CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53247 – btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
https://notcve.org/view.php?id=CVE-2023-53247
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand While trying to get the subpage blocksize tests running, I hit the following panic on generic/476 assertion failed: PagePrivate(page) && page->private, in fs/btrfs/subpage.c:229 kernel BUG at fs/btrfs/subpage.c:229! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS e... • https://git.kernel.org/stable/c/0a5e0bc8e8618e32a6ca64450867628eb0a627bf •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53246 – cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
https://notcve.org/view.php?id=CVE-2023-53246
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to S_AUTOMOUNT and corresponding dentry flags is retained regardless of CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in VFS follow_automount() when traversing a DFS referral link: BUG: kernel NULL pointer dereference, addres... • https://git.kernel.org/stable/c/8cd7dbc9c46d51e00a0a8372e07cc1cbb8d24a77 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53244 – media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
https://notcve.org/view.php?id=CVE-2023-53244
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe t... • https://git.kernel.org/stable/c/dcf632bca424e6ff8c8eb89c96694e7f05cd29b6 •
CVSS: 7.2EPSS: %CPEs: 8EXPL: 0CVE-2022-50315 – ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
https://notcve.org/view.php?id=CVE-2022-50315
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS UBSAN complains about array-index-out-of-bounds: [ 1.980703] kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 [ 1.980709] kernel: index 15 is out of range for type 'ahci_em_priv [8]' [ 1.980713] kernel: CPU: 0 PID: 209 Comm: scsi_eh_8 Not tainted 5.15.0-25-generic #25-Ubuntu [ 1.980716] kernel: Hardware name: System manufacturer Sy... • https://git.kernel.org/stable/c/f70bd4339cb68bc7e206af4c922bc0d249244403 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-50314 – nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
https://notcve.org/view.php?id=CVE-2022-50314
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbd_start_device_ioctl() syzbot reported hung task [1]. The following program is a simplified version of the reproducer: int main(void) { int sv[2], fd; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0) return 1; if ((fd = open("/dev/nbd0", 0)) < 0) return 1; if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0) return 1; if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0) return 1; if (ioctl(fd, NBD_DO_IT) < 0) return 1; re... • https://git.kernel.org/stable/c/3ba3846cb3e2fb3c6fbf79e998472821b298419e •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-50306 – ext4: fix potential out of bound read in ext4_fc_replay_scan()
https://notcve.org/view.php?id=CVE-2022-50306
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4_fc_replay_scan() For scan loop must ensure that at least EXT4_FC_TAG_BASE_LEN space. If remain space less than EXT4_FC_TAG_BASE_LEN which will lead to out of bound read when mounting corrupt file system image. ADD_RANGE/HEAD/TAIL is needed to add extra check when do journal scan, as this three tags will read data during scan, tag length couldn't less than data length which will read. In the Linu... • https://git.kernel.org/stable/c/6969367c1500c15eddc38fda12f6d15518ad6d03 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-50297 – wifi: ath9k: verify the expected usb_endpoints are present
https://notcve.org/view.php?id=CVE-2022-50297
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usb_endpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. (In this case there was an interrupt endpoint where the driver expected a bulk endpoint.) The kernel needs to be able to handle such devices without getting an internal error. usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0... • https://git.kernel.org/stable/c/932f0a5e829fb0b823f96d7fa9a0f4fc96660b77 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-50296 – UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50296
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f... • https://git.kernel.org/stable/c/8f96aa67c2ccbd7e41b8dc992b8d13cfe206d571 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-50293 – btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
https://notcve.org/view.php?id=CVE-2022-50293
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of... • https://git.kernel.org/stable/c/50f993da945074b2a069da099a0331b23a0c89a0 •
CVSS: 6.6EPSS: %CPEs: 4EXPL: 0CVE-2023-53230 – smb: client: fix warning in cifs_smb3_do_mount()
https://notcve.org/view.php?id=CVE-2023-53230
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifs_smb3_do_mount() This fixes the following warning reported by kernel test robot fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible memory leak of 'cifs_sb' • https://git.kernel.org/stable/c/9850867042674361f455ea8901375cff5b800be5 •