CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68741 – scsi: qla2xxx: Fix improper freeing of purex item
https://notcve.org/view.php?id=CVE-2025-68741
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_purex_item() function may return a pre-allocated item from a per-adapter pool for small allocations, instead of dynamically allocating memory with kzalloc(). An error handling path in qla2xxx_process_purls_iocb() incorrectly uses kfree() ... • https://git.kernel.org/stable/c/875386b98857822b77ac7f95bdf367b70af5b78c •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68740 – ima: Handle error code returned by ima_filter_rule_match()
https://notcve.org/view.php?id=CVE-2025-68740
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and sets 'result = true'. The LSM rule is considered a match, causing extra files to be measured by IMA. This issue can be reproduced in the following scenario: After unloading the SELinux policy module via 'semodule -d', if an IMA measurem... • https://git.kernel.org/stable/c/4af4662fa4a9dc62289c580337ae2506339c4729 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68736 – landlock: Fix handling of disconnected directories
https://notcve.org/view.php?id=CVE-2025-68736
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a way that makes them inaccessible from the mount point (i.e. out of scope). Previously, access rights tied to files or directories opened through a disconnected directory were collected by walking the related hierarchy down to ... • https://git.kernel.org/stable/c/cb2c7d1a1776057c9a1f48ed1250d85e94d4850d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68735 – drm/panthor: Prevent potential UAF in group creation
https://notcve.org/view.php?id=CVE-2025-68735
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that ioctl function after storing it in the Xarray. A malicious userspace can second guess the handle of a group and try to call GROUP_DESTROY ioctl from another thread around the same time as GROUP_CREATE ioctl. To prevent the use after fre... • https://git.kernel.org/stable/c/de85488138247d034eb3241840424a54d660926b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68734 – isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
https://notcve.org/view.php?id=CVE-2025-68734
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when setup_instance() fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also change the error paths to use the goto ladder style. Compile tested only. Issue found using a prototype static analysis tool. • https://git.kernel.org/stable/c/69f52adb2d534afc41fcc658f155e01f0b322f9e •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54030 – io_uring/net: don't overflow multishot recv
https://notcve.org/view.php?id=CVE-2023-54030
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task. • https://git.kernel.org/stable/c/b3fdea6ecb55c3ceea866ff66486927e51a982b3 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54022 – ALSA: usb-audio: Fix potential memory leaks at error path for UMP open
https://notcve.org/view.php?id=CVE-2023-54022
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be released. The ... • https://git.kernel.org/stable/c/ff49d1df79aef7580fe3ac99d17c3f886655d080 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54017 – powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
https://notcve.org/view.php?id=CVE-2023-54017
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebus_bus_init() If device_register() returns error in ibmebus_bus_init(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. As comment of device_add() says, it should call put_device() to drop the reference count that was set in device_initialize() when it fails, so the name can be freed in kobject_cleanup(). • https://git.kernel.org/stable/c/e4ff88548defafb1ef84facd9856ec252da7b008 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54016 – wifi: ath12k: Fix memory leak in rx_desc and tx_desc
https://notcve.org/view.php?id=CVE-2023-54016
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak in rx_desc and tx_desc Currently when ath12k_dp_cc_desc_init() is called we allocate memory to rx_descs and tx_descs. In ath12k_dp_cc_cleanup(), during descriptor cleanup rx_descs and tx_descs memory is not freed. This is cause of memory leak. These allocated memory should be freed in ath12k_dp_cc_cleanup. In ath12k_dp_cc_desc_init(), we can save base address of rx_descs and tx_descs. • https://git.kernel.org/stable/c/e16be2d34883eecfe7fd888fcdb76c7a5db5d187 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54013 – interconnect: Fix locking for runpm vs reclaim
https://notcve.org/view.php?id=CVE-2023-54013
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. Introduce a new icc_bw_lock for cases where we need to serialize bw aggregation and update to decouple that from paths that require memory allocation such as node/link creation/ destruction. Fixes this lockdep splat: ===================... • https://git.kernel.org/stable/c/2f3a124696d43de3c837f87a9f767c56ee86cf2a •