CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53330 – caif: fix memory leak in cfctrl_linkup_request()
https://notcve.org/view.php?id=CVE-2023-53330
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrl_linkup_request() When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/b482cd2053e3b90a7b33a78c63cdb6badf2ec383 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53322 – scsi: qla2xxx: Wait for io return on terminate rport
https://notcve.org/view.php?id=CVE-2023-53322
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Current code allows terminate_rport_io to exit before making sure all IOs has returned. For FCP-2 device, IO's can hang on in HW because driver has not tear down the session in FW at first sign of cable pull. When dev_loss_tmo timer pops, terminate_rport_io is called and upper layer is about to free various resources. Terminate_rport_io trigger qla to d... • https://git.kernel.org/stable/c/715848ca6fffeb6362a50887d9c26245bd5dfba9 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53318 – recordmcount: Fix memory leaks in the uwrite function
https://notcve.org/view.php?id=CVE-2023-53318
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'file_append' nulled but not freed upon failure • https://git.kernel.org/stable/c/a50bd43935586420fb75f4558369eb08566fac5e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53317 – ext4: fix WARNING in mb_find_extent
https://notcve.org/view.php?id=CVE-2023-53317
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in mb_find_extent Syzbot found the following issue: EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! EXT4-fs (loop0): orphan cleanup on readonly fs ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30 Modules linked in: CPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkall... • https://git.kernel.org/stable/c/abcb2947c91130426539f209f7a473a67a1f6663 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53314 – fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
https://notcve.org/view.php?id=CVE-2023-53314
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value. Fixes a bug where the driver incorrectly decreases the hardware device's reference counter and leaks the fbdev device. v2: * add Fixes tag (Dan) This update provides the initial livepatch for this kernel update. This upd... • https://git.kernel.org/stable/c/88017bda96a5fd568a982b01546c8fb1782dda62 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53313 – md/raid10: fix wrong setting of max_corr_read_errors
https://notcve.org/view.php?id=CVE-2023-53313
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix wrong setting of max_corr_read_errors There is no input check when echo md/max_read_errors and overflow might occur. Add check of input number. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/1e50915fe0bbf7a46db0fa7e1e604d3fc95f057d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50349 – misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
https://notcve.org/view.php?id=CVE-2022-50349
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized. This update provides the initial livepatch for this kernel update. This update... • https://git.kernel.org/stable/c/2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50346 – ext4: init quota for 'old.inode' in 'ext4_rename'
https://notcve.org/view.php?id=CVE-2022-50346
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128 __ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128 ext4... • https://git.kernel.org/stable/c/6dd4ee7cab7e3a17c571aebd444f4344c8c4946e • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50344 – ext4: fix null-ptr-deref in ext4_write_info
https://notcve.org/view.php?id=CVE-2022-50344
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_files... • https://git.kernel.org/stable/c/a1177825719ccef3f76ef39bbfd5ebb6087d53c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50343 – rapidio: fix possible name leaks when rio_add_device() fails
https://notcve.org/view.php?id=CVE-2022-50343
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up t... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e • CWE-401: Missing Release of Memory after Effective Lifetime •