CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54186 – usb: typec: altmodes/displayport: fix pin_assignment_show
https://notcve.org/view.php?id=CVE-2023-54186
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show when get_current_pin_assignments returns 0 i.e. no compatible pin assignments are found. BUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c ... Call trace: dump_backtrace+0x110/0x204 dump_stack_lvl+0x84/0xbc print_report+0x358/0x974 kasan_report+0x9c/0xfc __do_kernel_fault+0xd4/0x2d4 do_bad_area+0x48/0x... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54185 – btrfs: remove BUG_ON()'s in add_new_free_space()
https://notcve.org/view.php?id=CVE-2023-54185
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG_ON()'s in add_new_free_space() At add_new_free_space() we have these BUG_ON()'s that are there to deal with any failure to add free space to the in memory free space cache. Such failures are mostly -ENOMEM that should be very rare. However there's no need to have these BUG_ON()'s, we can just return any error to the caller and all callers and their upper call chain are already dealing with errors. So just make add_new_free... • https://git.kernel.org/stable/c/23e72231f8281505883514b23709076e234d4f27 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54184 – scsi: target: iscsit: Free cmds before session free
https://notcve.org/view.php?id=CVE-2023-54184
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for SID: 1, cleaning up iSCSI session. BUG: kernel NULL pointer dereference, address: 0000000000000140 RIP: 0010:sbitmap_queue_clear+0x3a/0xa0 Call Trace: target_release_cmd_kref+0xd1/0x1f0 [target_core_mod] transport_ge... • https://git.kernel.org/stable/c/89f5055f9b0b57c7e7f02e32df95ef401f809b71 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54183 – media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
https://notcve.org/view.php?id=CVE-2023-54183
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() If fwnode_graph_get_remote_endpoint() fails, 'fwnode' is known to be NULL, so fwnode_handle_put() is a no-op. Release the reference taken from a previous fwnode_graph_get_port_parent() call instead. Also handle fwnode_graph_get_port_parent() failures. In order to fix these issues, add an error handling path to the function and the needed gotos. • https://git.kernel.org/stable/c/ca50c197bd9610ea984cfc0dc6855f183cbb46f8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54182 – f2fs: fix to check readonly condition correctly
https://notcve.org/view.php?id=CVE-2023-54182
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check readonly condition correctly With below case, it can mount multi-device image w/ rw option, however one of secondary device is set as ro, later update will cause panic, so let's introduce f2fs_dev_is_readonly(), and check multi-devices rw status in f2fs_remount() w/ it in order to avoid such inconsistent mount status. mkfs.f2fs -c /dev/zram1 /dev/zram0 -f blockdev --setro /dev/zram1 mount -t f2fs dev/zram0 /mnt/f2fs mount... • https://git.kernel.org/stable/c/e2759a59a4cc96af712084e9db7065c858c4fe9f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54181 – bpf: Fix issue in verifying allow_ptr_leaks
https://notcve.org/view.php?id=CVE-2023-54181
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allow_ptr_leaks After we converted the capabilities of our networking-bpf program from cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program failed to start. Because it failed the bpf verifier, and the error log is "R3 pointer comparison prohibited". A simple reproducer as follows, SEC("cls-ingress") int ingress(struct __sk_buff *skb) { struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethh... • https://git.kernel.org/stable/c/c96c67991aac6401b4c6996093bccb704bb2ea4b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54180 – btrfs: handle case when repair happens with dev-replace
https://notcve.org/view.php?id=CVE-2023-54180
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace [BUG] There is a bug report that a BUG_ON() in btrfs_repair_io_failure() (originally repair_io_failure() in v6.0 kernel) got triggered when replacing a unreliable disk: BTRFS warning (device sda1): csum failed root 257 ino 2397453 off 39624704 csum 0xb0d18c75 expected csum 0x4dae9c5e mirror 3 kernel BUG at fs/btrfs/extent_io.c:2380! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PI... • https://git.kernel.org/stable/c/a7018b40b49c37fb55736499f790ec0d2b381ae4 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54179 – scsi: qla2xxx: Array index may go out of bound
https://notcve.org/view.php?id=CVE-2023-54179
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). • https://git.kernel.org/stable/c/e697f466bf61280b7e996c9ea096d7ec371c31ea •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54178 – of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
https://notcve.org/view.php?id=CVE-2023-54178
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() when kmalloc() fail to allocate memory in kasprintf(), name or full_name will be NULL, strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/0d638a07d3a1e98a7598eb2812a6236324e4c55f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54177 – quota: fix warning in dqgrab()
https://notcve.org/view.php?id=CVE-2023-54177
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab() There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541 RIP: 0010:dquot_disable+0x13b7/0x18c0 RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980 RDX: 000000000... • https://git.kernel.org/stable/c/6478eabc92274efae6269da7c515ba2b4c8e88d8 •