CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50849 – pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
https://notcve.org/view.php?id=CVE-2022-50849
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP An oops can be induced by running 'cat /proc/kcore > /dev/null' on devices using pstore with the ram backend because kmap_atomic() assumes lowmem pages are accessible with __va(). Unable to handle kernel paging request at virtual address ffffff807ff2b000 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 tran... • https://git.kernel.org/stable/c/404a6043385de17273624b076599669db5ad891f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50848 – drivers: dio: fix possible memory leak in dio_init()
https://notcve.org/view.php?id=CVE-2022-50848
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: dio: fix possible memory leak in dio_init() If device_register() returns error, the 'dev' and name needs be freed. Add a release function, and then call put_device() in the error path, so the name is freed in kobject_cleanup() and to the 'dev' is freed in release function. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/2e4c77bea3d8b17d94f8ee382411f359b708560f •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2023-54243 – netfilter: ebtables: fix table blob use-after-free
https://notcve.org/view.php?id=CVE-2023-54243
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix table blob use-after-free We are not allowed to return an error at this point. Looking at the code it looks like ret is always 0 at this point, but its not. t = find_table_lock(net, repl->name, &ret, &ebt_mutex); ... this can return a valid table, with ret != 0. This bug causes update of table->private with the new blob, but then frees the blob right away in the caller. Syzbot report: BUG: KASAN: vmalloc-out-of-boun... • https://git.kernel.org/stable/c/c58dd2dd443c26d856a168db108a0cd11c285bf3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54232 – m68k: Only force 030 bus error if PC not in exception table
https://notcve.org/view.php?id=CVE-2023-54232
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table __get_kernel_nofault() does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrq_trigger. This is expected cause a bus error exception on e.g. NULL pointer dereferencing when logging a kernel task has no workqueue associated. This bus error ought to be ignored. Our 030 bus error handler is ill equipped to deal with this: Whenever ssw indicates a kernel... • https://git.kernel.org/stable/c/f2325ecebc5b7988fd49968bd3a660fd1594dc84 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54230 – amba: bus: fix refcount leak
https://notcve.org/view.php?id=CVE-2023-54230
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amba: bus: fix refcount leak commit 5de1540b7bc4 ("drivers/amba: create devices from device tree") increases the refcount of of_node, but not releases it in amba_device_release, so there is refcount leak. By using of_node_put to avoid refcount leak. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/5de1540b7bc4c23470f86add1e517be41e7fefe2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54226 – af_unix: Fix data races around sk->sk_shutdown.
https://notcve.org/view.php?id=CVE-2023-54226
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races around sk->sk_shutdown. KCSAN found a data race around sk->sk_shutdown where unix_release_sock() and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll() and unix_dgram_poll() read it locklessly. We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE(). BUG: KCSAN: data-race in unix_poll / unix_release_sock write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unix_release_sock... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54214 – Bluetooth: L2CAP: Fix potential user-after-free
https://notcve.org/view.php?id=CVE-2023-54214
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling alloc_skb which may release the chan lock and reacquire later which makes it possible that the chan is disconnected in the meantime. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/a6a5568c03c4805d4d250f6bd9d468eeeb4ea059 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54213 – USB: sisusbvga: Add endpoint checks
https://notcve.org/view.php?id=CVE-2023-54213
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: sisusbvga: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0 Hardware name: Google Google Compute E... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50846 – mmc: via-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50846
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path which wil... • https://git.kernel.org/stable/c/f0bf7f61b8405224bc52fc9a3ccd167a68126e00 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50829 – wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
https://notcve.org/view.php?id=CVE-2022-50829
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() It is possible that skb is freed in ath9k_htc_rx_msg(), then usb_submit_urb() fails and we try to free skb again. It causes use-after-free bug. Moreover, if alloc_skb() fails, urb->context becomes NULL but rx_buf is not freed and there can be a memory leak. The patch removes unnecessary nskb and makes skb processing more clear: it is supposed that ath9k_htc_rx_msg() eithe... • https://git.kernel.org/stable/c/3deff76095c4ac4252e27c537db3041f619c23a2 •