CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54035 – netfilter: nf_tables: fix underflow in chain reference counter
https://notcve.org/view.php?id=CVE-2023-54035
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") incorrectly fixed this by removing the stateful object reference count decrement. Restore the stateful object decrement as in b91d90368837 ("netfilter: nf_tab... • https://git.kernel.org/stable/c/628bd3e49cba1c066228e23d71a852c23e26da73 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54032 – btrfs: fix race when deleting quota root from the dirty cow roots list
https://notcve.org/view.php?id=CVE-2023-54032
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fs_info->dirty_cowonly_roots without taking the lock that protects it, which is struct btrfs_fs_info::trans_lock. This unsynchronized list manipulation may cause chaos if there's another concurrent manipulation of this list, such as when adding a root to it with ctree.c:add_root_to_dirty_list(). This can ... • https://git.kernel.org/stable/c/bed92eae26ccf280d1a2168b7509447b56675a27 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54029 – wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO
https://notcve.org/view.php?id=CVE-2023-54029
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO For MLO, we cannot use vif->bss_conf.chandef.chan->band, since that will lead to a NULL-ptr dereference as bss_conf isn't used. However, in case of real MLO, we also need to take both LMACs into account if they exist, since the station might be active on both LMACs at the same time. • https://git.kernel.org/stable/c/63e2d06adf6b0842132ba89efdf8fada5f7ff1ac •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54028 – RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task"
https://notcve.org/view.php?id=CVE-2023-54028
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like rxe_init_task are not setup until rxe_qp_init_req(). If an error occurred before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. If rxe... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54025 – wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
https://notcve.org/view.php?id=CVE-2023-54025
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled In case WoWlan was never configured during the operation of the system, the hw->wiphy->wowlan_config will be NULL. rsi_config_wowlan() checks whether wowlan_config is non-NULL and if it is not, then WARNs about it. The warning is valid, as during normal operation the rsi_config_wowlan() should only ever be called with non-NULL wowlan_config. In shutdown this rsi_config_wowla... • https://git.kernel.org/stable/c/16bbc3eb83728c03138191a5d23d84d38175fa26 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54024 – KVM: Destroy target device if coalesced MMIO unregistration fails
https://notcve.org/view.php?id=CVE-2023-54024
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvm_io_bus_unregister_dev() does not destroy the target device. BUG: memory leak unreferenced object 0xffff888112a54880 (size 64): comm "syz-executor.2", pid 5258, jiffies 4297861402 (age 14.129s) hex dump (first 32 bytes): 38 c7 67 15 00 c9 ff ff 38 c7 67 15 00... • https://git.kernel.org/stable/c/7d1bc32d6477ff96a32695ea4be8144e4513ab2d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54023 – btrfs: fix race between balance and cancel/pause
https://notcve.org/view.php?id=CVE-2023-54023
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465 ------------[ cut here ]------------ kernel BUG at fs/btrfs/messages.c:259! RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259 Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54021 – ext4: set goal start correctly in ext4_mb_normalize_request
https://notcve.org/view.php?id=CVE-2023-54021
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright ... • https://git.kernel.org/stable/c/2479bb6cbdb4d56b807bbe5229e3e26a6f1f4530 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54020 – dmaengine: sf-pdma: pdma_desc memory leak fix
https://notcve.org/view.php?id=CVE-2023-54020
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdma_desc memory leak fix Commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel") changed sf_pdma_prep_dma_memcpy() to unconditionally allocate a new sf_pdma_desc each time it is called. The driver previously recycled descs, by checking the in_use flag, only allocating additional descs if the existing one was in use. This logic was removed in commit b2cc5c465c2c ("dmaengine: sf-pdma: Add mul... • https://git.kernel.org/stable/c/5ab2782c944e324008ef5d658f2494a9f0e3c5ac •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54019 – sched/psi: use kernfs polling functions for PSI trigger polling
https://notcve.org/view.php?id=CVE-2023-54019
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes a call to cgroup_file_release while the actual file is still alive. Destroying the trigger at this point would also destroy its waitqueue head and if there is still a polling process on that file accessing the wai... • https://git.kernel.org/stable/c/0e94682b73bfa6c44c98af7a26771c9c08c055d5 •