CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50786 – media: s5p-mfc: Clear workbit to handle error condition
https://notcve.org/view.php?id=CVE-2022-50786
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic. This patch fixes this issue by making sure to clear ctx_work_bits always. • https://git.kernel.org/stable/c/818cd91ab8c6e42c2658c8e61f8462637c6f586b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50785 – fsi: occ: Prevent use after free
https://notcve.org/view.php?id=CVE-2022-50785
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use get_device and put_device in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check the buffer before using it in the submit function. • https://git.kernel.org/stable/c/008d3825a805557464c5e75f9eb806a3aa2f5e6d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50784 – wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone
https://notcve.org/view.php?id=CVE-2022-50784
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456 • https://git.kernel.org/stable/c/2da4366f9e2c44afedec4acad65a99a3c7da1a35 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68750 – usb: potential integer overflow in usbg_make_tpg()
https://notcve.org/view.php?id=CVE-2025-68750
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and a... • https://git.kernel.org/stable/c/c52661d60f636d17e26ad834457db333bd1df494 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54160 – firmware: arm_sdei: Fix sleep from invalid context BUG
https://notcve.org/view.php?id=CVE-2023-54160
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0 preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by cpuhp/0/24: #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuh... • https://git.kernel.org/stable/c/f92b5462a2f22d13a75dc663f7b2fac16a3e61cb •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54159 – usb: mtu3: fix kernel panic at qmu transfer done irq handler
https://notcve.org/view.php?id=CVE-2023-54159
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before handling it. e.g. qmu done irq on cpu0 thread running on cpu1 qmu_done_tx() handle gpd [0] ... • https://git.kernel.org/stable/c/48e0d3735aa557a8adaf94632ca3cf78798e8505 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54158 – btrfs: don't free qgroup space unless specified
https://notcve.org/view.php?id=CVE-2023-54158
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect of that change. In the delayed inode code we have an optimization that will free extra reservations if we think we can pack a dir item into an already modified leaf. Previously this wouldn't be triggered in the subvo... • https://git.kernel.org/stable/c/ff6bc37eb7f6e7b052e50c13a480e1080b3ec07a •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54157 – binder: fix UAF of alloc->vma in race with munmap()
https://notcve.org/view.php?id=CVE-2023-54157
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed in mainline after the revert of commit a43cfc87caaf ("android: binder: stop saving a pointer to the VMA") as pointed out by Liam. The commit log and tags have been tweaked to reflect this. ] In commit 720c24192404 ("ANDROID: binder: change down_write ... • https://git.kernel.org/stable/c/dd2283f2605e3b3e9c61bcae844b34f2afa4813f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54156 – sfc: fix crash when reading stats while NIC is resetting
https://notcve.org/view.php?id=CVE-2023-54156
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace: efx_ef10_upda... • https://git.kernel.org/stable/c/d3142c193dca9a2f6878f4128ce1aaf221bb3f99 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54155 – net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
https://notcve.org/view.php?id=CVE-2023-54155
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: ======================================= Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121 ____bpf_xdp_adjust_tail net/core/filter.c:4121 [inline] WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121 bpf_xdp_adjust_tail+0x466/0xa10 net/core/filter.c:4103 ... Call Trace: