CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50560 – drm/meson: explicitly remove aggregate driver at module unload time
https://notcve.org/view.php?id=CVE-2022-50560
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because component_master_del wasn't being called when unloading the meson_drm module, the aggregate device would linger forever in the global aggregate_devices list. That means when unloading and reloading the meson_dw_hdmi module, component_add would call into try_to_bring_up_aggregate_device and find the unbound meson_drm aggregate device. This would in turn dereference s... • https://git.kernel.org/stable/c/8a427a22839daacd36531a62c83d5c9cd6f20657 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40005 – spi: cadence-quadspi: Implement refcount to handle unbind during busy
https://notcve.org/view.php?id=CVE-2025-40005
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser. Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to trac... • https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39998 – scsi: target: target_core_configfs: Add length check to avoid buffer overflow
https://notcve.org/view.php?id=CVE-2025-39998
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in /drivers/target/target_core_configfs.c. This buffer is allocated with size LU_GROUP_NAME_BUF (256 bytes). snprintf(...) formats multiple strings into buf with the HBA name (hba->hba_group.cg_item), a slash character, a devicename (dev... • https://git.kernel.org/stable/c/ddc79fba132b807ff775467acceaf48b456e008b •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39990 – bpf: Check the helper function is valid in get_helper_proto
https://notcve.org/view.php?id=CVE-2025-39990
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier bug [1] where the helper func pointer could be NULL due to disabled config option. As Alexei suggested we could check on that in get_helper_proto directly. Marking tail_call helper func with BPF_PTR_POISON, because it is unused by design. [1] https://lore.kernel.org/oe-lkp/202507160818.68358831-lkp@intel.com In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/3d429cb1278e995e22995ef117fa96d223a67e93 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39958 – iommu/s390: Make attach succeed when the device was surprise removed
https://notcve.org/view.php?id=CVE-2025-39958
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This is because the... • https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39957 – wifi: mac80211: increase scan_ies_len for S1G
https://notcve.org/view.php?id=CVE-2025-39957
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() and subsequent WARN in __ieee80211_start_scan(). This prevents hw scanning from functioning. To fix ensure we accommodate for the S1G capability length. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211... • https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53684 – xfrm: Zero padding when dumping algos and encap
https://notcve.org/view.php?id=CVE-2023-53684
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed. In the Linux kernel, the following vulnerability has been resolved: xfrm: Ze... • https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53683 – fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
https://notcve.org/view.php?id=CVE-2023-53683
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic. In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,... • https://git.kernel.org/stable/c/61af77acd039ffd221bf7adf0dc95d0a4d377505 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53682 – hwmon: (xgene) Fix ioremap and memremap leak
https://notcve.org/view.php?id=CVE-2023-53682
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (xgene) Fix ioremap and memremap leak Smatch reports: drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn: 'ctx->pcc_comm_addr' from ioremap() not released on line: 757. This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(), ioremap and memremap is not released, which may cause a leak. To fix this, ioremap and memremap is modified to devm_ioremap and devm_memremap. [groeck: Fixed formatting and subject] In the L... • https://git.kernel.org/stable/c/9d482a09acd3d5f61a56aefc125d32c81994707b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53679 – wifi: mt7601u: fix an integer underflow
https://notcve.org/view.php?id=CVE-2023-53679
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p... • https://git.kernel.org/stable/c/67e4519afba215199b6dfa39ce5d7ea673ee4138 •