CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54157 – binder: fix UAF of alloc->vma in race with munmap()
https://notcve.org/view.php?id=CVE-2023-54157
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed in mainline after the revert of commit a43cfc87caaf ("android: binder: stop saving a pointer to the VMA") as pointed out by Liam. The commit log and tags have been tweaked to reflect this. ] In commit 720c24192404 ("ANDROID: binder: change down_write ... • https://git.kernel.org/stable/c/dd2283f2605e3b3e9c61bcae844b34f2afa4813f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54153 – ext4: turn quotas off if mount failed after enabling quotas
https://notcve.org/view.php?id=CVE-2023-54153
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value, the error handling path does not turn off the enabled quotas, which triggers the following kmemleak: ================================================================ unreferenced object 0xffff8cf68678e7c0 (size 64): comm "mount", pi... • https://git.kernel.org/stable/c/11215630aada28307ba555a43138db6ac54fa825 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54151 – f2fs: Fix system crash due to lack of free space in LFS
https://notcve.org/view.php?id=CVE-2023-54151
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data migration exceeds free space. The reproduction sequence is as follows. - 20GiB capacity block device (null_blk) - format and mount with LFS mode - create a file and write 20,000MiB - 4k random write on full range of... • https://git.kernel.org/stable/c/f4631d295ae3fff9e240ab78dc17f4b83d14f7bc •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54150 – drm/amd: Fix an out of bounds error in BIOS parser
https://notcve.org/view.php?id=CVE-2023-54150
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589 ("drm/amd/display: fix array index out of bound error in bios parser") fixed some of this, but there are two other cases not covered by it. Fix those as well. In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/b8e7589f50b709b647b642531599e70707faf70c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54145 – bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
https://notcve.org/view.php?id=CVE-2023-54145
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two pieces of user-provided information that can be output through this buffer, and both can be arbitrarily sized by user: - BTF names; - BTF.ext source code lines strings. Verifier log buffer should be properly sized f... • https://git.kernel.org/stable/c/40c88c429a598006f91ad7a2b89856cd50b3a008 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-54142 – gtp: Fix use-after-free in __gtp_encap_destroy().
https://notcve.org/view.php?id=CVE-2023-54142
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix suspicious RCU usage") added lock_sock() and release_sock() in __gtp_encap_destroy() to protect sk->sk_user_data, but release_sock() is called after sock_put() releases the last refcnt. [0]: BUG: KASAN: slab-use-after-free in instrument_a... • https://git.kernel.org/stable/c/01f3c64e405ab3d25887d080a103ad76f30661d2 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54140 – nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
https://notcve.org/view.php?id=CVE-2023-54140
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can panic if the kernel is booted with panic_on_warn. This is because nilfs2 keeps buffer pointers in local structures for some metadata and reuses them, but such buffers may be fo... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54136 – serial: sprd: Fix DMA buffer leak issue
https://notcve.org/view.php?id=CVE-2023-54136
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. • https://git.kernel.org/stable/c/f4487db58eb780a52d768f3b36aaaa8fd5839215 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54134 – autofs: fix memory leak of waitqueues in autofs_catatonic_mode
https://notcve.org/view.php?id=CVE-2023-54134
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'..... 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'............. backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54132 – erofs: stop parsing non-compact HEAD index if clusterofs is invalid
https://notcve.org/view.php?id=CVE-2023-54132
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which causes the following unexpected behavior as below: BUG: unable to handle page fault for address: fffff52101a3fff9 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23ffed067 P4D 23ffed067 PUD 0... • https://git.kernel.org/stable/c/02827e1796b33f1794966f5c3101f8da2dfa9c1d •