CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50405 – net/tunnel: wait until all sk_user_data reader finish before releasing the sock
https://notcve.org/view.php?id=CVE-2022-50405
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all sk_user_data reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after getting vxlan_sock vs from sk_user_data. Then in later vxlan_ecn_decapsulate(), vxlan_get_sk_family() we will got NULL pointer dereference. e.g. #0 [ffffa25ec6978a38] machine_kexec at ffffffff8c669757 #1 [ffffa25ec... • https://git.kernel.org/stable/c/6a93cc9052748c6355ec9d5b6c38b77f85f1cb0d • CWE-476: NULL Pointer Dereference CWE-820: Missing Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50402 – drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
https://notcve.org/view.php?id=CVE-2022-50402
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Check the return value of md_bitmap_get_counter() in case it returns NULL pointer, which will result in a null pointer dereference. v2: update the check to include other dereference In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Check the return value of md_bitmap_get_counter() ... • https://git.kernel.org/stable/c/d60b479d177a5735b6b4db6ee5280ef6653f50e7 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50401 – nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
https://notcve.org/view.php?id=CVE-2022-50401
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure On error situation `clp->cl_cb_conn.cb_xprt` should not be given a reference to the xprt otherwise both client cleanup and the error handling path of the caller call to put it. Better to delay handing over the reference to a later branch. [ 72.530665] refcount_t: underflow; use-after-free. [ 72.531933] WARNING: CPU: 0 PID: 173 at lib/refcount.c:28 refcount_warn_saturate+0xcf... • https://git.kernel.org/stable/c/69151594c72a1748cf93ae5b5fa68d5084253dce • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53400 – ALSA: hda: Fix Oops by 9.1 surround channel names
https://notcve.org/view.php?id=CVE-2023-53400
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names get_line_out_pfx() may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for the 9.1 channels and also fix the potential Oops by unifying the code paths accessing the same array with the proper size check. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix... • https://git.kernel.org/stable/c/247d85ee068610c50d66ee0cd3130e02c69f5f2e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53397 – modpost: fix off by one in is_executable_section()
https://notcve.org/view.php?id=CVE-2023-53397
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_executable_section() The > comparison should be >= to prevent an out of bounds array access. In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_executable_section() The > comparison should be >= to prevent an out of bounds array access. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with... • https://git.kernel.org/stable/c/52dc0595d540155436d91811f929bdc8afd6a2a1 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53395 – ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
https://notcve.org/view.php?id=CVE-2023-53395
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode. When ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53393 – RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
https://notcve.org/view.php?id=CVE-2023-53393
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access ... • https://git.kernel.org/stable/c/aac4492ef23a176b6f1a41aadb99177eceb1fc06 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-53391 – shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
https://notcve.org/view.php?id=CVE-2023-53391
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs_context method, which allocates fc->s_fs_info, use ramfs_kill_sb() to free it and avoid a memory leak. In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs... • https://git.kernel.org/stable/c/c3b1b1cbf002e65a3cabd479e68b5f35886a26db •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53388 – drm/mediatek: Clean dangling pointer on bind error path
https://notcve.org/view.php?id=CVE-2023-53388
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtk_drm_bind() can fail, in which case drm_dev_put() is called, destroying the drm_device object. However a pointer to it was still being held in the private object, and that pointer would be passed along to DRM in mtk_drm_sys_prepare() if a suspend were triggered at that point, resulting in a panic. Clean the pointer when destroying the object in the error path to prevent this from ha... • https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-53384 – wifi: mwifiex: avoid possible NULL skb pointer dereference
https://notcve.org/view.php?id=CVE-2023-53384
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiex_handle_uap_rx_forward()', always check the value returned by 'skb_copy()' to avoid potential NULL pointer dereference in 'mwifiex_uap_queue_bridged_pkt()', and drop original skb in case of copying failure. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NUL... • https://git.kernel.org/stable/c/838e4f44929782a2163c7bc95a7cd2da5d8b47f9 • CWE-476: NULL Pointer Dereference •