CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54054 – scsi: qla2xxx: Fix buffer overrun
https://notcve.org/view.php?id=CVE-2023-54054
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fc_els_flogi to calculate size of buffer. The actual buffer is nested inside of fc_els_flogi which is smaller. Replace structure name to allow proper size calculation. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driv... • https://git.kernel.org/stable/c/eecb8a491c824a9376155d26ec95b6d0054c059c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54053 – wifi: iwlwifi: pcie: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-54053
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: ... • https://git.kernel.org/stable/c/f6f2d16c77f936041b8ac495fceabded4ec6c83c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54047 – drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
https://notcve.org/view.php?id=CVE-2023-54047
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The component memory gets freed before the main drm device is destroyed. Fix it by running encoder cleanup before tearing down its container. [moved encoder cleanup above clk_disable, similar to bind-error-path] In the Linux kernel, the fo... • https://git.kernel.org/stable/c/110d4202522373d629d14597af9bac97eb58bd67 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50735 – wifi: mt76: do not run mt76u_status_worker if the device is not running
https://notcve.org/view.php?id=CVE-2022-50735
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76u_status_worker if the device is not running Fix the following NULL pointer dereference avoiding to run mt76u_status_worker thread if the device is not running yet. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 98 Comm: kworker/u2:2 Not tainted 5.14.0+ #78 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workque... • https://git.kernel.org/stable/c/69346de0eb956fb92949b9473de4647d9c34a54f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50733 – usb: idmouse: fix an uninit-value in idmouse_open
https://notcve.org/view.php?id=CVE-2022-50733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouse_open In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference. Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data. Note that this is found... • https://git.kernel.org/stable/c/b3304a6df957cc89a0590cb505388d659bf3db4c •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50728 – s390/lcs: Fix return type of lcs_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50728
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/lcs: Fix return type of lcs_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to catch these at ... • https://git.kernel.org/stable/c/7b4da3fcd513b8e67823eb80da37aad99b3339c1 •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50720 – x86/apic: Don't disable x2APIC if locked
https://notcve.org/view.php?id=CVE-2022-50720
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor of one that uses MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR. The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO in... • https://git.kernel.org/stable/c/05785ba834f23272f9d23427ae4a80ac505a5296 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50719 – ALSA: line6: fix stack overflow in line6_midi_transmit
https://notcve.org/view.php?id=CVE-2022-50719
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer overflow when multiple MIDI sysex messages are sent to a PODxt device. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer ove... • https://git.kernel.org/stable/c/b026af92b2cea907c780f7168c730c816cd33311 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50717 – nvmet-tcp: add bounds check on Transfer Tag
https://notcve.org/view.php?id=CVE-2022-50717
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. • https://git.kernel.org/stable/c/0d150ccd55dbfad36f55855b40b381884c98456e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50716 – wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
https://notcve.org/view.php?id=CVE-2022-50716
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out syzkaller reported use-after-free with the stack trace like below [1]: [ 38.960489][ C3] ================================================================== [ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0 [ 38.966363][ C3] [ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tain... • https://git.kernel.org/stable/c/c9ba3fbf6a488da6cad1d304c5234bd8d729eba3 •