CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53802 – wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
https://notcve.org/view.php?id=CVE-2023-53802
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. In the Linux kerne... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53800 – ubi: Fix use-after-free when volume resizing failed
https://notcve.org/view.php?id=CVE-2023-53800
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53799 – crypto: api - Use work queue in crypto_destroy_instance
https://notcve.org/view.php?id=CVE-2023-53799
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue. In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance... • https://git.kernel.org/stable/c/6bfd48096ff8ecabf955958b51ddfa7988eb0a14 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53796 – f2fs: fix information leak in f2fs_move_inline_dirents()
https://notcve.org/view.php?id=CVE-2023-53796
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized ... • https://git.kernel.org/stable/c/4ec17d688d74b6b7cb10043c57ff4818cde2b0ca •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2023-53794 – cifs: fix session state check in reconnect to avoid use-after-free issue
https://notcve.org/view.php?id=CVE-2023-53794
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2_reconnect_server(), because it will be released soon. Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list. In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-af... • https://git.kernel.org/stable/c/4fcd1813e6404dd4420c7d12fb483f9320f0bf93 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53788 – ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
https://notcve.org/view.php?id=CVE-2023-53788
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/h... • https://git.kernel.org/stable/c/44f0c9782cc6ab71ea947f8f710a46f2078a151c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53786 – dm flakey: fix a crash with invalid table line
https://notcve.org/view.php?id=CVE-2023-53786
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" Fix the crash by checking if arg_name is non-NULL before comparing it. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/a3998799fb4df0b0af8271a7d50c4269032397aa •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2023-53782 – dccp: Fix out of bounds access in DCCP error handler
https://notcve.org/view.php?id=CVE-2023-53782
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required. In the Linux kernel, the following vulnerability has been resolved: dc... • https://git.kernel.org/stable/c/6706a97fec963d6cb3f7fc2978ec1427b4651214 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53781 – smc: Fix use-after-free in tcp_write_timer_handler().
https://notcve.org/view.php?id=CVE-2023-53781
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel socket in __smc_create(), the kernel socket is supposed to be freed in smc_clcsock_release() by calling sock_release() when we close() the parent SMC socket. However, at the end of smc_clcsock_release(), the kernel socket's sk_state migh... • https://git.kernel.org/stable/c/ac7138746e14137a451f8539614cdd349153e0c0 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50656 – nfc: pn533: Clear nfc_target before being used
https://notcve.org/view.php?id=CVE-2022-50656
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call ... • https://git.kernel.org/stable/c/361f3cb7f9cfdb82c80926d0e7843c098c034545 •