CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53220 – media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-53220
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref... • https://git.kernel.org/stable/c/c6763fefa267f6e62595a6ac1f57815d99fc90b7 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53215 – sched/fair: Don't balance task to its current running CPU
https://notcve.org/view.php?id=CVE-2023-53215
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in set_task_cpu() like below: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240 Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.... • https://git.kernel.org/stable/c/32d937f94b7805d4c9028b8727a7d6241547da54 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53213 – wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
https://notcve.org/view.php?id=CVE-2023-53213
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ==============... • https://git.kernel.org/stable/c/ac5305e5d227b9af3aae25fa83380d3ff0225b73 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53209 – wifi: mac80211_hwsim: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2023-53209
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. ... • https://git.kernel.org/stable/c/d0124848c7940aba73492e282506b32a13f2e30e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50286 – ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
https://notcve.org/view.php?id=CVE-2022-50286
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cluster counts, kernel memory leaks, and potential kernel panics. With bigalloc, the code that determines whether a block must be delayed allocated searches ... • https://git.kernel.org/stable/c/6f4200ec76a0d31200c308ec5a71c68df5417004 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50274 – media: dvbdev: adopts refcnt to avoid UAF
https://notcve.org/view.php?id=CVE-2022-50274
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object. In the Linux kernel, the following vulnerability has been resolv... • https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53197 – USB: uhci: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53197
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result m... • https://git.kernel.org/stable/c/c6af1dbc99ad37bf67c8703982df4d7f12d256c1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53183 – btrfs: exit gracefully if reloc roots don't match
https://notcve.org/view.php?id=CVE-2023-53183
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). [CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation. This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for i... • https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53182 – ACPICA: Avoid undefined behavior: applying zero offset to null pointer
https://notcve.org/view.php?id=CVE-2023-53182
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53176 – serial: 8250: Reinit port->pm on port specific driver unbind
https://notcve.org/view.php?id=CVE-2023-53176
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port... • https://git.kernel.org/stable/c/490bf37eaabb0a857ed1ae8e75d8854e41662f1c •