CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53451 – scsi: qla2xxx: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-53451
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. This update provides the initial liv... • https://git.kernel.org/stable/c/a9083016a5314b3aeba6e0d2e814872e72168c08 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53450 – ext4: remove a BUG_ON in ext4_mb_release_group_pa()
https://notcve.org/view.php?id=CVE-2023-53450
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUG_ON in ext4_mb_release_group_pa() If a malicious fuzzer overwrites the ext4 superblock while it is mounted such that the s_first_data_block is set to a very large number, the calculation of the block group can underflow, and trigger a BUG_ON check. Change this to be an ext4_warning so that we don't crash the kernel. In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUG_ON in ext4_mb_release... • https://git.kernel.org/stable/c/c9de560ded61faa5b754137b7753da252391c55a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50431 – ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
https://notcve.org/view.php?id=CVE-2022-50431
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly. In the Linux kernel, ... • https://git.kernel.org/stable/c/f3d9478b2ce468c3115b02ecae7e975990697f15 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50427 – ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
https://notcve.org/view.php?id=CVE-2022-50427
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give u... • https://git.kernel.org/stable/c/0ca06a00e206b963587ac471e6d1c52bf33b9a18 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50422 – scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
https://notcve.org/view.php?id=CVE-2022-50422
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() |... • https://git.kernel.org/stable/c/2908d778ab3e244900c310974e1fc1c69066e450 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39927 – ceph: fix race condition validating r_parent before applying state
https://notcve.org/view.php?id=CVE-2025-39927
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating r_parent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent operations (e.g. rename) cause r_parent to become stale between request initiation and reply processing, which could lead to applying state changes to incorrect directory inodes. [ idryomov: folded a kerneldoc fixup ... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39920 – pcmcia: Add error handling for add_interval() in do_validate_mem()
https://notcve.org/view.php?id=CVE-2025-39920
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return ear... • https://git.kernel.org/stable/c/7b4884ca8853a638df0eb5d251d80d67777b8b1a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39902 – mm/slub: avoid accessing metadata when pointer is invalid in object_err()
https://notcve.org/view.php?id=CVE-2025-39902
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid beca... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39885 – ocfs2: fix recursive semaphore deadlock in fiemap call
https://notcve.org/view.php?id=CVE-2025-39885
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rws... • https://git.kernel.org/stable/c/00dc417fa3e763345b34ccb6034d72de76eea0a1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39848 – ax25: properly unshare skbs in ax25_kiss_rcv()
https://notcve.org/view.php?id=CVE-2025-39848
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or no... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •