CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2023-53270 – ext4: fix i_disksize exceeding i_size problem in paritally written case
https://notcve.org/view.php?id=CVE-2023-53270
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggering a warning. generic_perform_write copied = iov_iter_copy_from_user_atomic(len) // copied < len ext4_da_write_end | ext4_update_i_disksize | new_i_size = pos + copied; | WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize | generic_write_end | copied = block_write_end(copied, len) // copied = 0 | ... • https://git.kernel.org/stable/c/64769240bd07f446f83660bb143bb609d8ab4910 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53269 – block: ublk: make sure that block size is set correctly
https://notcve.org/view.php?id=CVE-2023-53269
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for block layer, and bad block size could panic kernel easily. Make sure that block size is set correctly. Meantime if ublk_validate_params() fails, clear ub->params so that disk is prevented from being added. • https://git.kernel.org/stable/c/71f28f3136aff5890cd56de78abc673f8393cad9 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2023-53268 – ASoC: fsl_mqs: move of_node_put() to the correct location
https://notcve.org/view.php?id=CVE-2023-53268
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put() to the correct location of_node_put() should have been done directly after mqs_priv->regmap = syscon_node_to_regmap(gpr_np); otherwise it creates a reference leak on the success path. To fix this, of_node_put() is moved to the correct location, and change all the gotos to direct returns. • https://git.kernel.org/stable/c/a9d273671440c439c4f236123c59dd839c1a0eb7 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53267 – driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()
https://notcve.org/view.php?id=CVE-2023-53267
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() The kfree() should be called when memory fails to be allocated for cb_data in xlnx_add_cb_for_notify_event(), otherwise there will be a memory leak, so add kfree() to fix it. • https://git.kernel.org/stable/c/05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2023-53266 – arm64: acpi: Fix possible memory leak of ffh_ctxt
https://notcve.org/view.php?id=CVE-2023-53266
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version and conduit checks fail and -EOPNOTSUPP is returned without freeing the allocated memory. Fix the same by moving the allocation after the SMCCC version and conduit checks. • https://git.kernel.org/stable/c/1d280ce099db396e092cac1aa9bf2ea8beee6d76 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-53265 – ubi: ensure that VID header offset + VID header size <= alloc, size
https://notcve.org/view.php?id=CVE-2023-53265
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that the VID header offset + VID header size does not exceed the allocated area to avoid slab OOB. BUG: KASAN: slab-out-of-bounds in crc32_body lib/crc32.c:111 [inline] BUG: KASAN: slab-out-of-bounds in crc32_le_generic lib/crc32.c:179 [inline] BUG: KASAN: slab-out-of-bounds in crc32_le_base+0x58c/0x626 lib/crc32.c:197 Read of size 4 at addr ffff88802bb36f00 by task ... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2023-53264 – clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
https://notcve.org/view.php?id=CVE-2023-53264
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc() will leak, but using devm_kzalloc() instead will automatically free the memory using devm_kfree(). Also, fix error handling of hws by adding unregister_hws label, which unregisters remaining hws when iomap failed. • https://git.kernel.org/stable/c/7154b046d8f3a441474ced1688eb348d42f5f165 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2023-53263 – drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create
https://notcve.org/view.php?id=CVE-2023-53263
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after calling drm_connector_init on it. We need to clean up the drm side first. It might not fix all regressions from commit 2b5d1c29f6c4 ("drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts"), but at least it fixes a memory corruption in error handling related to that commit. • https://git.kernel.org/stable/c/95983aea80038539ebc70e41e73e9bb4eabd1a92 •
CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2022-50338 – binder: fix UAF of alloc->vma in race with munmap()
https://notcve.org/view.php?id=CVE-2022-50338
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() In commit 720c24192404 ("ANDROID: binder: change down_write to down_read") binder assumed the mmap read lock is sufficient to protect alloc->vma inside binder_update_page_range(). This used to be accurate until commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap"), which now downgrades the mmap_lock after detaching the vma from the rbtree in munmap(). Then it proceeds to... • https://git.kernel.org/stable/c/dd2283f2605e3b3e9c61bcae844b34f2afa4813f •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-50337 – ocxl: fix pci device refcount leak when calling get_function_0()
https://notcve.org/view.php?id=CVE-2022-50337
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment says, it returns a pci device with refcount increment, so after using it, pci_dev_put() needs be called. Get the device reference when get_function_0() is not called, so pci_dev_put() can be called in the error path and callers unconditionally. And add comment above get_dvsec_vendor0() to tell callers to call pci... • https://git.kernel.org/stable/c/87db7579ebd5ded337056eb765542eb2608f16e3 •