CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54193 – net/sched: cls_api: remove block_cb from driver_list before freeing
https://notcve.org/view.php?id=CVE-2023-54193
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: remove block_cb from driver_list before freeing Error handler of tcf_block_bind() frees the whole bo->cb_list on error. However, by that time the flow_block_cb instances are already in the driver list because driver ndo_setup_tc() callback is called before that up the call chain in tcf_block_offload_cmd(). This leaves dangling pointers to freed objects in the list and causes use-after-free[0]. Fix it by also removing flo... • https://git.kernel.org/stable/c/59094b1e5094c7e50a3d2912202fd30b6a1dadf8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54190 – leds: led-core: Fix refcount leak in of_led_get()
https://notcve.org/view.php?id=CVE-2023-54190
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: leds: led-core: Fix refcount leak in of_led_get() class_find_device_by_of_node() calls class_find_device(), it will take the reference, use the put_device() to drop the reference when not need anymore. • https://git.kernel.org/stable/c/699a8c7c4bd376aee4808e6272188319e900c8af •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54189 – pstore/ram: Add check for kstrdup
https://notcve.org/view.php?id=CVE-2023-54189
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/c617a3b777b92a0e80ceff2dffaae9350d4c3850 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54188 – dmaengine: apple-admac: Fix 'current_tx' not getting freed
https://notcve.org/view.php?id=CVE-2023-54188
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: apple-admac: Fix 'current_tx' not getting freed In terminate_all we should queue up all submitted descriptors to be freed. We do that for the content of the 'issued' and 'submitted' lists, but the 'current_tx' descriptor falls through the cracks as it's removed from the 'issued' list once it gets assigned to be the current descriptor. Explicitly queue up freeing of the 'current_tx' descriptor to address a memory leak that is othe... • https://git.kernel.org/stable/c/b127315d9a78c011c011b88b92f650510edcfbd2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54187 – f2fs: fix potential corruption when moving a directory
https://notcve.org/view.php?id=CVE-2023-54187
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential corruption when moving a directory F2FS has the same issue in ext4_rename causing crash revealed by xfstests/generic/707. See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory") • https://git.kernel.org/stable/c/622f28ae9ba4fa89b4ff0f4a6cf75d153ea838ce •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54186 – usb: typec: altmodes/displayport: fix pin_assignment_show
https://notcve.org/view.php?id=CVE-2023-54186
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show when get_current_pin_assignments returns 0 i.e. no compatible pin assignments are found. BUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c ... Call trace: dump_backtrace+0x110/0x204 dump_stack_lvl+0x84/0xbc print_report+0x358/0x974 kasan_report+0x9c/0xfc __do_kernel_fault+0xd4/0x2d4 do_bad_area+0x48/0x... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54185 – btrfs: remove BUG_ON()'s in add_new_free_space()
https://notcve.org/view.php?id=CVE-2023-54185
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG_ON()'s in add_new_free_space() At add_new_free_space() we have these BUG_ON()'s that are there to deal with any failure to add free space to the in memory free space cache. Such failures are mostly -ENOMEM that should be very rare. However there's no need to have these BUG_ON()'s, we can just return any error to the caller and all callers and their upper call chain are already dealing with errors. So just make add_new_free... • https://git.kernel.org/stable/c/0f9dd46cda36b8de3b9f48bc42bd09d20b9c3b52 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54184 – scsi: target: iscsit: Free cmds before session free
https://notcve.org/view.php?id=CVE-2023-54184
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for SID: 1, cleaning up iSCSI session. BUG: kernel NULL pointer dereference, address: 0000000000000140 RIP: 0010:sbitmap_queue_clear+0x3a/0xa0 Call Trace: target_release_cmd_kref+0xd1/0x1f0 [target_core_mod] transport_ge... • https://git.kernel.org/stable/c/988e3a85463d9b6dabc681df3f8f131b23c19953 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54183 – media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
https://notcve.org/view.php?id=CVE-2023-54183
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() If fwnode_graph_get_remote_endpoint() fails, 'fwnode' is known to be NULL, so fwnode_handle_put() is a no-op. Release the reference taken from a previous fwnode_graph_get_port_parent() call instead. Also handle fwnode_graph_get_port_parent() failures. In order to fix these issues, add an error handling path to the function and the needed gotos. • https://git.kernel.org/stable/c/ca50c197bd9610ea984cfc0dc6855f183cbb46f8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54182 – f2fs: fix to check readonly condition correctly
https://notcve.org/view.php?id=CVE-2023-54182
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check readonly condition correctly With below case, it can mount multi-device image w/ rw option, however one of secondary device is set as ro, later update will cause panic, so let's introduce f2fs_dev_is_readonly(), and check multi-devices rw status in f2fs_remount() w/ it in order to avoid such inconsistent mount status. mkfs.f2fs -c /dev/zram1 /dev/zram0 -f blockdev --setro /dev/zram1 mount -t f2fs dev/zram0 /mnt/f2fs mount... • https://git.kernel.org/stable/c/f824deb54b683165b953371a0529446c723ef6d6 •