CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68774 – hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
https://notcve.org/view.php?id=CVE-2025-68774
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create When sync() and link() are called concurrently, both threads may enter hfs_bnode_find() without finding the node in the hash table and proceed to create it. Thread A: hfsplus_write_inode() -> hfsplus_write_system_inode() -> hfs_btree_write() -> hfs_bnode_find(tree, 0) -> __hfs_bnode_create(tree, 0) Thread B: hfsplus_create_cat() -> hfs_brec_insert() -> hfs_bnode_split() -> hfs_bmap_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68771 – ocfs2: fix kernel BUG in ocfs2_find_victim_chain
https://notcve.org/view.php?id=CVE-2025-68771
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition in ocfs2_find_victim_chain() and panicking the kernel. To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(), just before calling ocfs2_find_victim_chain(),... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68767 – hfsplus: Verify inode mode when loading from disk
https://notcve.org/view.php?id=CVE-2025-68767
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is no... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54324 – dm: fix a race condition in retrieve_deps
https://notcve.org/view.php?id=CVE-2023-54324
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access. See this description of a UAF with multipath_mes... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50884 – drm: Prevent drm_copy_field() to attempt copying a NULL pointer
https://notcve.org/view.php?id=CVE-2022-50884
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess rou... • https://git.kernel.org/stable/c/22eae947bf76e236ba972f2f11cfd1b083b736ad •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54310 – scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
https://notcve.org/view.php?id=CVE-2023-54310
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition mptlan_probe() calls mpt_register_lan_device() which initializes the &priv->post_buckets_task workqueue. A call to mpt_lan_wake_post_buckets_task() will subsequently start the work. During driver unload in mptlan_remove() the following race may occur: CPU0 CPU1 |mpt_lan_post_receive_buckets_work() mptlan_remove() | free_netdev() | kfree(dev); | | | dev->m... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54264 – fs/sysv: Null check to prevent null-ptr-deref bug
https://notcve.org/view.php?id=CVE-2023-54264
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/e5657933863f43cc6bb76a54d659303dafaa9e58 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50870 – powerpc/rtas: avoid device tree lookups in rtas_os_term()
https://notcve.org/view.php?id=CVE-2022-50870
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static vari... • https://git.kernel.org/stable/c/088186ded490ced80758200cf8f906ed741df306 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50868 – hwrng: amd - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50868
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the n... • https://git.kernel.org/stable/c/96d63c0297ccfd6d9059c614b3f5555d9441a2b3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54232 – m68k: Only force 030 bus error if PC not in exception table
https://notcve.org/view.php?id=CVE-2023-54232
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table __get_kernel_nofault() does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrq_trigger. This is expected cause a bus error exception on e.g. NULL pointer dereferencing when logging a kernel task has no workqueue associated. This bus error ought to be ignored. Our 030 bus error handler is ill equipped to deal with this: Whenever ssw indicates a kernel... • https://git.kernel.org/stable/c/f2325ecebc5b7988fd49968bd3a660fd1594dc84 •