CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53829 – f2fs: flush inode if atomic file is aborted
https://notcve.org/view.php?id=CVE-2023-53829
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f2fs_abort_atomic_write+0xc4/0xf0 [f2fs] f2fs_evict_inode+0x3f/0x690 [f2fs] ? sugov_start+0x140/0x140 evict+0xc3/0x1c0 evict_inodes+0x17b/0x210 generic_shutdown_super+0x32/0x120 kill_block_super+0x21/0x50 deactivate_locked_super+0x31/0x90 c... • https://git.kernel.org/stable/c/1c64dbe8fa3552a340bca6d7fa09468c16ed2a85 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53827 – Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
https://notcve.org/view.php?id=CVE-2023-53827
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth:... • https://git.kernel.org/stable/c/f2d38e77aa5f3effc143e7dd24da8acf02925958 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53826 – ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
https://notcve.org/view.php?id=CVE-2023-53826
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Wear-leveling entry could be freed in error path, which may be accessed again in eraseblk_count_seq_show(), for example: __erase_worker eraseblk_count_seq_show wl = ubi->lookuptbl[*block_number] if (wl) wl_entry_destroy ubi->lookuptbl[e->pnum] = NULL kmem_cache_free(ubi_wl_entry_slab, e) erase_count = wl->ec // UAF! Wear-leveling entry updating/accessing in ubi->lookuptbl should ... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53825 – kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
https://notcve.org/view.php?id=CVE-2023-53825
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating kcm_tx_msg(head)->last_skb if partial data is copied so that the following sendmsg() will resume from the skb. However, we cannot know how many bytes were copied when we get the error. Thus, we could mess up the MSG_MORE queue. When ... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53824 – netlink: annotate lockless accesses to nlk->max_recvmsg_len
https://notcve.org/view.php?id=CVE-2023-53824
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection. [1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0: netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inlin... • https://git.kernel.org/stable/c/9063e21fb026c4966fc93261c18322214f9835eb •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53822 – wifi: ath11k: Ignore frags from uninitialized peer in dp.
https://notcve.org/view.php?id=CVE-2023-53822
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenario, a fragmented packet is received for self peer, for which rx_tid and rx_frags are not initialized in datapath. While handling this fragment, crash is observed as the rx_frag list is uninitialised and when we walk ... • https://git.kernel.org/stable/c/e78526a06b53718bfc1dfff37864c7760e41f8ec •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53821 – ip6_vti: fix slab-use-after-free in decode_session6
https://notcve.org/view.php?id=CVE-2023-53821
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6_vti device sends IPv6 packets. The stack information is as follows: BUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890 Read of size 1 at addr ffff88802e08edc2 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 No... • https://git.kernel.org/stable/c/f855691975bb06373a98711e4cfe2c224244b536 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50679 – i40e: Fix DMA mappings leak
https://notcve.org/view.php?id=CVE-2022-50679
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g enp130s0f0 done done This resulted in crash: i40e 0000:01:00.1: Unable to allocate memory for the Rx descriptor ring, size=65536 Driver BUG WARNING: CPU: 0 PID: 4300 at net/core/xdp.c:141 xdp_rxq_info_unreg+0x43... • https://git.kernel.org/stable/c/be1222b585fdc410b8c1dbcc57dd03a00f04eff5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50678 – wifi: brcmfmac: fix invalid address access when enabling SCAN log level
https://notcve.org/view.php?id=CVE-2022-50678
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi->reqs[i]->reqid. We replace reqs index with ri to fix the issue. [ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000 [ 136.737365] Mem abort info: [ 136.740172] ESR = 0x96000004 [ 1... • https://git.kernel.org/stable/c/7ccb0529446ae68a8581916bfc95c353306d76ba •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50677 – ipmi: fix use after free in _ipmi_destroy_user()
https://notcve.org/view.php?id=CVE-2022-50677
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line. In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line. • https://git.kernel.org/stable/c/f9d405a4bd6090ffbf3bba5e2da6b44c0e013cb3 •