CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54281 – btrfs: release path before inode lookup during the ino lookup ioctl
https://notcve.org/view.php?id=CVE-2023-54281
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget() needs to lookup the inode from the root's btree, because it's not currently loaded in memory, then it will need to lock another or the same path in the same root btree. This may result in a deadlock and trigger the following lockde... • https://git.kernel.org/stable/c/23d0b79dfaed2305b500b0215b0421701ada6b1a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54280 – cifs: fix potential race when tree connecting ipc
https://notcve.org/view.php?id=CVE-2023-54280
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects. • https://git.kernel.org/stable/c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50883 – bpf: Prevent decl_tag from being referenced in func_proto arg
https://notcve.org/view.php?id=CVE-2022-50883
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent decl_tag from being referenced in func_proto arg Syzkaller managed to hit another decl_tag issue: btf_func_proto_check kernel/bpf/btf.c:4506 [inline] btf_check_all_types kernel/bpf/btf.c:4734 [inline] btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763 btf_parse kernel/bpf/btf.c:5042 [inline] btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709 bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342 __sys_bpf+0x50a/0x6c0 kernel/bpf/syscall... • https://git.kernel.org/stable/c/b5ea834dde6b6e7f75e51d5f66dac8cd7c97b5ef •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50882 – media: uvcvideo: Fix memory leak in uvc_gpio_parse
https://notcve.org/view.php?id=CVE-2022-50882
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvc_gpio_parse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer after the IRQ to avoid it. Addresses-Coverity-ID: 1474639 ("Resource leak") • https://git.kernel.org/stable/c/2886477ff98740cc3333cf785e4de0b1ff3d7a28 •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50881 – wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
https://notcve.org/view.php?id=CVE-2022-50881
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that has already been freed by ieee80211_free_hw(), called by ath9k_htc_hw_deinit(). The patch moves ath9k_destroy_wmi() before ieee80211_free_hw(). Note that urbs from the driver should be killed before freeing 'wmi' with ath9k_destroy_wmi(... • https://git.kernel.org/stable/c/abeaa85054ff8cfe8b99aafc5c70ea067e5d0908 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50880 – wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
https://notcve.org/view.php?id=CVE-2022-50880
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdev_id and address, it has only one struct ath10k_peer, it is allocated in ath10k_peer_map_event(). When connected to an AP, it has more than one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the array peer_map of struct ath10k will be se... • https://git.kernel.org/stable/c/d0eeafad118940fe445ca00f45be5624fea2ec34 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50879 – objtool: Fix SEGFAULT
https://notcve.org/view.php?id=CVE-2022-50879
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference. • https://git.kernel.org/stable/c/13810435b9a7014fb92eb715f77da488f3b65b99 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50878 – gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
https://notcve.org/view.php?id=CVE-2022-50878
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() A NULL check for bridge->encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 if (!bridge->encoder) { Dereference the pointer bridge->encoder. 810 drm_connector_attach_encoder(<9611->connector, bridge->encoder); • https://git.kernel.org/stable/c/23278bf54afe180967069bdc8c0f1c7a365fc63e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50877 – net: broadcom: bcm4908_enet: update TX stats after actual transmission
https://notcve.org/view.php?id=CVE-2022-50877
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908_enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a possible race and NULL dereference. bcm4908_enet_start_xmit() could try to access skb after freeing it in the bcm4908_enet_poll_tx(). • https://git.kernel.org/stable/c/4feffeadbcb2e5b11cbbf191a33c245b74a5837b •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50876 – usb: musb: Fix musb_gadget.c rxstate overflow bug
https://notcve.org/view.php?id=CVE-2022-50876
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt); • https://git.kernel.org/stable/c/03840fad004ce8a56bc8b3bb60a2df10f6f9481e •