CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50700 – wifi: ath10k: Delay the unmapping of the buffer
https://notcve.org/view.php?id=CVE-2022-50700
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a copy complete interrupt to the host driver while still processing the buffer that the driver has sent, this is leading into an SMMU fault triggering kernel panic. This is happening on copy engine channel 3 (CE3) where the driver normally enqueues WMI commands to the firmware. Upon receiving a copy complete interr... • https://git.kernel.org/stable/c/d390509bdf501c9c8c6e61248e4bc9314c86d854 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50699 – selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
https://notcve.org/view.php?id=CVE-2022-50699
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context at __might_sleep+0x60/0x74 0x0 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1 Call trace: dump_backtrace+0x0/0x1c8 show_stack+0x18/0x2... • https://git.kernel.org/stable/c/ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50698 – ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
https://notcve.org/view.php?id=CVE-2022-50698
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() If clk_hw_register() fails, the corresponding clk should not be unregistered. To handle errors from loops, clean up partial iterations before doing the goto. So add a clk_hw_unregister(). Then use a while (--i >= 0) loop in the unwind section. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/78013a1cf2971684775f6956d5666237ac53a1aa •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50697 – mrp: introduce active flags to prevent UAF when applicant uninit
https://notcve.org/view.php?id=CVE-2022-50697
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del_timer_sync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be successful. And syzbot report the fellowing crash: ================================================================== BUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline] BUG: KASAN: use-... • https://git.kernel.org/stable/c/febf018d22347b5df94066bca05d0c11a84e839d •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68733 – smack: fix bug: unprivileged task can create labels
https://notcve.org/view.php?id=CVE-2025-68733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc/PID/attr/smack/current This occurs because do_setattr() imports the provided label in advance, before checking "relabel-self" list. This change ensures that the "relabel-self" list is checked before importing the label. In the Linux ... • https://git.kernel.org/stable/c/38416e53936ecf896948fdeffc36b76979117952 •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68732 – gpu: host1x: Fix race in syncpt alloc/free
https://notcve.org/view.php?id=CVE-2025-68732
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release. Remove explicit mutex ... • https://git.kernel.org/stable/c/f5ba33fb9690566c382624637125827b5512e766 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68728 – ntfs3: fix uninit memory after failed mi_read in mi_format_new
https://notcve.org/view.php?id=CVE-2025-68728
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN. Avoid this by setting the buffer... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68727 – ntfs3: Fix uninit buffer allocated by __getname()
https://notcve.org/view.php?id=CVE-2025-68727
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. ... • https://git.kernel.org/stable/c/78ab59fee07f22464f32eafebab2bd97ba94ff2d •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68725 – bpf: Do not let BPF test infra emit invalid GSO types to stack
https://notcve.org/view.php?id=CVE-2025-68725
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When a BPF program - triggered via BPF test infra - pushes the packet to the loopback device via bpf_clone_redirect() then mentioned offload warning can be seen. GSO-related features are then rightfully disabled. We get into this situation... • https://git.kernel.org/stable/c/850a88cc4096fe1df407452ba2e4d28cf5b3eee9 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68724 – crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
https://notcve.org/view.php?id=CVE-2025-68724
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial num... • https://git.kernel.org/stable/c/7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 •