CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50881 – wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
https://notcve.org/view.php?id=CVE-2022-50881
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that has already been freed by ieee80211_free_hw(), called by ath9k_htc_hw_deinit(). The patch moves ath9k_destroy_wmi() before ieee80211_free_hw(). Note that urbs from the driver should be killed before freeing 'wmi' with ath9k_destroy_wmi(... • https://git.kernel.org/stable/c/abeaa85054ff8cfe8b99aafc5c70ea067e5d0908 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50880 – wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
https://notcve.org/view.php?id=CVE-2022-50880
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdev_id and address, it has only one struct ath10k_peer, it is allocated in ath10k_peer_map_event(). When connected to an AP, it has more than one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the array peer_map of struct ath10k will be se... • https://git.kernel.org/stable/c/d0eeafad118940fe445ca00f45be5624fea2ec34 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50879 – objtool: Fix SEGFAULT
https://notcve.org/view.php?id=CVE-2022-50879
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference. • https://git.kernel.org/stable/c/13810435b9a7014fb92eb715f77da488f3b65b99 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50878 – gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
https://notcve.org/view.php?id=CVE-2022-50878
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() A NULL check for bridge->encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 if (!bridge->encoder) { Dereference the pointer bridge->encoder. 810 drm_connector_attach_encoder(<9611->connector, bridge->encoder); The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/23278bf54afe180967069bdc8c0f1c7a365fc63e •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50876 – usb: musb: Fix musb_gadget.c rxstate overflow bug
https://notcve.org/view.php?id=CVE-2022-50876
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt); The SUSE... • https://git.kernel.org/stable/c/03840fad004ce8a56bc8b3bb60a2df10f6f9481e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50875 – of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
https://notcve.org/view.php?id=CVE-2022-50875
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/2fe0e8769df9fed5098daea7db933bc414c329d7 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54279 – MIPS: fw: Allow firmware to pass a empty env
https://notcve.org/view.php?id=CVE-2023-54279
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference. • https://git.kernel.org/stable/c/14aecdd419217e041fb5dd2749d11f58503bdf62 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54277 – fbdev: udlfb: Fix endpoint check
https://notcve.org/view.php?id=CVE-2023-54277
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU... • https://git.kernel.org/stable/c/f6db63819db632158647d5bbf4d7d2d90dc1a268 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54275 – wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
https://notcve.org/view.php?id=CVE-2023-54275
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/243874c64c8137bc90455200a7735da72836ecab •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54274 – RDMA/srpt: Add a check for valid 'mad_agent' pointer
https://notcve.org/view.php?id=CVE-2023-54274
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent'... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •