CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53750 – pinctrl: freescale: Fix a memory out of bounds when num_configs is 1
https://notcve.org/view.php?id=CVE-2023-53750
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 The config passed in by pad wakeup is 1, when num_configs is 1, Configuration [1] should not be fetched, which will be detected by KASAN as a memory out of bounds condition. Modify to get configs[1] when num_configs is 2. In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 The config passe... • https://git.kernel.org/stable/c/f60c9eac54af28d7b5651fe49944bfd5098550e6 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53748 – media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
https://notcve.org/view.php?id=CVE-2023-53748
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vc... • https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53747 – vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-53747
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_scre... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53744 – soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
https://notcve.org/view.php?id=CVE-2023-53744
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(). Add missing refcount release in the error paths. • https://git.kernel.org/stable/c/5a99ae0092fe24fd581fdb6b9c2b48f94f92cf32 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53743 – PCI: Free released resource after coalescing
https://notcve.org/view.php?id=CVE-2023-53743
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free the resource list entry to avoid a leak. • https://git.kernel.org/stable/c/465c195e86f3d0ffd2e250c4b78a5a1f11cc1b0a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53742 – kcsan: Avoid READ_ONCE() in read_instrumented_memory()
https://notcve.org/view.php?id=CVE-2023-53742
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000283... • https://git.kernel.org/stable/c/706ae665747b629bcf87a2d7e6438602f904b8d5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40324 – NFSD: Fix crash in nfsd4_read_release()
https://notcve.org/view.php?id=CVE-2025-40324
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4_read_release() When tracing is enabled, the trace_nfsd_read_done trace point crashes during the pynfs read.testNoFh test. In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4_read_release() When tracing is enabled, the trace_nfsd_read_done trace point crashes during the pynfs read.testNoFh test. • https://git.kernel.org/stable/c/65a33135e91e6dd661ecdf1194b9d90c49ae3570 •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40323 – fbcon: Set fb_display[i]->mode to NULL when the mode is released
https://notcve.org/view.php?id=CVE-2025-40323
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fb_display[i]->mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x285/0x2f0 Read of size 4 at addr ff11000001b3c69c by task syz.xxx ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40322 – fbdev: bitblit: bound-check glyph index in bit_putcs*
https://notcve.org/view.php?id=CVE-2025-40322
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. In the Linux kernel, the following vulnerability has been... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40321 – wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode
https://notcve.org/view.php?id=CVE-2025-40321
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. The P2P interfaces were available when wpa_supplicant is managing the wlan interface. However, the P2P interfaces are not created/initialized when only hostapd is managing the wlan interface. And if hostapd receives a... • https://git.kernel.org/stable/c/18e2f61db3b708e0a22ccc403cb6ab2203d6faab •