CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50875 – of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
https://notcve.org/view.php?id=CVE-2022-50875
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/2fe0e8769df9fed5098daea7db933bc414c329d7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50874 – RDMA/erdma: Fix refcount leak in erdma_mmap
https://notcve.org/view.php?id=CVE-2022-50874
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Fix refcount leak in erdma_mmap rdma_user_mmap_entry_get() take reference, we should release it when not need anymore, add the missing rdma_user_mmap_entry_put() in the error path to fix it. • https://git.kernel.org/stable/c/155055771704f8cbb5c176a4309b7dc30a50450c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54279 – MIPS: fw: Allow firmware to pass a empty env
https://notcve.org/view.php?id=CVE-2023-54279
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference. • https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54278 – s390/vmem: split pages when debug pagealloc is enabled
https://notcve.org/view.php?id=CVE-2023-54278
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec560024... • https://git.kernel.org/stable/c/bb1520d581a3a46e2d6e12bb74604ace33404de5 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54277 – fbdev: udlfb: Fix endpoint check
https://notcve.org/view.php?id=CVE-2023-54277
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU... • https://git.kernel.org/stable/c/f6db63819db632158647d5bbf4d7d2d90dc1a268 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54276 – nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
https://notcve.org/view.php?id=CVE-2023-54276
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd startup, but didn't account for the stats counters, which can be accessed before nfsd is ever started. The result can be a NULL pointer dereference when someone accesses /proc/fs/nfsd/reply_cache_stats while nfsd is still shut down. Th... • https://git.kernel.org/stable/c/f5f9d4a314da88c0a5faa6d168bf69081b7a25ae •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54275 – wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
https://notcve.org/view.php?id=CVE-2023-54275
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this. • https://git.kernel.org/stable/c/243874c64c8137bc90455200a7735da72836ecab •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54274 – RDMA/srpt: Add a check for valid 'mad_agent' pointer
https://notcve.org/view.php?id=CVE-2023-54274
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent'... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54273 – xfrm: Fix leak of dev tracker
https://notcve.org/view.php?id=CVE-2023-54273
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call. • https://git.kernel.org/stable/c/919e43fad5163a8ceb39826ecdee897a9f799351 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54272 – fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
https://notcve.org/view.php?id=CVE-2023-54272
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni->mi.mrec can be also dereferenced in ni_clear(): ntfs_evict_inode(inode) ni_write_inode(inode, ...) ni = ntfs_i(inode); is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit ni_clear(ntfs_i(inode)) is_... • https://git.kernel.org/stable/c/20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6 •