CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53569 – ext2: Check block size validity during mount
https://notcve.org/view.php?id=CVE-2023-53569
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior. In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53564 – ocfs2: fix defrag path triggering jbd2 ASSERT
https://notcve.org/view.php?id=CVE-2023-53564
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di + ocfs2_split_extent //sub-paths call jbd2_journal_restart + ocfs2_journal_dirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crash_kexec... • https://git.kernel.org/stable/c/8f603e567aa7a243e68ca48b4f105b990851360f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53548 – net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
https://notcve.org/view.php?id=CVE-2023-53548
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0 Hardware name: Google Google Compute Engine/Google Compute Eng... • https://git.kernel.org/stable/c/2e55cc7210fef90f88201e860d8767594974574e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53544 – cpufreq: davinci: Fix clk use after free
https://notcve.org/view.php?id=CVE-2023-53544
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufreq_unregister_driver(). If one of the cpufreq callbacks is called just before cpufreq_unregister_driver() is run, the freed clks might be used. In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufreq_unregister_driv... • https://git.kernel.org/stable/c/6601b8030de3e9c29930684eeac15302a59f991a • CWE-825: Expired Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53540 – wifi: cfg80211: reject auth/assoc to AP with our address
https://notcve.org/view.php?id=CVE-2023-53540
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connection... • https://git.kernel.org/stable/c/19957bb399e2722719c0e20c9ae91cf8b6aaff04 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50478 – nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
https://notcve.org/view.php?id=CVE-2022-50478
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug of the same kind. Although they are triggered by the same super block data anomaly, I divided it into the above two because the details of the issues and how to fix it are different. Both are required to elimi... • https://git.kernel.org/stable/c/e339ad31f59925b48a92ee3947692fdf9758b8c7 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50474 – macintosh: fix possible memory leak in macio_add_one_device()
https://notcve.org/view.php?id=CVE-2022-50474
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macio_add_one_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically. It needs to be freed when of_device_register() fails. Call put_device() to give up the reference that's taken in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hits 0. macio device is freed in macio_release_dev... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50471 – xen/gntdev: Accommodate VMA splitting
https://notcve.org/view.php?id=CVE-2022-50471
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized (PV) Xen domains: * User process sets up a gntdev mapping composed of two grant mappings (i.e., two pages shared by another Xen domain). * User process munmap()s one of the pages. * User process munmap()s the remaining page. * User process exits. In the scenario above, the user process would... • https://git.kernel.org/stable/c/ab31523c2fcac557226bac72cbdf5fafe01f9a26 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50470 – xhci: Remove device endpoints from bandwidth list when freeing the device
https://notcve.org/view.php?id=CVE-2022-50470
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then the endpoints aren't dropped cleanly due to functions returning early to avoid interacting with a non-accessible host controller. So check and delete endpoints that are still on the bandwidth list when freeing the vi... • https://git.kernel.org/stable/c/2e27980e6eb78114c4ecbaad1ba71836e3887d18 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39945 – cnic: Fix use-after-free bugs in cnic_delete_task
https://notcve.org/view.php?id=CVE-2025-39945
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already running. Additionally, the delayed work item is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only blocks and waits for work items that were already queued to the workqueue prior to its invocation. Any work... • https://git.kernel.org/stable/c/fdf24086f4752aee5dfb40143c736250df017820 •