CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50353 – mmc: wmt-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50353
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, clk_disable_unprepare() also needs be called. This update provides the... • https://git.kernel.org/stable/c/3a96dff0f828ae9dfb43efd49a9b67a74c6dc360 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53334 – USB: chipidea: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53334
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/4322661af6d7a586a5798ab9aa443f49895b6943 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53333 – netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
https://notcve.org/view.php?id=CVE-2023-53333
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nf_conntrack_dccp_packet() has an unique: dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); And nothing more is 'pulled' from the packet, depending on the content. dh->dccph_doff, and/or dh->dccph_x ...) So dccp_ack_seq() is happily reading stuff past the _dh buffer. BUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134... • https://git.kernel.org/stable/c/2bc780499aa33311ec0f3e42624dfaa7be0ade5e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53332 – genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
https://notcve.org/view.php?id=CVE-2023-53332
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() If ipi_send_{mask|single}() is called with an invalid interrupt number, all the local variables there will be NULL. ipi_send_verify() which is invoked from these functions does verify its 'data' parameter, resulting in a kernel oops in irq_data_get_affinity_mask() as the passed NULL pointer gets dereferenced. Add a missing NULL pointer check in ipi_send_verify()... Found by ... • https://git.kernel.org/stable/c/3b8e29a82dd16c1f2061e0b955a71cd36eeb061b •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-53331 – pstore/ram: Check start of empty przs during init
https://notcve.org/view.php?id=CVE-2023-53331
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_notifier_call_chain... • https://git.kernel.org/stable/c/e1e3a46706bd4037e8b7407dc660ae6e05b8ac56 • CWE-129: Improper Validation of Array Index •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53330 – caif: fix memory leak in cfctrl_linkup_request()
https://notcve.org/view.php?id=CVE-2023-53330
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrl_linkup_request() When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/b482cd2053e3b90a7b33a78c63cdb6badf2ec383 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53329 – workqueue: fix data race with the pwq->stats[] increment
https://notcve.org/view.php?id=CVE-2023-53329
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with the pwq->stats[] increment KCSAN has discovered a data race in kernel/workqueue.c:2598: [ 1863.554079] ================================================================== [ 1863.554118] BUG: KCSAN: data-race in process_one_work / process_one_work [ 1863.554142] write to 0xffff963d99d79998 of 8 bytes by task 5394 on cpu 27: [ 1863.554154] process_one_work (kernel/workqueue.c:2598) [ 1863.554166] worker_thread (./... • https://git.kernel.org/stable/c/725e8ec59c56c65fb92e343c10a8842cd0d4f194 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53328 – fs/ntfs3: Enhance sanity check while generating attr_list
https://notcve.org/view.php?id=CVE-2023-53328
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance sanity check while generating attr_list ni_create_attr_list uses WARN_ON to catch error cases while generating attribute list, which only prints out stack trace and may not be enough. This repalces them with more proper error handling flow. [ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e [ 59.673268] #PF: supervisor read access in kernel mode [ 59.678354] #PF: error_code(0x0000) - not-present p... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53327 – iommufd/selftest: Catch overflow of uptr and length
https://notcve.org/view.php?id=CVE-2023-53327
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflow of uptr and length syzkaller hits a WARN_ON when trying to have a uptr close to UINTPTR_MAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufd_test+0xb19/0x16f0 Modules linked in: CPU: 1 PID: 393 Comm: repro Not tainted 6.2.0-c9c3395d5e3d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:iommufd_test+0xb19/0... • https://git.kernel.org/stable/c/f4b20bb34c83dceade5470288f48f94ce3598ada •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53326 – powerpc: Don't try to copy PPR for task with NULL pt_regs
https://notcve.org/view.php?id=CVE-2023-53326
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly done for other archs. This is fine, except when PF_IO_WORKER's have been created and the task does something that causes a coredump to be generated. Then we get this crash: Kernel attempted to read user page (160) - exploit attempt? (uid: 1000) BUG: Kernel NUL... • https://git.kernel.org/stable/c/fa439810cc1b3c927ec24ede17d02467e1b143a1 •