
https://notcve.org/view.php?id=CVE-2022-50885
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Read of size 8 at addr 0000000000000018 by task mount.cifs/3046 CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50884 – drm: Prevent drm_copy_field() to attempt copying a NULL pointer
https://notcve.org/view.php?id=CVE-2022-50884
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess rou... • https://git.kernel.org/stable/c/22eae947bf76e236ba972f2f11cfd1b083b736ad •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54318 – net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
https://notcve.org/view.php?id=CVE-2023-54318
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add While doing smcr_port_add, there maybe linkgroup add into or delete from smc_lgr_list.list at the same time, which may result kernel crash. So, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add. The crash calltrace show below: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU:... • https://git.kernel.org/stable/c/1f90a05d9ff907c70456e7c9d7058372679a88c6 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54317 – dm flakey: don't corrupt the zero page
https://notcve.org/view.php?id=CVE-2023-54317
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio writes option, it will corrupt the content of the zero page which results in crashes of various userspace programs. Glibc assumes that memory returned by mmap is zeroed and it uses it for calloc implementation; ... • https://git.kernel.org/stable/c/c6cd92fcabd6cc78bb1808c6a18245c842722fc1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54316 – refscale: Fix uninitalized use of wait_queue_head_t
https://notcve.org/view.php?id=CVE-2023-54316
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of wait_queue_head_t Running the refscale test occasionally crashes the kernel with the following error: [ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 8569.952900] #PF: supervisor read access in kernel mode [ 8569.952902] #PF: error_code(0x0000) - not-present page [ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0 [ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI... • https://git.kernel.org/stable/c/653ed64b01dc5989f8f579d0038e987476c2c023 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54315 – powerpc/powernv/sriov: perform null check on iov before dereferencing iov
https://notcve.org/view.php?id=CVE-2023-54315
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/sriov: perform null check on iov before dereferencing iov Currently pointer iov is being dereferenced before the null check of iov which can lead to null pointer dereference errors. Fix this by moving the iov null check before the dereferencing. Detected using cppcheck static analysis: linux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either the condition '!iov' is redundant or there is possible null pointer ... • https://git.kernel.org/stable/c/052da31d45fc71238ea8bed7e9a84648a1ee0bf3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54314 – media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
https://notcve.org/view.php?id=CVE-2023-54314
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9005_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref i... • https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54313 – ovl: fix null pointer dereference in ovl_get_acl_rcu()
https://notcve.org/view.php?id=CVE-2023-54313
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovl_get_acl_rcu() Following process: P1 P2 path_openat link_path_walk may_lookup inode_permission(rcu) ovl_permission acl_permission_check check_acl get_cached_acl_rcu ovl_get_inode_acl realinode = ovl_inode_real(ovl_inode) drop_cache __dentry_kill(ovl_dentry) iput(ovl_inode) ovl_destroy_inode(ovl_inode) dput(oi->__upperdentry) dentry_kill(upperdentry) dentry_unlink_inode upperdentry->d_inode = NULL ovl_... • https://git.kernel.org/stable/c/332f606b32b6291a944c8cf23b91f53a6e676525 •