CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68736 – landlock: Fix handling of disconnected directories
https://notcve.org/view.php?id=CVE-2025-68736
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a way that makes them inaccessible from the mount point (i.e. out of scope). Previously, access rights tied to files or directories opened through a disconnected directory were collected by walking the related hierarchy down to ... • https://git.kernel.org/stable/c/cb2c7d1a1776057c9a1f48ed1250d85e94d4850d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68734 – isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
https://notcve.org/view.php?id=CVE-2025-68734
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when setup_instance() fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also change the error paths to use the goto ladder style. Compile tested only. Issue found using a prototype static analysis tool. • https://git.kernel.org/stable/c/69f52adb2d534afc41fcc658f155e01f0b322f9e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54042 – powerpc/64s: Fix VAS mm use after free
https://notcve.org/view.php?id=CVE-2023-54042
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/7bc6f71bdff5f8921e324da0a8fad6f4e2e63a85 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54041 – io_uring: fix memory leak when removing provided buffers
https://notcve.org/view.php?id=CVE-2023-54041
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in page-sized groups. They need to be added to some free list instead, such as io_buffers_cache. All callers already hold the lock protecting it, apart from when destroying buffers, so had to extend the lock there. The SUSE... • https://git.kernel.org/stable/c/cc3cec8367cba76a8ae4c271eba8450f3efc1ba3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54040 – ice: fix wrong fallback logic for FDIR
https://notcve.org/view.php?id=CVE-2023-54040
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr returns failure, the fdir context info for irq handler will not be cleared which may lead to inconsistent or memory leak issue. This patch refines failure cases to resolve this issue. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various securi... • https://git.kernel.org/stable/c/1f7ea1cd6a3748427512ccc9582e18cd9efea966 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54039 – can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2023-54039
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is larger than the size of struct j1939_sk_buff_cb. This is because the memcpy() operation uses the size of skb->cb, leading to a read beyond the struct j1939_sk_buff_cb. Updated the memcpy() operation to use the size of struct j1939_sk_buff_... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54038 – Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
https://notcve.org/view.php?id=CVE-2023-54038
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller. The same issue exists for iso_co... • https://git.kernel.org/stable/c/06149746e7203d5ffe2d6faf9799ee36203aa8b8 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54037 – ice: prevent NULL pointer deref during reload
https://notcve.org/view.php?id=CVE-2023-54037
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl lock for VSI deconfig and config. Set ::num_q_vectors to 0 after freeing and add a check for ::tx/rx_rings in ring related ethtool ops. Add proper unroll of filters in ice_start_eth(). Reproduction: $watch -n 0.1 -d 'ethtool -g enp24s0f0np0' $devlink dev reloa... • https://git.kernel.org/stable/c/5b246e533d0177775c64b40a2af1e62aff5d279b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54036 – wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
https://notcve.org/view.php?id=CVE-2023-54036
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H (card to host) messages, which are not freed correctly. To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback() inside the loop where skb_dequeue() is called. The RTL8192EU leaks memory because the ... • https://git.kernel.org/stable/c/e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54035 – netfilter: nf_tables: fix underflow in chain reference counter
https://notcve.org/view.php?id=CVE-2023-54035
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") incorrectly fixed this by removing the stateful object reference count decrement. Restore the stateful object decrement as in b91d90368837 ("netfilter: nf_tab... • https://git.kernel.org/stable/c/628bd3e49cba1c066228e23d71a852c23e26da73 •