CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50753 – f2fs: fix to do sanity check on summary info
https://notcve.org/view.php?id=CVE-2022-50753
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216456 BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs] Read of size 4 at addr ffff8881464dcd80 by task mount/1013 CPU: 3 PID: 1013 Comm: mount Tainted: G W 6.0.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x5e print_report.cold+0... • https://git.kernel.org/stable/c/c99860f9a75079f339ed7670425b1ac58f26e2ff •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50749 – acct: fix potential integer overflow in encode_comp_t()
https://notcve.org/view.php?id=CVE-2022-50749
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encode_comp_t() The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. In the Linux... • https://git.kernel.org/stable/c/e93f995a591c352d35d89c518c54f790e1537754 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50744 – scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs
https://notcve.org/view.php?id=CVE-2022-50744
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rx_monitor, a hard lockup similar to the call trace below may occur. The spin_lock_bh in lpfc_rx_monitor_report is not protecting from timer interrupts as expected, so change the strength of the spin lock to _irq. Kernel panic - not syncing: Hard LOCKUP CPU: 3 PID: 110402 Comm: cat Kdump: loaded exception RIP: n... • https://git.kernel.org/stable/c/2cf66428a2545bb33beb9624124a2377468bb478 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50741 – media: imx-jpeg: Disable useless interrupt to avoid kernel panic
https://notcve.org/view.php?id=CVE-2022-50741
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUF_HALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt STMBUF_HALF and STMBUF_RTND have no other effect. So disable them and the unused interrupts. meanwhile clear the interrupt status when disable interrupt. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/ad31bc146f0e4521805695f4f99d8a3c3b2761f6 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50739 – fs/ntfs3: Add null pointer check for inode operations
https://notcve.org/view.php?id=CVE-2022-50739
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the i_op pointer of the inode which is returned after reading Root directory MFT record. We should check the i_op is valid before trying to create the root dentry, otherwise we may encounter a NPD while mounting a image with a funny Root directory MFT record. [ 114.484325] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 114.484811] #PF: supe... • https://git.kernel.org/stable/c/f62506f5e45afbb01c84c3f28a2878b320a0b0f7 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50737 – fs/ntfs3: Validate index root when initialize NTFS security
https://notcve.org/view.php?id=CVE-2022-50737
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. [ 162.459513] BUG: KASAN: use-after-free in hdr_find_e.isra.0+0x10c/0x320 [ 162.460176] Read of size 2 at addr ffff8880037bca99 by task mount/243 [ 162.460851] [ 162.461252] CPU: 0 PID: 243 Comm: mount Not tainted 6.0.0-rc7 #42 [ 162.461744] Hardware name: QEMU ... • https://git.kernel.org/stable/c/d7ce7bb6881aae186e50f57eea935cff8d504751 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54072 – ALSA: pcm: Fix potential data race at PCM memory allocation helpers
https://notcve.org/view.php?id=CVE-2023-54072
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size. Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not pos... • https://git.kernel.org/stable/c/7e1d1456c8db9949459c5a24e8845cfe92430b0f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54066 – media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
https://notcve.org/view.php?id=CVE-2023-54066
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach gl861_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb:... • https://git.kernel.org/stable/c/578b67614ae0e4fba3945b66a4c8f9ae77115bcb •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54062 – ext4: fix invalid free tracking in ext4_xattr_move_to_block()
https://notcve.org/view.php?id=CVE-2023-54062
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was... • https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54059 – soc: mediatek: mtk-svs: Enable the IRQ later
https://notcve.org/view.php?id=CVE-2023-54059
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset (like when is booted via kexec()), the peripheral might triger an IRQ before the data structures are initialised. [ 0.227710] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000f08 [ 0.227913] Call trace: [ 0.227918] svs_isr+0x8c/0x538 In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: En... • https://git.kernel.org/stable/c/6b99ebd30d65ee5ab8e8dd1d378550911eff5e4f •