CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50381 – md: fix a crash in mempool_free
https://notcve.org/view.php?id=CVE-2022-50381
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempool_free There's a crash in mempool_free when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: * super_written calls atomic_dec_and_test(&mddev->pending_writes) and wake_up(&mddev->sb_wait). Then it calls rdev_dec_pending(rdev, mddev) and bio_put(bio). * so, the process that waited on sb_wait and that is woken up is racing with bio_put(bio). * if the process wins the race, it call... • https://git.kernel.org/stable/c/f8b58edf3acf0dcc186b8330939000ecf709368a • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53368 – tracing: Fix race issue between cpu buffer write and swap
https://notcve.org/view.php?id=CVE-2023-53368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sch... • https://git.kernel.org/stable/c/f1affcaaa861f27752a769f889bf1486ebd301fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53365 – ip6mr: Fix skb_under_panic in ip6mr_cache_report()
https://notcve.org/view.php?id=CVE-2023-53365
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),... • https://git.kernel.org/stable/c/14fb64e1f449ef6666f1c3a3fa4e13aec669b98d • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53357 – md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
https://notcve.org/view.php?id=CVE-2023-53357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in md_bitmap_get_counter() in order to set *blocks value and slab-out-of-bounds occurs. Move check of 'page >= bitmap->pages' to md_bitmap_get_counter() and return directly if true. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/ef4256733506f2459a0c436b62267d22a3f0cec6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53337 – nilfs2: do not write dirty data after degenerating to read-only
https://notcve.org/view.php?id=CVE-2023-53337
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only degeneration, page cache data may be cleared through nilfs_clear_dirty_page() which may also clear the uptodate flag for their buffer heads. However, even aft... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50368 – drm/msm/dsi: fix memory corruption with too many bridges
https://notcve.org/view.php?id=CVE-2022-50368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork: https://patchwork.freedesktop.org/patch/502668/ This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/a689554ba6ed81cf606c16539f6ffc2a1dcdaf8e • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50367 – fs: fix UAF/GPF bug in nilfs_mdt_destroy
https://notcve.org/view.php?id=CVE-2022-50367
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50366 – powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
https://notcve.org/view.php?id=CVE-2022-50366
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift exponent and then will trigger shift-out-of-bounds: shift exponent 18446744073709551615 is too large for 32-bit type 'int' Call Trace: rapl_compute_time_window_core rapl_write_data_raw set_time_window store_constraint_time_window_us • https://git.kernel.org/stable/c/2d281d8196e38dd3a4ee9af26621ddde8329f269 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50359 – media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
https://notcve.org/view.php?id=CVE-2022-50359
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue(). The following log can reveal it: [ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-476: NULL Pointer Dereference •
CVSS: 4.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50358 – brcmfmac: return error when getting invalid max_flowrings from dongle
https://notcve.org/view.php?id=CVE-2022-50358
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we directly return error when getting invalid max_flowrings(>256). This update provides the initial livepatch for this kernel update. This update does not conta... • https://git.kernel.org/stable/c/9e37f045d5e7f33450515f237c2f6f6bfee137dd •