CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50536 – bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
https://notcve.org/view.php?id=CVE-2022-50536
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the eval variable is assigned to __SK_REDIRECT after the apply_bytes data is sent, if msg has more_data, sock_put() will be called multiple times. We should reset the eval variable to __SK_NONE every time more_data starts. This causes: IPv4: Attempt to release TCP socket in state 1 00000000b4c925d7 ------------[ cut here ]-----------... • https://git.kernel.org/stable/c/5f0bfe21c853917aae4bc5a70fe57ddb4054443e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/fd79b61af2782f8875c78f50cdb8630ec43e2990 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53651 – Input: exc3000 - properly stop timer on shutdown
https://notcve.org/view.php?id=CVE-2023-53651
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops. In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops. • https://git.kernel.org/stable/c/7e577a17f2eefeef32f1106ebf91e7cd143ba654 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53650 – fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
https://notcve.org/view.php?id=CVE-2023-53650
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() If 'mipid_detect()' fails, we must free 'md' to avoid a memory leak. • https://git.kernel.org/stable/c/66d2f99d0bb5a2972fb5c1d88b61169510e540d6 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53648 – ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
https://notcve.org/view.php?id=CVE-2023-53648
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072) remove redundant assignment, return error if rac97 is NULL. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() e... • https://git.kernel.org/stable/c/da3cec35dd3c31d8706db4bf379372ce70d92118 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53647 – Drivers: hv: vmbus: Don't dereference ACPI root object handle
https://notcve.org/view.php?id=CVE-2023-53647
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root object trying to find Hyper-V MMIO ranges. However, if it is not able to find them it ends trying to walk resources of the ACPI namespace root object itself. This object has all-ones handle, which causes a NULL pointer ... • https://git.kernel.org/stable/c/7f163a6fd957a85f7f66a129db1ad243a44399ee •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53644 – media: radio-shark: Add endpoint checks
https://notcve.org/view.php?id=CVE-2023-53644
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Goo... • https://git.kernel.org/stable/c/3ed6a312ac1e7278f92b1b3d95377b335ae21e89 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53641 – wifi: ath9k: hif_usb: fix memory leak of remain_skbs
https://notcve.org/view.php?id=CVE-2023-53641
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of remain_skbs hif_dev->remain_skb is allocated and used exclusively in ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is processed and subsequently freed (in error paths) only during the next call of ath9k_hif_usb_rx_stream(). So, if the urbs are deallocated between those two calls due to the device deinitialization or suspend, it is possible that ath9k_hif_usb_rx_stream() is not... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53640 – ASoC: lpass: Fix for KASAN use_after_free out of bounds
https://notcve.org/view.php?id=CVE-2023-53640
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use_after_free out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bounds in regcache_flat_read+0x10c/0x110 Read of size 4 at addr ffffff8088fbf714 by task syz-executor.4/14144 CPU: 6 PID: 14144 Comm: syz-executor.4 Tainted: G W Hardware name: Qualcomm Technologies, Inc. sc7280 CRD ... • https://git.kernel.org/stable/c/8f1512d78b5de928f4616a871e77b58fd546e651 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53639 – wifi: ath6kl: reduce WARN to dev_dbg() in callback
https://notcve.org/view.php?id=CVE-2023-53639
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN() hinders automated testing. Reducing severity. In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to dev_dbg() in callback The warn is triggered on a known race condition, documented in the code above the test, that is corr... • https://git.kernel.org/stable/c/de2070fc4aa7c0205348010f500f5abce012e67b •