CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53778 – accel/qaic: Clean up integer overflow checking in map_user_pages()
https://notcve.org/view.php?id=CVE-2023-53778
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in map_user_pages() The encode_dma() function has some validation on in_trans->size but it would be more clear to move those checks to find_and_map_user_pages(). The encode_dma() had two checks: if (in_trans->addr + in_trans->size < in_trans->addr || !in_trans->size) return -EINVAL; The in_trans->addr variable is the starting address. The in_trans->size variable is the total size of the transfe... • https://git.kernel.org/stable/c/129776ac2e38231fa9c02ce20e116c99de291666 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53777 – erofs: kill hooked chains to avoid loops on deduplicated compressed images
https://notcve.org/view.php?id=CVE-2023-53777
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could be linked with each other almost simultaneously and form a loop so that the entire loop won't be submitted. As a consequence, the corresponding file pages will remain locked forever. It can be _only_ observed on dat... • https://git.kernel.org/stable/c/267f2492c8f71dac44399988b510f9bf6b074a51 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50656 – nfc: pn533: Clear nfc_target before being used
https://notcve.org/view.php?id=CVE-2022-50656
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call ... • https://git.kernel.org/stable/c/361f3cb7f9cfdb82c80926d0e7843c098c034545 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50655 – ppp: associate skb with a device at tx
https://notcve.org/view.php?id=CVE-2022-50655
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0) [ 9.485814] WARNING... • https://git.kernel.org/stable/c/e387a25552951802102e279931d6f7dd2ecc34c1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50654 – bpf: Fix panic due to wrong pageattr of im->image
https://notcve.org/view.php?id=CVE-2022-50654
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im->image In the scenario where livepatch and kretfunc coexist, the pageattr of im->image is rox after arch_prepare_bpf_trampoline in bpf_trampoline_update, and then modify_fentry or register_fentry returns -EAGAIN from bpf_tramp_ftrace_ops_func, the BPF_TRAMP_F_ORIG_STACK flag will be configured, and arch_prepare_bpf_trampoline will be re-executed. At this time, because the pageattr of im->image is r... • https://git.kernel.org/stable/c/00963a2e75a872e5fce4d0115ac2786ec86b57a6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50653 – mmc: atmel-mci: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50653
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). So fix this by checking the return value and calling mmc_free_host(... • https://git.kernel.org/stable/c/7d2be0749a59096a334c94dc48f43294193cb8ed •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50652 – uio: uio_dmem_genirq: Fix missing unlock in irq configuration
https://notcve.org/view.php?id=CVE-2022-50652
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: uio: uio_dmem_genirq: Fix missing unlock in irq configuration Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") started calling disable_irq() without holding the spinlock because it can sleep. However, that fix introduced another bug: if interrupt is already disabled and a new disable request comes in, then the spinlock is not unlocked: root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0 root... • https://git.kernel.org/stable/c/b77fa964ecb1d72a671234f5bea95b41f77c233a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50651 – ethtool: eeprom: fix null-deref on genl_info in dump
https://notcve.org/view.php?id=CVE-2022-50651
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genl_info in dump The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on genl_info in dump") is also needed for ethtool eeprom. In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genl_info in dump The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on genl_info in dump") is also needed for ethtool eeprom. • https://git.kernel.org/stable/c/c781ff12a2f37a9795e13bf328e5053d3e69f9e0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50650 – bpf: Fix reference state management for synchronous callbacks
https://notcve.org/view.php?id=CVE-2022-50650
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions (sync and async) as if they will be executed once, (i.e. it explores execution state as if the function was being called once). The next insn to explore is set to start of subprog and the exit from nested frame is handled using curframe > 0 and prepare_func_exit. In case of async callback it uses a customized variant of push_stack s... • https://git.kernel.org/stable/c/69c087ba6225b574afb6e505b72cb75242a3d844 •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50649 – power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
https://notcve.org/view.php?id=CVE-2022-50649
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() ADP5061_CHG_STATUS_1_CHG_STATUS is masked with 0x07, which means a length of 8, but adp5061_chg_type array size is 4, may end up reading 4 elements beyond the end of the adp5061_chg_type[] array. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() ADP5061_CHG_STATUS_1_CHG_STATUS is... • https://git.kernel.org/stable/c/24a0be36e9a21f63de2e6088607e689e59ec15f4 •