CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50737 – fs/ntfs3: Validate index root when initialize NTFS security
https://notcve.org/view.php?id=CVE-2022-50737
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. [ 162.459513] BUG: KASAN: use-after-free in hdr_find_e.isra.0+0x10c/0x320 [ 162.460176] Read of size 2 at addr ffff8880037bca99 by task mount/243 [ 162.460851] [ 162.461252] CPU: 0 PID: 243 Comm: mount Not tainted 6.0.0-rc7 #42 [ 162.461744] Hardware name: QEMU ... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54077 – fs/ntfs3: Fix memory leak if ntfs_read_mft failed
https://notcve.org/view.php?id=CVE-2023-54077
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfs_read_mft failed Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and ni->ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC and alloc ni->dir.alloc_run. However two states are not always consistent and can make memory leak. 1) attr_name in ATTR_ROOT does not fit the condition it will set is_root = true but NI_FLAG_DIR is not set. 2) next attr_name in ATTR_ALLOC fits the condition and a... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54076 – smb: client: fix missed ses refcounting
https://notcve.org/view.php?id=CVE-2023-54076
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper to get an active reference of @ses and @ses->dfs_root_ses (if set). This will prevent @ses->dfs_root_ses of being put in the next call to cifs_put_smb_ses() and thus potentially causing an use-after-free bug. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper t... • https://git.kernel.org/stable/c/8e3554150d6c80a84b3cb046615d1a0e943811dc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54075 – ASoC: mediatek: common: Fix refcount leak in parse_dai_link_info
https://notcve.org/view.php?id=CVE-2023-54075
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: common: Fix refcount leak in parse_dai_link_info Add missing of_node_put()s before the returns to balance of_node_get()s and of_node_put()s, which may get unbalanced in case the for loop 'for_each_available_child_of_node' returns early. In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: common: Fix refcount leak in parse_dai_link_info Add missing of_node_put()s before the returns to balance o... • https://git.kernel.org/stable/c/4302187d955f166c03b4fa7c993b89ffbabfca4e •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54074 – net/mlx5e: Use correct encap attribute during invalidation
https://notcve.org/view.php?id=CVE-2023-54074
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use correct encap attribute during invalidation With introduction of post action infrastructure most of the users of encap attribute had been modified in order to obtain the correct attribute by calling mlx5e_tc_get_encap_attr() helper instead of assuming encap action is always on default attribute. However, the cited commit didn't modify mlx5e_invalidate_encap() which prevents it from destroying correct modify header action whic... • https://git.kernel.org/stable/c/8300f225268be9ee2c0daf5a3f23929fcdcbf213 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54073 – tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site
https://notcve.org/view.php?id=CVE-2023-54073
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site The following crash was reported: [ 1950.279393] list_del corruption, ffff99560d485790->next is NULL [ 1950.279400] ------------[ cut here ]------------ [ 1950.279401] kernel BUG at lib/list_debug.c:49! [ 1950.279405] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 1950.279407] CPU: 11 PID: 5886 Comm: modprobe Tainted: G O 6.2.8_1 #1 [ 1950.279409] Hardware name: Gigabyt... • https://git.kernel.org/stable/c/b006c439d58db625318bf2207feabf847510a8a6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54072 – ALSA: pcm: Fix potential data race at PCM memory allocation helpers
https://notcve.org/view.php?id=CVE-2023-54072
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size. Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not pos... • https://git.kernel.org/stable/c/d4cfb30fce03093ad944e0b44bd8f40bdad5330e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54071 – wifi: rtw88: use work to update rate to avoid RCU warning
https://notcve.org/view.php?id=CVE-2023-54071
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use work to update rate to avoid RCU warning The ieee80211_ops::sta_rc_update must be atomic, because ieee80211_chan_bw_change() holds rcu_read lock while calling drv_sta_rc_update(), so create a work to do original things. Voluntary context switch within RCU read-side critical section! WARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x571/0x5d0 CPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G W... • https://git.kernel.org/stable/c/c1edc86472fc3a5aa3b5c5c53c4e20f6a24992a6 •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54070 – igb: clean up in all error paths when enabling SR-IOV
https://notcve.org/view.php?id=CVE-2023-54070
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 ("igb: Enable SR-IOV after reinit"), removing the igb module could hang or crash (depending on the machine) when the module has been loaded with the max_vfs parameter set to some value != 0. In case of one test machine with a dual port 82580, this hang occurred: [ 232.480687] igb 0000:41:00.1: removed PHC on enp65s0f1 [ 233.093257] igb 0000:41:00.1: IOV Disabled... • https://git.kernel.org/stable/c/50f303496d92e25b79bdfb73e3707ad0684ad67f •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54069 – ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
https://notcve.org/view.php?id=CVE-2023-54069
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow When we calculate the end position of ext4_free_extent, this position may be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not the first case of adjusting the best extent, that is, new_bex_end > 0, the following BUG_ON will be ... • https://git.kernel.org/stable/c/8659c5f4ffaacbe932849b98462c3d635b4eacea •