CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53276 – ubifs: Free memory for tmpfile name
https://notcve.org/view.php?id=CVE-2023-53276
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates memory for the name that is to be stored in the directory entry, but after the name has been copied to the directory entry inode, the memory is not freed. When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'tmpfile' just opening a tmpfile: unr... • https://git.kernel.org/stable/c/8ad8c67a897e68426e85990ebfe0a7d1f71fc79f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53275 – ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
https://notcve.org/view.php?id=CVE-2023-53275
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync(): if (codec->regmap) In my opinion, this may be a harmful race, because if codec->regmap is set to NULL right after the condition is checked, a null-pointer derefer... • https://git.kernel.org/stable/c/109f0aaa0b8838a88af9125b79579023539300a7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50334 – hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
https://notcve.org/view.php?id=CVE-2022-50334
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380 [...] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50333 – fs: jfs: fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2022-50333
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap de... • https://git.kernel.org/stable/c/f8d4d0bac603616e2fa4a3907e81ed13f8f3c380 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50328 – jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
https://notcve.org/view.php?id=CVE-2022-50328
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-... • https://git.kernel.org/stable/c/1d4d16daec2a6689b6d3fbfc7d2078643adc6619 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50327 – ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
https://notcve.org/view.php?id=CVE-2022-50327
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ] In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could ... • https://git.kernel.org/stable/c/8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50320 – ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address
https://notcve.org/view.php?id=CVE-2022-50320
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address On a Packard Bell Dot SC (Intel Atom N2600 model) there is a FPDT table which contains invalid physical addresses, with high bits set which fall outside the range of the CPU-s supported physical address range. Calling acpi_os_map_memory() on such an invalid phys address leads to the below WARN_ON in ioremap triggering resulting in an oops/stacktrace. Add code to ver... • https://git.kernel.org/stable/c/30eca146c89d216dda95868ce00a2d35cf73d5a4 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53257 – wifi: mac80211: check S1G action frame size
https://notcve.org/view.php?id=CVE-2023-53257
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches... • https://git.kernel.org/stable/c/fedd9377dd9c71a950d432fbe1628eebfbed70a1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53254 – cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
https://notcve.org/view.php?id=CVE-2023-53254
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels The cacheinfo sets up the shared_cpu_map by checking whether the caches with the same index are shared between CPUs. However, this will trigger slab-out-of-bounds access if the CPUs do not have the same cache hierarchy. Another problem is the mismatched shared_cpu_map when the shared cache does not have the same index between CPUs. CPU0 I D L3 index 0 1 2 x ^ ^ ^ ^ in... • https://git.kernel.org/stable/c/2f588d0345d69a35e451077afed428fd057a5e34 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53247 – btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
https://notcve.org/view.php?id=CVE-2023-53247
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand While trying to get the subpage blocksize tests running, I hit the following panic on generic/476 assertion failed: PagePrivate(page) && page->private, in fs/btrfs/subpage.c:229 kernel BUG at fs/btrfs/subpage.c:229! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS e... • https://git.kernel.org/stable/c/0a5e0bc8e8618e32a6ca64450867628eb0a627bf •