CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53435 – cassini: Fix a memory leak in the error handling path of cas_init_one()
https://notcve.org/view.php?id=CVE-2023-53435
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cassini: Fix a memory leak in the error handling path of cas_init_one() cas_saturn_firmware_init() allocates some memory using vmalloc(). This memory is freed in the .remove() function but not it the error handling path of the probe. Add the missing vfree() to avoid a memory leak, should an error occur. In the Linux kernel, the following vulnerability has been resolved: cassini: Fix a memory leak in the error handling path of cas_init_one()... • https://git.kernel.org/stable/c/fcaa40669cd798ca2ac0d15441e8a1d1145f2b16 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53432 – firewire: net: fix use after free in fwnet_finish_incoming_packet()
https://notcve.org/view.php?id=CVE-2023-53432
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference it to save the skb->len. In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference it to save the skb->len. This update provides the initial livepatch for this kernel update.... • https://git.kernel.org/stable/c/c76acec6d55107b652a37c90b36c00bc8b04dabb • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53431 – scsi: ses: Handle enclosure with just a primary component gracefully
https://notcve.org/view.php?id=CVE-2023-53431
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 ("scsi: ses: Don't attach if enclosure has no components") and introduces proper handling of case where there are no detected secondary components, but primary component (enumerated in num_enclosures) does exist. That fix was originally proposed by Ding Hui
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50419 – Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
https://notcve.org/view.php?id=CVE-2022-50419
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple times as stated in its documentation: 'Do not call this routine or device_register() more than once for any device structure' Syzkaller reports a bug as follows [1]: ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:33! invalid opcode: 0000 [#1] PREEMPT SMP KASAN [...] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50415 – parisc: led: Fix potential null-ptr-deref in start_task()
https://notcve.org/view.php?id=CVE-2022-50415
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in start_task() start_task() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: start_task() create_singlethread_workqueue() # failed, led_wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref Check the ret value and return ... • https://git.kernel.org/stable/c/3499495205a676d85fcc2f3c28e35ec9b43c47e3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50414 – scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
https://notcve.org/view.php?id=CVE-2022-50414
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module. BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace:
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50411 – ACPICA: Fix error code path in acpi_ds_call_control_method()
https://notcve.org/view.php?id=CVE-2022-50411
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50410 – NFSD: Protect against send buffer overflow in NFSv2 READ
https://notcve.org/view.php?id=CVE-2022-50410
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This works because there are no cases where an operation needs a large RPC Call message and a large RPC Reply at the same time. Once an RPC Call has been received, svc_process() updates svc_rqst::rq_res to describe the pa... • https://git.kernel.org/stable/c/4452435948424e5322c2a2fefbdc2cf3732cc45d • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53395 – ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
https://notcve.org/view.php?id=CVE-2023-53395
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode. When ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53391 – shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
https://notcve.org/view.php?id=CVE-2023-53391
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs_context method, which allocates fc->s_fs_info, use ramfs_kill_sb() to free it and avoid a memory leak. In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs... • https://git.kernel.org/stable/c/c3b1b1cbf002e65a3cabd479e68b5f35886a26db •