CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50343 – rapidio: fix possible name leaks when rio_add_device() fails
https://notcve.org/view.php?id=CVE-2022-50343
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up t... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50341 – cifs: fix oops during encryption
https://notcve.org/view.php?id=CVE-2022-50341
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit V... • https://git.kernel.org/stable/c/026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50340 – media: vimc: Fix wrong function called when vimc_init() fails
https://notcve.org/view.php?id=CVE-2022-50340
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vimc: Fix wrong function called when vimc_init() fails In vimc_init(), when platform_driver_register(&vimc_pdrv) fails, platform_driver_unregister(&vimc_pdrv) is wrongly called rather than platform_device_unregister(&vimc_pdev), which causes kernel warning: Unexpected driver unregister! WARNING: CPU: 1 PID: 14517 at drivers/base/driver.c:270 driver_unregister+0x8f/0xb0 RIP: 0010:driver_unregister+0x8f/0xb0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39833 – mISDN: hfcpci: Fix warning when deleting uninitialized timer
https://notcve.org/view.php?id=CVE-2025-39833
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads to the following splat: [ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0 [ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0 [ 250.218775] Modules linked in: hfcpci(-) mISDN_core [ 250.219537] CPU: 0 U... • https://git.kernel.org/stable/c/87c5fa1bb42624254a2013cbbc3b170d6017f5d6 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39829 – trace/fgraph: Fix the warning caused by missing unregister notifier
https://notcve.org/view.php?id=CVE-2025-39829
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftrace_suspend_notifier_call already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0 ... Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39828 – atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
https://notcve.org/view.php?id=CVE-2025-39828
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called to send an in-kernel special message. The message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length. Also, a pointer of struct atm_vcc is set to atmtcp_control.vcc. The notable thing is struct atmtcp_control is uAPI but has a space for... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39827 – net: rose: include node references in rose_neigh refcount
https://notcve.org/view.php?id=CVE-2025-39827
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39826 – net: rose: convert 'use' field to refcount_t
https://notcve.org/view.php?id=CVE-2025-39826
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh structure is freed while still being referenced by other code paths. For example, when rose_neigh->use becomes zero during an ioctl operation via rose_rt_ioctl(), the structure may be removed while its timer is still active, potentially causing use-after-fre... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39824 – HID: asus: fix UAF via HID_CLAIMED_INPUT validation
https://notcve.org/view.php?id=CVE-2025-39824
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HID_CLAIMED_INPUT validation After hid_hw_start() is called hidinput_connect() will eventually be called to set up the device with the input layer since the HID_CONNECT_DEFAULT connect mask is used. During hidinput_connect() all input and output reports are processed and corresponding hid_inputs are allocated and configured via hidinput_configure_usages(). This process involves slot tagging report fields and configuri... • https://git.kernel.org/stable/c/9ce12d8be12c94334634dd57050444910415e45f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39823 – KVM: x86: use array_index_nospec with indices that come from guest
https://notcve.org/view.php?id=CVE-2025-39823
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_index_nospec() after the bounds checks clamps these values to mitigate speculative execution side-channels. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_index_nospec() aft... • https://git.kernel.org/stable/c/4180bf1b655a791a0a6ef93a2ffffc762722c782 •