CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53765 – dm cache: free background tracker's queued work in btracker_destroy
https://notcve.org/view.php?id=CVE-2023-53765
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm cache: free background tracker's queued work in btracker_destroy Otherwise the kernel can BUG with: [ 2245.426978] ============================================================================= [ 2245.435155] BUG bt_work (Tainted: G B W ): Objects remaining in bt_work on __kmem_cache_shutdown() [ 2245.445233] ----------------------------------------------------------------------------- [ 2245.445233] [ 2245.454879] Slab 0x00000000b0ce2b30... • https://git.kernel.org/stable/c/673a3af21d5e3ed769f3eaed0c888244290a3506 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53764 – wifi: ath12k: Handle lock during peer_id find
https://notcve.org/view.php?id=CVE-2023-53764
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Handle lock during peer_id find ath12k_peer_find_by_id() requires that the caller hold the ab->base_lock. Currently the WBM error path does not hold the lock and calling that function, leads to the following lockdep_assert()in QCN9274: [105162.160893] ------------[ cut here ]------------ [105162.160916] WARNING: CPU: 3 PID: 0 at drivers/net/wireless/ath/ath12k/peer.c:71 ath12k_peer_find_by_id+0x52/0x60 [ath12k] [105162.160933]... • https://git.kernel.org/stable/c/9faf7c696610a348ca94a224d55c946b19b3279d •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53761 – USB: usbtmc: Fix direction for 0-length ioctl control messages
https://notcve.org/view.php?id=CVE-2023-53761
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the driver does not check that the direction is set to OUT: ------------[ cut here ]------------ usb 3-1: BOGUS control dir, pipe 80000b80 doesn't match bRequestType fd WARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/u... • https://git.kernel.org/stable/c/7cef7681aa7719ff585dd06113a061ab2def7da0 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53753 – drm/amd/display: fix mapping to non-allocated address
https://notcve.org/view.php?id=CVE-2023-53753
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix mapping to non-allocated address [Why] There is an issue mapping non-allocated location of memory. It would allocate gpio registers from an array out of bounds. [How] Patch correct numbers of bounds for using. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix mapping to non-allocated address [Why] There is an issue mapping non-allocated location of memory. It would allocate gpio re... • https://git.kernel.org/stable/c/8ce8a443ddd9002861a4ee8a7e33a0c02717422f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53751 – cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
https://notcve.org/view.php?id=CVE-2023-53751
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential use-after-free bugs. In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many t... • https://git.kernel.org/stable/c/64d62ac6d6514cba1305bd08e271ec1843bdd612 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53748 – media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
https://notcve.org/view.php?id=CVE-2023-53748
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vc... • https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53747 – vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-53747
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_scre... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53742 – kcsan: Avoid READ_ONCE() in read_instrumented_memory()
https://notcve.org/view.php?id=CVE-2023-53742
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000283... • https://git.kernel.org/stable/c/706ae665747b629bcf87a2d7e6438602f904b8d5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50627 – wifi: ath11k: fix monitor mode bringup crash
https://notcve.org/view.php?id=CVE-2022-50627
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix monitor mode bringup crash When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is extracted for a SKB. This extraction which is present in the received msdu delivery path,is not needed for the monitor ring packets since they are all RAW packets. Hence appending the flags with "RX_FLAG_ONLY_MONITOR" to skip that extraction. Observed calltrace:... • https://git.kernel.org/stable/c/d6ea1ca1d456bb661e5a9d104e69d2c261161115 •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50626 – media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
https://notcve.org/view.php?id=CVE-2022-50626
08 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's adapter->priv in case of an error. Currently if an error occurs, it will exit before incrementing "num_adapters_initalized", which is used as a reference counter to free all adap->priv in "dvb_usb_adapter_exit()". There are multiple error paths that can exit... • https://git.kernel.org/stable/c/733bc9e226da2a7f43b10031b8ebfc26d89ec4bd •