CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53824 – netlink: annotate lockless accesses to nlk->max_recvmsg_len
https://notcve.org/view.php?id=CVE-2023-53824
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection. [1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0: netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inlin... • https://git.kernel.org/stable/c/9063e21fb026c4966fc93261c18322214f9835eb •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53822 – wifi: ath11k: Ignore frags from uninitialized peer in dp.
https://notcve.org/view.php?id=CVE-2023-53822
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenario, a fragmented packet is received for self peer, for which rx_tid and rx_frags are not initialized in datapath. While handling this fragment, crash is observed as the rx_frag list is uninitialised and when we walk ... • https://git.kernel.org/stable/c/e78526a06b53718bfc1dfff37864c7760e41f8ec •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53821 – ip6_vti: fix slab-use-after-free in decode_session6
https://notcve.org/view.php?id=CVE-2023-53821
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6_vti device sends IPv6 packets. The stack information is as follows: BUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890 Read of size 1 at addr ffff88802e08edc2 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 No... • https://git.kernel.org/stable/c/f855691975bb06373a98711e4cfe2c224244b536 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50678 – wifi: brcmfmac: fix invalid address access when enabling SCAN log level
https://notcve.org/view.php?id=CVE-2022-50678
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi->reqs[i]->reqid. We replace reqs index with ri to fix the issue. [ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000 [ 136.737365] Mem abort info: [ 136.740172] ESR = 0x96000004 [ 1... • https://git.kernel.org/stable/c/7ccb0529446ae68a8581916bfc95c353306d76ba •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50673 – ext4: fix use-after-free in ext4_orphan_cleanup
https://notcve.org/view.php?id=CVE-2022-50673
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read of size 8 at addr ffff88814b13f378 by task mount/710 CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50670 – mmc: omap_hsmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50670
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path wihch wi... • https://git.kernel.org/stable/c/a45c6cb816474cefe56059fce422a9bdcd77e0dc •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50664 – media: dvb-frontends: fix leak of memory fw
https://notcve.org/view.php?id=CVE-2022-50664
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw • https://git.kernel.org/stable/c/afccb6ac63fc4328bc61ba086a3cad30054d87c1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50660 – wifi: ipw2200: fix memory leak in ipw_wdev_init()
https://notcve.org/view.php?id=CVE-2022-50660
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw_wdev_init() In the error path of ipw_wdev_init(), exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipw_pci_probe(). As a result, memory leakage occurs. So memory release needs to be added to the error path of ipw_wdev_init(). In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fix memory leak in ipw... • https://git.kernel.org/stable/c/a3caa99e6c68f466c13cfea74097f6fb01b45e25 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50659 – hwrng: geode - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50659
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. We add a new struct 'amd_geode_priv' ... • https://git.kernel.org/stable/c/ef5d862734b84239e0140319a95fb0bbff5ef394 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53819 – amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
https://notcve.org/view.php?id=CVE-2023-53819
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_update_range when offset_in_bo+map_size overflows. v2: keep the validations in amdgpu_vm_bo_map v3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map rather than to amdgpu_gem_va_ioctl In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB acce... • https://git.kernel.org/stable/c/9f7eb5367d0001536c361bd1400e14521f854ff1 •