CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50661 – seccomp: Move copy_seccomp() to no failure path.
https://notcve.org/view.php?id=CVE-2022-50661
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the report [1]. It shows that we miss freeing struct seccomp_filter and some objects included in it. We can reproduce the issue with the program below [2] which calls one seccomp() and two clone() syscalls. The first clone()d child exits earlier than its parent and sends a signal to kill it during the second clone(), mo... • https://git.kernel.org/stable/c/3a15fb6ed92cb32b0a83f406aa4a96f28c9adbc3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50660 – wifi: ipw2200: fix memory leak in ipw_wdev_init()
https://notcve.org/view.php?id=CVE-2022-50660
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw_wdev_init() In the error path of ipw_wdev_init(), exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipw_pci_probe(). As a result, memory leakage occurs. So memory release needs to be added to the error path of ipw_wdev_init(). In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw... • https://git.kernel.org/stable/c/a3caa99e6c68f466c13cfea74097f6fb01b45e25 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50659 – hwrng: geode - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50659
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' ... • https://git.kernel.org/stable/c/ef5d862734b84239e0140319a95fb0bbff5ef394 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50658 – cpufreq: qcom: fix memory leak in error path
https://notcve.org/view.php?id=CVE-2022-50658
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect, then there is a memory leak in the error path because we never free the speedbin buffer. This commit fixes the error path to always free the speedbin buffer. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix memory leak in error path If for some reason the speedbin length is incorrect, then there is a memory... • https://git.kernel.org/stable/c/a8811ec764f95a04ba82f6f457e28c5e9e36e36b •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-53820 – loop: loop_set_status_from_info() check before assignment
https://notcve.org/view.php?id=CVE-2023-53820
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop... • https://git.kernel.org/stable/c/2035c770bfdbcc82bd52e05871a7c82db9529e0f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53819 – amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
https://notcve.org/view.php?id=CVE-2023-53819
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_update_range when offset_in_bo+map_size overflows. v2: keep the validations in amdgpu_vm_bo_map v3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map rather than to amdgpu_gem_va_ioctl In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB acce... • https://git.kernel.org/stable/c/9f7eb5367d0001536c361bd1400e14521f854ff1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53818 – ARM: zynq: Fix refcount leak in zynq_early_slcr_init
https://notcve.org/view.php?id=CVE-2023-53818
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynq_early_slcr_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on error path. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynq_early_slcr_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put... • https://git.kernel.org/stable/c/3329659df0300d1d0aa22f5e7063f83a88ef92aa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53817 – crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
https://notcve.org/view.php?id=CVE-2023-53817
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() In the Linux ... • https://git.kernel.org/stable/c/fde791e8a96a64ea7b0ad2440e43586447a209c6 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53816 – drm/amdkfd: fix potential kgd_mem UAFs
https://notcve.org/view.php?id=CVE-2023-53816
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex is held. As soon as the mutex is unlocked, another thread can free the BO. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while p->mutex... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53815 – posix-timers: Prevent RT livelock in itimer_delete()
https://notcve.org/view.php?id=CVE-2023-53815
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimer_delete() itimer_delete() has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers which have HAVE_POSIX_CPU_TIMERS_TASK_WORK enabled. In that case and on RT kernels the existing task could live lock when preempting the task which does the timer delivery. Replace spin_unlock() with an invocati... • https://git.kernel.org/stable/c/ec8f954a40da8cd3d159713b608e901f0cd909a9 •