CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54298 – thermal: intel: quark_dts: fix error pointer dereference
https://notcve.org/view.php?id=CVE-2023-54298
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quark_dts: fix error pointer dereference If alloc_soc_dts() fails, then we can just return. Trying to free "soc_dts" will lead to an Oops. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/8c1876939663191b5044807230fa295f35462215 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54295 – mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
https://notcve.org/view.php?id=CVE-2023-54295
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_type() was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-bounds in drivers/mtd/spi-nor/core.c:2237:24 shift exponent 4294967295 is too large for 32-bit type 'int' The setting of the size_{shift, mask} and of the opcode are unnecessary when the erase size is zero, as... • https://git.kernel.org/stable/c/5390a8df769ec9ba9c995191bb0867430f602ebb •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54294 – md/raid10: fix memleak of md thread
https://notcve.org/view.php?id=CVE-2023-54294
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setting 'mddev->thread' right after setup_conf(). The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/43a521238aca0e24d50add1db125a61bda2a3527 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54293 – bcache: fixup btree_cache_wait list damage
https://notcve.org/view.php?id=CVE-2023-54293
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btree_cache_wait list damage We get a kernel crash about "list_add corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct list_head 0xffff9c801bc01210 struct list_head { next = 0xffffae586d8afe68, prev = 0xffffae586d8afe68 } crash> struct list_head 0xffff9c77b688237c struct list_head { next = 0x0, prev = 0x0 } crash> struct list_head 0xffffae586d8afe68 struct... • https://git.kernel.org/stable/c/8e7102273f597dbb38af43da874f8c123f8e6dbe •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54289 – scsi: qedf: Fix NULL dereference in error handling
https://notcve.org/view.php?id=CVE-2023-54289
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL. The SUSE Linux Enterprise... • https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54287 – tty: serial: imx: disable Ageing Timer interrupt request irq
https://notcve.org/view.php?id=CVE-2023-54287
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.... • https://git.kernel.org/stable/c/8a61f0c70ae65c6b70d13228c3120c73d7425a60 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54286 – wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
https://notcve.org/view.php?id=CVE-2023-54286
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net... • https://git.kernel.org/stable/c/5a3d9882b84edf5fa8e8ca33a5d6df25e2e727a5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54284 – media: av7110: prevent underflow in write_ts_to_decoder()
https://notcve.org/view.php?id=CVE-2023-54284
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is not negative. It's not clear that passing a negative len value does anything bad necessarily, but it's not best practice. With the new bounds checking the "if (! • https://git.kernel.org/stable/c/fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54283 – bpf: Address KCSAN report on bpf_lru_list
https://notcve.org/view.php?id=CVE-2023-54283
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() pattern instead of data_race(). There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref(). This patch also adds bpf_lru_node_clear_ref() to do the WRITE_ONCE(node->ref, 0) also. ===========================================... • https://git.kernel.org/stable/c/3a08c2fd763450a927d1130de078d6f9e74944fb •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54282 – media: tuners: qt1010: replace BUG_ON with a regular error
https://notcve.org/view.php?id=CVE-2023-54282
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/4682b58e5af01ee856a706083eac71238fb69cd0 •