CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53988 – fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
https://notcve.org/view.php?id=CVE-2023-53988
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631 Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53987 – ping: Fix potentail NULL deref for /proc/net/icmp.
https://notcve.org/view.php?id=CVE-2023-53987
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to avoid a potential NULL deref mentioned in the previous patch. Let's go back to using spinlock there. Note we can convert ping sockets to use hlist instead of hlist_nulls because we do not use SLAB_TYPESAFE_BY_RCU for ping sockets. • https://git.kernel.org/stable/c/dbca1596bbb08318f5e3b3b99f8ca0a0d3830a65 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53986 – mips: bmips: BCM6358: disable RAC flush for TP1
https://notcve.org/view.php?id=CVE-2023-53986
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: [ 3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform [ 3.895011] Reserved instruction in kernel code[#1]: [ 3.900113] CPU: 0 PID: 1 Comm: init Not tainted 5.10.16 #0 [ 3.905829] $ 0 : 00000000 10008700 00000000 77d94060 [ 3.911238] $ 4 : 7fd1f088 00000000 81431cac 81431ca0 [ 3.916641] $ 8 : 0... • https://git.kernel.org/stable/c/d59098a0e9cb3c7767090e935c909b37a30629ab •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53867 – ceph: fix potential use-after-free bug when trimming caps
https://notcve.org/view.php?id=CVE-2023-53867
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash. We need to check the existence of the cap just after the 'ci->i_ceph_lock' being acquired. And do nothing if it's already removed. • https://git.kernel.org/stable/c/2f2dc053404febedc9c273452d9d518fb31fde72 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50701 – wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
https://notcve.org/view.php?id=CVE-2022-50701
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level operation, increase skb size to keep valid memory access in SDIO host. Error message: [69.951] BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0xe9/0x1a0 [69.951] Read of size 64 at addr ffff88811c9cf000 by task kworker/u... • https://git.kernel.org/stable/c/764dee47e2c1ed828c8a51cbf58f89b5e3ded11b •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68733 – smack: fix bug: unprivileged task can create labels
https://notcve.org/view.php?id=CVE-2025-68733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc/PID/attr/smack/current This occurs because do_setattr() imports the provided label in advance, before checking "relabel-self" list. This change ensures that the "relabel-self" list is checked before importing the label. In the Linux ... • https://git.kernel.org/stable/c/38416e53936ecf896948fdeffc36b76979117952 •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68732 – gpu: host1x: Fix race in syncpt alloc/free
https://notcve.org/view.php?id=CVE-2025-68732
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release. Remove explicit mutex ... • https://git.kernel.org/stable/c/f5ba33fb9690566c382624637125827b5512e766 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68728 – ntfs3: fix uninit memory after failed mi_read in mi_format_new
https://notcve.org/view.php?id=CVE-2025-68728
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN. Avoid this by setting the buffer... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68727 – ntfs3: Fix uninit buffer allocated by __getname()
https://notcve.org/view.php?id=CVE-2025-68727
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. ... • https://git.kernel.org/stable/c/78ab59fee07f22464f32eafebab2bd97ba94ff2d •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68725 – bpf: Do not let BPF test infra emit invalid GSO types to stack
https://notcve.org/view.php?id=CVE-2025-68725
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When a BPF program - triggered via BPF test infra - pushes the packet to the loopback device via bpf_clone_redirect() then mentioned offload warning can be seen. GSO-related features are then rightfully disabled. We get into this situation... • https://git.kernel.org/stable/c/850a88cc4096fe1df407452ba2e4d28cf5b3eee9 •