CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54226 – af_unix: Fix data races around sk->sk_shutdown.
https://notcve.org/view.php?id=CVE-2023-54226
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races around sk->sk_shutdown. KCSAN found a data race around sk->sk_shutdown where unix_release_sock() and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll() and unix_dgram_poll() read it locklessly. We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE(). BUG: KCSAN: data-race in unix_poll / unix_release_sock write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unix_release_sock... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54225 – net: ipa: only reset hashed tables when supported
https://notcve.org/view.php?id=CVE-2023-54225
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipa: only reset hashed tables when supported Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently, Google reported seeing transaction reference count underflows occasionally during shutdown. Doug Anderson found a way to reproduce the issue reliably, and bisected the issue to the commit that eliminated the linked l... • https://git.kernel.org/stable/c/d338ae28d8a866c57fcac38f3d77bcc1d1702d19 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54224 – btrfs: fix lockdep splat and potential deadlock after failure running delayed items
https://notcve.org/view.php?id=CVE-2023-54224
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the delayed items. However if have an error during the insertions for example, btrfs_insert_delayed_items() may return with a path that has locked extent buffers (a leaf at the very least), and then we attempt to relea... • https://git.kernel.org/stable/c/50abe4b37f58a25214b732212926d35e6fabd6c3 •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2023-54223 – net/mlx5e: xsk: Fix invalid buffer access for legacy rq
https://notcve.org/view.php?id=CVE-2023-54223
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDP_REDIRECT path, and then once again in the driver. This fix sets the flag to avoid releasing on the driver side. XSK handling of buffers for legacy rq was relying on the caller to set the skip release flag. But the referenced fix started using fragment counts for pages ins... • https://git.kernel.org/stable/c/cbb5379362513cbff450df0457dc370da7244bec •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54222 – hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id()
https://notcve.org/view.php?id=CVE-2023-54222
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id() The "map_sz" is the number of elements in the "m" array so the > comparison needs to be changed to >= to prevent an out of bounds read. • https://git.kernel.org/stable/c/09574cca6ad649f84ba804caf63a5aefe0202834 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54221 – clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe
https://notcve.org/view.php?id=CVE-2023-54221
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe In function probe(), it returns directly without unregistered hws when error occurs. Fix this by adding 'goto unregister_hws;' on line 295 and line 310. Use devm_kzalloc() instead of kzalloc() to automatically free the memory using devm_kfree() when error occurs. Replace of_iomap() with devm_of_iomap() to automatically handle the unused ioremap region and delete 'ioun... • https://git.kernel.org/stable/c/24defbe194b650218680fcd9dec8cd103537b531 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54220 – serial: 8250: Fix oops for port->pm on uart_change_pm()
https://notcve.org/view.php?id=CVE-2023-54220
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port->pm on uart_change_pm() Unloading a hardware specific 8250 driver can produce error "Unable to handle kernel paging request at virtual address" about ten seconds after unloading the driver. This happens on uart_hangup() calling uart_change_pm(). Turns out commit 04e82793f068 ("serial: 8250: Reinit port->pm on port specific driver unbind") was only a partial fix. If the hardware specific driver has initialized... • https://git.kernel.org/stable/c/490bf37eaabb0a857ed1ae8e75d8854e41662f1c •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2023-54219 – Revert "IB/isert: Fix incorrect release of isert connection"
https://notcve.org/view.php?id=CVE-2023-54219
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "IB/isert: Fix incorrect release of isert connection" Commit: 699826f4e30a ("IB/isert: Fix incorrect release of isert connection") is causing problems on OPA when DEVICE_REMOVAL is happening. ------------[ cut here ]------------ WARNING: CPU: 52 PID: 2117247 at drivers/infiniband/core/cq.c:359 ib_cq_pool_cleanup+0xac/0xb0 [ib_core] Modules linked in: nfsd nfs_acl target_core_user uio tcm_fc libfc scsi_transport_fc tcm_loop target_cor... • https://git.kernel.org/stable/c/ccf5a1b28e2b73952e8d23126fa1abc6ff99de55 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54218 – net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
https://notcve.org/view.php?id=CVE-2023-54218
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:... • https://git.kernel.org/stable/c/6c7c98bad4883a4a8710c96b2b44de482865eb6e •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54217 – Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
https://notcve.org/view.php?id=CVE-2023-54217
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0. A recent patch that tried to fix up the msm_drm_init() paths with respect to the workqueue but only ended up making things worse: First, the newly added calls to msm_drm_uninit() on early errors would trigger NULL-pointer dereferences, for example, as the kms pointer would not have been initialised. (Note... • https://git.kernel.org/stable/c/643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0 •