CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53541 – mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
https://notcve.org/view.php?id=CVE-2023-53541
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length is not in multiple of words, the oob write function does out-of-bounds read on the oob source buffer at the last iteration. Fix that by always checking length limit on the oob buffer read and fill with 0xff when reaching the end of the buffer to the oob registers. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand... • https://git.kernel.org/stable/c/27c5b17cd1b10564fa36f8f51e4b4b41436ecc32 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53540 – wifi: cfg80211: reject auth/assoc to AP with our address
https://notcve.org/view.php?id=CVE-2023-53540
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connection... • https://git.kernel.org/stable/c/19957bb399e2722719c0e20c9ae91cf8b6aaff04 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53539 – RDMA/rxe: Fix incomplete state save in rxe_requester
https://notcve.org/view.php?id=CVE-2023-53539
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to rxe_xmit_packet() can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state before the packet was sent so it can be resent. However, the routines that save and restore the state miss a significnt part of the variable state in the wqe, the dma struct which is used to process through the... • https://git.kernel.org/stable/c/3050b99850247695cb07a5c15265afcc08bcf400 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53538 – btrfs: insert tree mod log move in push_node_left
https://notcve.org/view.php?id=CVE-2023-53538
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in push_node_left There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following trace: [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096 [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096 [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002 [530.618] #PF: supervisor read acces... • https://git.kernel.org/stable/c/57911b8ba814fae01306376a0d02bc7cdc88dc94 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53535 – net: bcmgenet: Add a check for oversized packets
https://notcve.org/view.php?id=CVE-2023-53535
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early check which drops the packet to avoid invoking skb_over_panic() and move on to processing the next packet. In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized... • https://git.kernel.org/stable/c/1c1008c793fa46703a2fee469f4235e1c7984333 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50486 – net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50486
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to ... • https://git.kernel.org/stable/c/84640e27f23041d474c31d3362c3e2185ad68ec2 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50485 – ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
https://notcve.org/view.php?id=CVE-2022-50485
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_iget() returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, because the inode may not be initialized. This mechanism can be used to bypass some checks and cause panic. To solve this problem, we add a special iget flag EXT4_IGET_BAD. Only with this flag we'd be returning bad... • https://git.kernel.org/stable/c/393d1d1d76933886d5e1ce603214c9987589c6d5 • CWE-654: Reliance on a Single Factor in a Security Decision •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50484 – ALSA: usb-audio: Fix potential memory leaks
https://notcve.org/view.php?id=CVE-2022-50484
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the partially allocated URBs might be left without released, because ep->nurbs is still zero at that point. Fix it by setting ep->nurbs at first, so that the error handle... • https://git.kernel.org/stable/c/8fdff6a319e7dac757c558bd283dc4577e68cde7 • CWE-911: Improper Update of Reference Count •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50482 – iommu/vt-d: Clean up si_domain in the init_dmars() error path
https://notcve.org/view.php?id=CVE-2022-50482
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool") when there was a failure in init_dmars(), because the iommu_domain cache still had objects. While the mempool code is now gone, there still is a leak of the si_domain memory if init_dmars() fails. So clean up si_domain in the init_dmars() error p... • https://git.kernel.org/stable/c/86080ccc223aabf8d0b85a504f4f06aa88e82fb3 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50481 – cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
https://notcve.org/view.php?id=CVE-2022-50481
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and ... • https://git.kernel.org/stable/c/14baf4d9c739e6e69150512d2eb23c71fffcc192 •