CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50876 – usb: musb: Fix musb_gadget.c rxstate overflow bug
https://notcve.org/view.php?id=CVE-2022-50876
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt); The SUSE... • https://git.kernel.org/stable/c/03840fad004ce8a56bc8b3bb60a2df10f6f9481e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50875 – of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
https://notcve.org/view.php?id=CVE-2022-50875
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/2fe0e8769df9fed5098daea7db933bc414c329d7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50874 – RDMA/erdma: Fix refcount leak in erdma_mmap
https://notcve.org/view.php?id=CVE-2022-50874
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Fix refcount leak in erdma_mmap rdma_user_mmap_entry_get() take reference, we should release it when not need anymore, add the missing rdma_user_mmap_entry_put() in the error path to fix it. • https://git.kernel.org/stable/c/155055771704f8cbb5c176a4309b7dc30a50450c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54279 – MIPS: fw: Allow firmware to pass a empty env
https://notcve.org/view.php?id=CVE-2023-54279
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference. • https://git.kernel.org/stable/c/14aecdd419217e041fb5dd2749d11f58503bdf62 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54278 – s390/vmem: split pages when debug pagealloc is enabled
https://notcve.org/view.php?id=CVE-2023-54278
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec560024... • https://git.kernel.org/stable/c/bb1520d581a3a46e2d6e12bb74604ace33404de5 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54277 – fbdev: udlfb: Fix endpoint check
https://notcve.org/view.php?id=CVE-2023-54277
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU... • https://git.kernel.org/stable/c/f6db63819db632158647d5bbf4d7d2d90dc1a268 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54276 – nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
https://notcve.org/view.php?id=CVE-2023-54276
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd startup, but didn't account for the stats counters, which can be accessed before nfsd is ever started. The result can be a NULL pointer dereference when someone accesses /proc/fs/nfsd/reply_cache_stats while nfsd is still shut down. Th... • https://git.kernel.org/stable/c/f5f9d4a314da88c0a5faa6d168bf69081b7a25ae •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54275 – wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
https://notcve.org/view.php?id=CVE-2023-54275
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/243874c64c8137bc90455200a7735da72836ecab •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54274 – RDMA/srpt: Add a check for valid 'mad_agent' pointer
https://notcve.org/view.php?id=CVE-2023-54274
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent'... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54273 – xfrm: Fix leak of dev tracker
https://notcve.org/view.php?id=CVE-2023-54273
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call. • https://git.kernel.org/stable/c/919e43fad5163a8ceb39826ecdee897a9f799351 •