CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50719 – ALSA: line6: fix stack overflow in line6_midi_transmit
https://notcve.org/view.php?id=CVE-2022-50719
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer overflow when multiple MIDI sysex messages are sent to a PODxt device. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer ove... • https://git.kernel.org/stable/c/f2459201c72e8f8553644505eed19954d4c3a023 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50716 – wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
https://notcve.org/view.php?id=CVE-2022-50716
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out syzkaller reported use-after-free with the stack trace like below [1]: [ 38.960489][ C3] ================================================================== [ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0 [ 38.966363][ C3] [ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tain... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50715 – md/raid1: stop mdx_raid1 thread when raid1 array run failed
https://notcve.org/view.php?id=CVE-2022-50715
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdx_raid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdx_raid1 thread were not stop, Even if the associated resources have been released. it will caused a NULL dereference when we do poweroff. This causes the following Oops: [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070 [ 287.594762] #PF: supervisor read access in kernel m... • https://git.kernel.org/stable/c/5bad5054ecd83c866502f0370edfc9aa55dc9aa7 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68745 – scsi: qla2xxx: Clear cmds after chip reset
https://notcve.org/view.php?id=CVE-2025-68745
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced anoth... • https://git.kernel.org/stable/c/aefed3e5548f28e5fecafda6604fcbc65484dbaa •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68740 – ima: Handle error code returned by ima_filter_rule_match()
https://notcve.org/view.php?id=CVE-2025-68740
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and sets 'result = true'. The LSM rule is considered a match, causing extra files to be measured by IMA. This issue can be reproduced in the following scenario: After unloading the SELinux policy module via 'semodule -d', if an IMA measurem... • https://git.kernel.org/stable/c/4af4662fa4a9dc62289c580337ae2506339c4729 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68734 – isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
https://notcve.org/view.php?id=CVE-2025-68734
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when setup_instance() fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also change the error paths to use the goto ladder style. Compile tested only. Issue found using a prototype static analysis tool. • https://git.kernel.org/stable/c/69f52adb2d534afc41fcc658f155e01f0b322f9e •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54032 – btrfs: fix race when deleting quota root from the dirty cow roots list
https://notcve.org/view.php?id=CVE-2023-54032
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fs_info->dirty_cowonly_roots without taking the lock that protects it, which is struct btrfs_fs_info::trans_lock. This unsynchronized list manipulation may cause chaos if there's another concurrent manipulation of this list, such as when adding a root to it with ctree.c:add_root_to_dirty_list(). This can ... • https://git.kernel.org/stable/c/bed92eae26ccf280d1a2168b7509447b56675a27 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54028 – RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task"
https://notcve.org/view.php?id=CVE-2023-54028
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like rxe_init_task are not setup until rxe_qp_init_req(). If an error occurred before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. If rxe... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54023 – btrfs: fix race between balance and cancel/pause
https://notcve.org/view.php?id=CVE-2023-54023
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465 ------------[ cut here ]------------ kernel BUG at fs/btrfs/messages.c:259! RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259 Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54021 – ext4: set goal start correctly in ext4_mb_normalize_request
https://notcve.org/view.php?id=CVE-2023-54021
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright ... • https://git.kernel.org/stable/c/c9de560ded61faa5b754137b7753da252391c55a •