CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50453 – gpiolib: cdev: fix NULL-pointer dereferences
https://notcve.org/view.php?id=CVE-2022-50453
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's annonymous file descriptors: ioctl(), read(), poll(). While I observed it with the GPIO simulator, it will also happen for any of the GPIO devices that can be hot-unplugged - for instance any HID GPIO expander (e.g. CP2... • https://git.kernel.org/stable/c/d7c51b47ac11e66f547b55640405c1c474642d72 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50452 – net: sched: cake: fix null pointer access issue when cake_init() fails
https://notcve.org/view.php?id=CVE-2022-50452
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cake_init() fails When the default qdisc is cake, if the qdisc of dev_queue fails to be inited during mqprio_init(), cake_reset() is invoked to clear resources. In this case, the tins is NULL, and it will cause gpf issue. The process is as follows: qdisc_create_dflt() cake_init() q->tins = kvcalloc(...) --->failed, q->tins is NULL ... qdisc_put() ... cake_reset() ... cake_dequeue_one() b ... • https://git.kernel.org/stable/c/046f6fd5daefac7f5abdafb436b30f63bc7c602b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50449 – clk: samsung: Fix memory leak in _samsung_clk_register_pll()
https://notcve.org/view.php?id=CVE-2022-50449
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in _samsung_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it. In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in _samsung_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so i... • https://git.kernel.org/stable/c/3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50445 – xfrm: Reinject transport-mode packets through workqueue
https://notcve.org/view.php?id=CVE-2022-50445
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198] CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--... • https://git.kernel.org/stable/c/acf568ee859f098279eadf551612f103afdacb4e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4460 – drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
https://notcve.org/view.php?id=CVE-2021-4460
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is undefined. Set num_sdma_queues or num_xgmi_sdma_queues to ULLONG_MAX, if the count is >= number of bits in the operand. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1472 In the Linux kernel, the following v... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53487 – powerpc/rtas_flash: allow user copy to flash block cache objects
https://notcve.org/view.php?id=CVE-2023-53487
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas_flash: allow user copy to flash block cache objects With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the /proc/powerpc/rtas/firmware_update interface to prepare a system firmware update yields a BUG(): kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2 Hardwar... • https://git.kernel.org/stable/c/6d07d1cd300f4c7e16005f881fea388164999cc8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53485 – fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
https://notcve.org/view.php?id=CVE-2023-53485
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type 's8[341]' (aka 'signed char[341]') CPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53484 – lib: cpu_rmap: Avoid use after free on rmap->obj array entries
https://notcve.org/view.php?id=CVE-2023-53484
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: lib: cpu_rmap: Avoid use after free on rmap->obj array entries When calling irq_set_affinity_notifier() with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array entry but will leave the pointer in the array. A subsequent call to free_irq_cpu_rmap() will try to free this entry again leading to possible use after free. Fix that by setting NULL to the array entry and checking that we have non-zero ... • https://git.kernel.org/stable/c/896f97ea95c1d29c0520ee0766b66b7f64cb967c •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53482 – iommu: Fix error unwind in iommu_group_alloc()
https://notcve.org/view.php?id=CVE-2023-53482
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iommu_group_alloc() If either iommu_group_grate_file() fails then the iommu_group is leaked. Destroy it on these error paths. Found by kselftest/iommu/iommufd_fail_nth In the Linux kernel, the following vulnerability has been resolved: iommu: Fix error unwind in iommu_group_alloc() If either iommu_group_grate_file() fails then the iommu_group is leaked. Destroy it on these error paths. Found by kselftest/iommu/iom... • https://git.kernel.org/stable/c/bc7d12b91bd35477fd650c4d72b61239de9d9066 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53481 – ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
https://notcve.org/view.php?id=CVE-2023-53481
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed Following process will trigger an infinite loop in ubi_wl_put_peb(): ubifs_bgt ubi_bgt ubifs_leb_unmap ubi_leb_unmap ubi_eba_unmap_leb ubi_wl_put_peb wear_leveling_worker e1 = rb_entry(rb_first(&ubi->used) e2 = get_peb_for_wl(ubi) ubi_io_read_vid_hdr // return err (flash fault) out_error: ubi->move_from = ubi->move_to = NULL wl_entry_destroy(ubi, e1) ubi->lookuptbl[e->pnu... • https://git.kernel.org/stable/c/43f9b25a9cdd7b177f77f026b1461abd1abbd174 •