CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2023-53782 – dccp: Fix out of bounds access in DCCP error handler
https://notcve.org/view.php?id=CVE-2023-53782
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required. In the Linux kernel, the following vulnerability has been resolved: dc... • https://git.kernel.org/stable/c/6706a97fec963d6cb3f7fc2978ec1427b4651214 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53781 – smc: Fix use-after-free in tcp_write_timer_handler().
https://notcve.org/view.php?id=CVE-2023-53781
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel socket in __smc_create(), the kernel socket is supposed to be freed in smc_clcsock_release() by calling sock_release() when we close() the parent SMC socket. However, at the end of smc_clcsock_release(), the kernel socket's sk_state migh... • https://git.kernel.org/stable/c/ac7138746e14137a451f8539614cdd349153e0c0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53780 – drm/amd/display: fix FCLK pstate change underflow
https://notcve.org/view.php?id=CVE-2023-53780
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix FCLK pstate change underflow [Why] Currently we set FCLK p-state change watermark calculated based on dummy p-state latency when UCLK p-state is not supported [How] Calculate FCLK p-state change watermark based on on FCLK pstate change latency in case UCLK p-state is not supported In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix FCLK pstate change underflow [Why] Currently we set ... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53777 – erofs: kill hooked chains to avoid loops on deduplicated compressed images
https://notcve.org/view.php?id=CVE-2023-53777
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could be linked with each other almost simultaneously and form a loop so that the entire loop won't be submitted. As a consequence, the corresponding file pages will remain locked forever. It can be _only_ observed on dat... • https://git.kernel.org/stable/c/267f2492c8f71dac44399988b510f9bf6b074a51 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50656 – nfc: pn533: Clear nfc_target before being used
https://notcve.org/view.php?id=CVE-2022-50656
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfc_target before being used Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call ... • https://git.kernel.org/stable/c/361f3cb7f9cfdb82c80926d0e7843c098c034545 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50655 – ppp: associate skb with a device at tx
https://notcve.org/view.php?id=CVE-2022-50655
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x2, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x0, 0x0) [ 9.485814] WARNING... • https://git.kernel.org/stable/c/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50654 – bpf: Fix panic due to wrong pageattr of im->image
https://notcve.org/view.php?id=CVE-2022-50654
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im->image In the scenario where livepatch and kretfunc coexist, the pageattr of im->image is rox after arch_prepare_bpf_trampoline in bpf_trampoline_update, and then modify_fentry or register_fentry returns -EAGAIN from bpf_tramp_ftrace_ops_func, the BPF_TRAMP_F_ORIG_STACK flag will be configured, and arch_prepare_bpf_trampoline will be re-executed. At this time, because the pageattr of im->image is r... • https://git.kernel.org/stable/c/00963a2e75a872e5fce4d0115ac2786ec86b57a6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50653 – mmc: atmel-mci: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50653
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). So fix this by checking the return value and calling mmc_free_host(... • https://git.kernel.org/stable/c/7d2be0749a59096a334c94dc48f43294193cb8ed •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50652 – uio: uio_dmem_genirq: Fix missing unlock in irq configuration
https://notcve.org/view.php?id=CVE-2022-50652
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: uio: uio_dmem_genirq: Fix missing unlock in irq configuration Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") started calling disable_irq() without holding the spinlock because it can sleep. However, that fix introduced another bug: if interrupt is already disabled and a new disable request comes in, then the spinlock is not unlocked: root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0 root... • https://git.kernel.org/stable/c/b77fa964ecb1d72a671234f5bea95b41f77c233a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50651 – ethtool: eeprom: fix null-deref on genl_info in dump
https://notcve.org/view.php?id=CVE-2022-50651
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genl_info in dump The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on genl_info in dump") is also needed for ethtool eeprom. In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genl_info in dump The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on genl_info in dump") is also needed for ethtool eeprom. • https://git.kernel.org/stable/c/c781ff12a2f37a9795e13bf328e5053d3e69f9e0 •