CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2023-53794 – cifs: fix session state check in reconnect to avoid use-after-free issue
https://notcve.org/view.php?id=CVE-2023-53794
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2_reconnect_server(), because it will be released soon. Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list. In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-af... • https://git.kernel.org/stable/c/4fcd1813e6404dd4420c7d12fb483f9320f0bf93 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53788 – ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
https://notcve.org/view.php?id=CVE-2023-53788
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/h... • https://git.kernel.org/stable/c/44f0c9782cc6ab71ea947f8f710a46f2078a151c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53786 – dm flakey: fix a crash with invalid table line
https://notcve.org/view.php?id=CVE-2023-53786
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512" Fix the crash by checking if arg_name is non-NULL before comparing it. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/a3998799fb4df0b0af8271a7d50c4269032397aa •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2023-53782 – dccp: Fix out of bounds access in DCCP error handler
https://notcve.org/view.php?id=CVE-2023-53782
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required. In the Linux kernel, the following vulnerability has been resolved: dc... • https://git.kernel.org/stable/c/6706a97fec963d6cb3f7fc2978ec1427b4651214 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53781 – smc: Fix use-after-free in tcp_write_timer_handler().
https://notcve.org/view.php?id=CVE-2023-53781
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel socket in __smc_create(), the kernel socket is supposed to be freed in smc_clcsock_release() by calling sock_release() when we close() the parent SMC socket. However, at the end of smc_clcsock_release(), the kernel socket's sk_state migh... • https://git.kernel.org/stable/c/ac7138746e14137a451f8539614cdd349153e0c0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53780 – drm/amd/display: fix FCLK pstate change underflow
https://notcve.org/view.php?id=CVE-2023-53780
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix FCLK pstate change underflow [Why] Currently we set FCLK p-state change watermark calculated based on dummy p-state latency when UCLK p-state is not supported [How] Calculate FCLK p-state change watermark based on on FCLK pstate change latency in case UCLK p-state is not supported In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix FCLK pstate change underflow [Why] Currently we set ... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50656 – nfc: pn533: Clear nfc_target before being used
https://notcve.org/view.php?id=CVE-2022-50656
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call ... • https://git.kernel.org/stable/c/361f3cb7f9cfdb82c80926d0e7843c098c034545 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50653 – mmc: atmel-mci: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50653
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). So fix this by checking the return value and calling mmc_free_host(... • https://git.kernel.org/stable/c/7d2be0749a59096a334c94dc48f43294193cb8ed •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50652 – uio: uio_dmem_genirq: Fix missing unlock in irq configuration
https://notcve.org/view.php?id=CVE-2022-50652
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: uio: uio_dmem_genirq: Fix missing unlock in irq configuration Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") started calling disable_irq() without holding the spinlock because it can sleep. However, that fix introduced another bug: if interrupt is already disabled and a new disable request comes in, then the spinlock is not unlocked: root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0 root... • https://git.kernel.org/stable/c/b77fa964ecb1d72a671234f5bea95b41f77c233a •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50649 – power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
https://notcve.org/view.php?id=CVE-2022-50649
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() ADP5061_CHG_STATUS_1_CHG_STATUS is masked with 0x07, which means a length of 8, but adp5061_chg_type array size is 4, may end up reading 4 elements beyond the end of the adp5061_chg_type[] array. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() ADP5061_CHG_STATUS_1_CHG_STATUS is... • https://git.kernel.org/stable/c/fe8e81b7e899968690e5e87c25727178921b5b9a •