CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50470 – xhci: Remove device endpoints from bandwidth list when freeing the device
https://notcve.org/view.php?id=CVE-2022-50470
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then the endpoints aren't dropped cleanly due to functions returning early to avoid interacting with a non-accessible host controller. So check and delete endpoints that are still on the bandwidth list when freeing the vi... • https://git.kernel.org/stable/c/2e27980e6eb78114c4ecbaad1ba71836e3887d18 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39945 – cnic: Fix use-after-free bugs in cnic_delete_task
https://notcve.org/view.php?id=CVE-2025-39945
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already running. Additionally, the delayed work item is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only blocks and waits for work items that were already queued to the workqueue prior to its invocation. Any work... • https://git.kernel.org/stable/c/fdf24086f4752aee5dfb40143c736250df017820 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39940 – dm-stripe: fix a possible integer overflow
https://notcve.org/view.php?id=CVE-2025-39940
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits->io_min and limits->io_opt; In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow ha... • https://git.kernel.org/stable/c/40bea431274c247425e7f5970d796ff7b37a2b22 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39931 – crypto: af_alg - Set merge to zero early in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39931
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set mer... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53521 – scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
https://notcve.org/view.php?id=CVE-2023-53521
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev->components is zero, accessing edev->component[0] members is wrong. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_... • https://git.kernel.org/stable/c/9927c68864e9c39cc317b4f559309ba29e642168 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53519 – media: v4l2-mem2mem: add lock to protect parameter num_rdy
https://notcve.org/view.php?id=CVE-2023-53519
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready. kworker/u16:3: [name:report&]BUG: KCSAN: data-race in v4l2_m2m_buf_queue kworker/u16:3: [name:report&] kworker/u16:3: [name:report&]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 o... • https://git.kernel.org/stable/c/908a0d7c588ef87e5cf0a26805e6002a78ac9d13 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53510 – scsi: ufs: core: Fix handling of lrbp->cmd
https://notcve.org/view.php?id=CVE-2023-53510
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths. - In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd. See also scsi_send_eh_cmnd(). This commit prevents that the following appears if a command time... • https://git.kernel.org/stable/c/5a0b0cb9bee767ef10ff9ce2fb4141af06416288 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53506 – udf: Do not bother merging very long extents
https://notcve.org/view.php?id=CVE-2023-53506
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in the file as syzbot reproducer shows. So just don't bother with the merging of extents that are too long together. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53503 – ext4: allow ext4_get_group_info() to fail
https://notcve.org/view.php?id=CVE-2023-53503
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info() to fail Previously, ext4_get_group_info() would treat an invalid group number as BUG(), since in theory it should never happen. However, if a malicious attaker (or fuzzer) modifies the superblock via the block device while it is the file system is mounted, it is possible for s_first_data_block to get set to a very large number. In that case, when calculating the block group of some block number (such as the... • https://git.kernel.org/stable/c/2f2e09eb15849562aede80ed007658e4504ded26 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53491 – start_kernel: Add __no_stack_protector function attribute
https://notcve.org/view.php?id=CVE-2023-53491
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_protector function attribute Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") we discussed the need for a function attribute to control the omission of stack protectors on a per-function basis; at the time Clang had support for no_stack_protector but GCC did not. This was fixed in gcc-11. Now that the function attribute is available, let's start using it. Calle... • https://git.kernel.org/stable/c/420594296838fdc9a674470d710cda7d1487f9f4 •