CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50381 – md: fix a crash in mempool_free
https://notcve.org/view.php?id=CVE-2022-50381
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempool_free There's a crash in mempool_free when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: * super_written calls atomic_dec_and_test(&mddev->pending_writes) and wake_up(&mddev->sb_wait). Then it calls rdev_dec_pending(rdev, mddev) and bio_put(bio). * so, the process that waited on sb_wait and that is woken up is racing with bio_put(bio). * if the process wins the race, it call... • https://git.kernel.org/stable/c/f8b58edf3acf0dcc186b8330939000ecf709368a • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50380 – mm: /proc/pid/smaps_rollup: fix no vma's null-deref
https://notcve.org/view.php?id=CVE-2022-50380
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-deref if there are no vma's in the task in show_smaps_rollup. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-dere... • https://git.kernel.org/stable/c/258f669e7e88c18edbc23fe5ce00a476b924551f • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50379 – btrfs: fix race between quota enable and quota rescan ioctl
https://notcve.org/view.php?id=CVE-2022-50379
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfs_quota_enable(), after committing the transaction, we change fs_info->quota_root to point to the quota root we created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try to start the qgroup rescan worker, first by initializing it with a call to qgroup_rescan_init() - however if that fails we end up freeing the quota root but we leave fs_info... • https://git.kernel.org/stable/c/5d23515be66904fa3b1b5d6bd72d2199cd2447ab • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50378 – drm/meson: reorder driver deinit sequence to fix use-after-free bug
https://notcve.org/view.php?id=CVE-2022-50378
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [ +0.006275] ============================================================= [ +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0 [ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695 [ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1 [ +0.000013... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50376 – orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
https://notcve.org/view.php?id=CVE-2022-50376
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmal... • https://git.kernel.org/stable/c/f7ab093f74bf638ed98fd1115f3efa17e308bb7f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50375 – tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
https://notcve.org/view.php?id=CVE-2022-50375
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can abort. Set lpuart_dma_tx_use and the corresponding rx flag lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not accessed after they are ... • https://git.kernel.org/stable/c/6250cc30c4c4e25393ba247f71bdc04b6af3191b •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53368 – tracing: Fix race issue between cpu buffer write and swap
https://notcve.org/view.php?id=CVE-2023-53368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sch... • https://git.kernel.org/stable/c/f1affcaaa861f27752a769f889bf1486ebd301fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53365 – ip6mr: Fix skb_under_panic in ip6mr_cache_report()
https://notcve.org/view.php?id=CVE-2023-53365
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),... • https://git.kernel.org/stable/c/14fb64e1f449ef6666f1c3a3fa4e13aec669b98d • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53357 – md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
https://notcve.org/view.php?id=CVE-2023-53357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in md_bitmap_get_counter() in order to set *blocks value and slab-out-of-bounds occurs. Move check of 'page >= bitmap->pages' to md_bitmap_get_counter() and return directly if true. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/ef4256733506f2459a0c436b62267d22a3f0cec6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-53355 – staging: pi433: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-53355
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This requires saving off the root directory dentry to make creation of individual device subdirectories easier. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/874bcba65f9a3a2a304b5f520529c046887c3cdc • CWE-401: Missing Release of Memory after Effective Lifetime •