CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53827 – Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
https://notcve.org/view.php?id=CVE-2023-53827
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth:... • https://git.kernel.org/stable/c/f2d38e77aa5f3effc143e7dd24da8acf02925958 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53822 – wifi: ath11k: Ignore frags from uninitialized peer in dp.
https://notcve.org/view.php?id=CVE-2023-53822
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenario, a fragmented packet is received for self peer, for which rx_tid and rx_frags are not initialized in datapath. While handling this fragment, crash is observed as the rx_frag list is uninitialised and when we walk ... • https://git.kernel.org/stable/c/e78526a06b53718bfc1dfff37864c7760e41f8ec •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50678 – wifi: brcmfmac: fix invalid address access when enabling SCAN log level
https://notcve.org/view.php?id=CVE-2022-50678
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi->reqs[i]->reqid. We replace reqs index with ri to fix the issue. [ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000 [ 136.737365] Mem abort info: [ 136.740172] ESR = 0x96000004 [ 1... • https://git.kernel.org/stable/c/7ccb0529446ae68a8581916bfc95c353306d76ba •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50673 – ext4: fix use-after-free in ext4_orphan_cleanup
https://notcve.org/view.php?id=CVE-2022-50673
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read of size 8 at addr ffff88814b13f378 by task mount/710 CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50664 – media: dvb-frontends: fix leak of memory fw
https://notcve.org/view.php?id=CVE-2022-50664
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw • https://git.kernel.org/stable/c/afccb6ac63fc4328bc61ba086a3cad30054d87c1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53817 – crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
https://notcve.org/view.php?id=CVE-2023-53817
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() In the Linux ... • https://git.kernel.org/stable/c/fde791e8a96a64ea7b0ad2440e43586447a209c6 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53816 – drm/amdkfd: fix potential kgd_mem UAFs
https://notcve.org/view.php?id=CVE-2023-53816
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex is held. As soon as the mutex is unlocked, another thread can free the BO. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex... • https://git.kernel.org/stable/c/5045360f3bb62ccd4f87202e33489f71f8bbc3fc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53806 – drm/amd/display: populate subvp cmd info only for the top pipe
https://notcve.org/view.php?id=CVE-2023-53806
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. [How] When the driver populates subvp info it did it for both the pipes using vblank which caused an outof bounds array access causing the page fault. added checks to allow the top pipe only to fix this issue. In the Linux kernel, the following ... • https://git.kernel.org/stable/c/92e6c79acad4b96efeff261d27bdbd8089a7dd24 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53804 – nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
https://notcve.org/view.php?id=CVE-2023-53804
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue b... • https://git.kernel.org/stable/c/f31e18131ee2ce80a4da5c808221d25b1ae9ad6d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53803 – scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
https://notcve.org/view.php?id=CVE-2023-53803
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. In the Linux kernel, the fol... • https://git.kernel.org/stable/c/da1a955c48a16e16e925d6544793914e52a6fa51 •