CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53748 – media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
https://notcve.org/view.php?id=CVE-2023-53748
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vc... • https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53747 – vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-53747
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_scre... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53746 – s390/vfio-ap: fix memory leak in vfio_ap device driver
https://notcve.org/view.php?id=CVE-2023-53746
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrieve the pointer to the vfio_matrix_dev object in order to free its storage. The problem is, this object is not stored as drvdata with the device; since the kfree function will accept a NULL pointer, the memory for the vfio_matrix_dev object is never freed. Sin... • https://git.kernel.org/stable/c/1fde573413b549d52183382e639c1d6ce88f5959 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53745 – um: vector: Fix memory leak in vector_config
https://notcve.org/view.php?id=CVE-2023-53745
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak. In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak. • https://git.kernel.org/stable/c/49da7e64f33e80edffb1a9eeb230fa4c3f42dffb •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53744 – soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
https://notcve.org/view.php?id=CVE-2023-53744
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. • https://git.kernel.org/stable/c/5a99ae0092fe24fd581fdb6b9c2b48f94f92cf32 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53743 – PCI: Free released resource after coalescing
https://notcve.org/view.php?id=CVE-2023-53743
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. • https://git.kernel.org/stable/c/465c195e86f3d0ffd2e250c4b78a5a1f11cc1b0a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53742 – kcsan: Avoid READ_ONCE() in read_instrumented_memory()
https://notcve.org/view.php?id=CVE-2023-53742
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000283... • https://git.kernel.org/stable/c/706ae665747b629bcf87a2d7e6438602f904b8d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50629 – wifi: rsi: Fix memory leak in rsi_coex_attach()
https://notcve.org/view.php?id=CVE-2022-50629
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsi_coex_attach() The coex_cb needs to be freed when rsi_create_kthread() failed in rsi_coex_attach(). In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsi_coex_attach() The coex_cb needs to be freed when rsi_create_kthread() failed in rsi_coex_attach(). • https://git.kernel.org/stable/c/2108df3c4b1856588ca2e7f641900c2bbf38467e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50628 – drm/gud: Fix UBSAN warning
https://notcve.org/view.php?id=CVE-2022-50628
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: [ 101.165172] [drm] Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1 [ 101.213360] gud 2-3.2:1.0: [drm] fb1: guddrmfb frame buffer device [ 101.213426] usbcore: registered new interface driver gud [ 101.989431] ================================================================================ [ 101.989441] UBSAN: invalid-load in linux/include/linux/iosys-map.h:253... • https://git.kernel.org/stable/c/40e1a70b4aedf2859a1829991b48ef0ebe650bf2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50627 – wifi: ath11k: fix monitor mode bringup crash
https://notcve.org/view.php?id=CVE-2022-50627
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix monitor mode bringup crash When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is extracted for a SKB. This extraction which is present in the received msdu delivery path,is not needed for the monitor ring packets since they are all RAW packets. Hence appending the flags with "RX_FLAG_ONLY_MONITOR" to skip that extraction. Observed calltrace:... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •