CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53271 – ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
https://notcve.org/view.php?id=CVE-2023-53271
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 (size 128): comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ backtrace: [
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53270 – ext4: fix i_disksize exceeding i_size problem in paritally written case
https://notcve.org/view.php?id=CVE-2023-53270
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggering a warning. generic_perform_write copied = iov_iter_copy_from_user_atomic(len) // copied < len ext4_da_write_end | ext4_update_i_disksize | new_i_size = pos + copied; | WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize | generic_write_end | copied = block_write_end(copied, len) // copied = 0 | ... • https://git.kernel.org/stable/c/64769240bd07f446f83660bb143bb609d8ab4910 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53265 – ubi: ensure that VID header offset + VID header size <= alloc, size
https://notcve.org/view.php?id=CVE-2023-53265
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that the VID header offset + VID header size does not exceed the allocated area to avoid slab OOB. BUG: KASAN: slab-out-of-bounds in crc32_body lib/crc32.c:111 [inline] BUG: KASAN: slab-out-of-bounds in crc32_le_generic lib/crc32.c:179 [inline] BUG: KASAN: slab-out-of-bounds in crc32_le_base+0x58c/0x626 lib/crc32.c:197 Read of size 4 at addr ffff88802bb36f00 by task ... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-50335 – 9p: set req refcount to zero to avoid uninitialized usage
https://notcve.org/view.php?id=CVE-2022-50335
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added to idr. If the p9_read_work got a response before the refcount initiated. It will use a uninitialized req, which will result in a bad request data struct. Here is the logs from syzbot. Corrupted memory at 0xffff888... • https://git.kernel.org/stable/c/728356dedeff8ef999cb436c71333ef4ac51a81c •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-50334 – hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
https://notcve.org/view.php?id=CVE-2022-50334
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380 [...] Call Trace:
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2022-50333 – fs: jfs: fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2022-50333
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap de... • https://git.kernel.org/stable/c/f8d4d0bac603616e2fa4a3907e81ed13f8f3c380 •
CVSS: 9.4EPSS: %CPEs: 8EXPL: 0CVE-2022-50330 – crypto: cavium - prevent integer overflow loading firmware
https://notcve.org/view.php?id=CVE-2022-50330
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can hav... • https://git.kernel.org/stable/c/9e2c7d99941d000a36f68a3594cec27a1bbea274 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-50328 – jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
https://notcve.org/view.php?id=CVE-2022-50328
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-... • https://git.kernel.org/stable/c/1d4d16daec2a6689b6d3fbfc7d2078643adc6619 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-50327 – ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
https://notcve.org/view.php?id=CVE-2022-50327
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ] In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could ... • https://git.kernel.org/stable/c/8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-50324 – mtd: maps: pxa2xx-flash: fix memory leak in probe
https://notcve.org/view.php?id=CVE-2022-50324
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. [<miquel.raynal@bootlin.com>: Reword the commit log] • https://git.kernel.org/stable/c/e644f7d6289456657996df4192de76c5d0a9f9c7 •