CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53223 – drm/msm/dsi: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2023-53223
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference. Patchwork: https://patchwork.freedesktop.org/patch/517646/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return ... • https://git.kernel.org/stable/c/3e18f157faeeb59034404569e8e07cbe1c0030a7 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53222 – jfs: jfs_dmap: Validate db_l2nbperpage while mounting
https://notcve.org/view.php?id=CVE-2023-53222
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181.... • https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53220 – media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-53220
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref... • https://git.kernel.org/stable/c/c6763fefa267f6e62595a6ac1f57815d99fc90b7 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53215 – sched/fair: Don't balance task to its current running CPU
https://notcve.org/view.php?id=CVE-2023-53215
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in set_task_cpu() like below: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240 Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip> CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.... • https://git.kernel.org/stable/c/32d937f94b7805d4c9028b8727a7d6241547da54 •
CVSS: 7.7EPSS: %CPEs: 9EXPL: 0CVE-2023-53213 – wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
https://notcve.org/view.php?id=CVE-2023-53213
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ==============... • https://git.kernel.org/stable/c/ac5305e5d227b9af3aae25fa83380d3ff0225b73 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2023-53209 – wifi: mac80211_hwsim: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2023-53209
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it. • https://git.kernel.org/stable/c/d0124848c7940aba73492e282506b32a13f2e30e •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2023-53202 – PM: domains: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53202
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: PM: domains: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the resu... • https://git.kernel.org/stable/c/dddc132eb0dca3969f9146ef8feac0aa542aa305 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-50286 – ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
https://notcve.org/view.php?id=CVE-2022-50286
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cluster counts, kernel memory leaks, and potential kernel panics. With bigalloc, the code that determines whether a block must be delayed allocated searches ... • https://git.kernel.org/stable/c/6f4200ec76a0d31200c308ec5a71c68df5417004 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-50274 – media: dvbdev: adopts refcnt to avoid UAF
https://notcve.org/view.php?id=CVE-2022-50274
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object. In the Linux kernel, the following vulnerability has been resolv... • https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-50273 – f2fs: fix to do sanity check on destination blkaddr during recovery
https://notcve.org/view.php?id=CVE-2022-50273
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1 F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0 F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1 F2FS-fs (loop5): recover_data: ino = 6 (i_size... • https://git.kernel.org/stable/c/68b1e607559d3dc85f94b0d738d7c4e8029b0cfa •