CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50884 – drm: Prevent drm_copy_field() to attempt copying a NULL pointer
https://notcve.org/view.php?id=CVE-2022-50884
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess rou... • https://git.kernel.org/stable/c/22eae947bf76e236ba972f2f11cfd1b083b736ad •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54317 – dm flakey: don't corrupt the zero page
https://notcve.org/view.php?id=CVE-2023-54317
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio writes option, it will corrupt the content of the zero page which results in crashes of various userspace programs. Glibc assumes that memory returned by mmap is zeroed and it uses it for calloc implementation; ... • https://git.kernel.org/stable/c/c6cd92fcabd6cc78bb1808c6a18245c842722fc1 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54314 – media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
https://notcve.org/view.php?id=CVE-2023-54314
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9005_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref i... • https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54312 – samples/bpf: Fix buffer overflow in tcp_basertt
https://notcve.org/view.php?id=CVE-2023-54312
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcp_basertt Using sizeof(nv) or strlen(nv)+1 is correct. • https://git.kernel.org/stable/c/c890063e440456e75c2e70f6bcec3797f1771eb6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54311 – ext4: fix deadlock when converting an inline directory in nojournal mode
https://notcve.org/view.php?id=CVE-2023-54311
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock when converting an inline directory in nojournal mode In no journal mode, ext4_finish_convert_inline_dir() can self-deadlock by calling ext4_handle_dirty_dirblock() when it already has taken the directory lock. There is a similar self-deadlock in ext4_incvert_inline_data_nolock() for data files which we'll fix at the same time. A simple reproducer demonstrating the problem: mke2fs -Fq -t ext2 -O inline_data -b 4k /dev/vdc... • https://git.kernel.org/stable/c/b4fa4768c9acff77245d672d855d2c88294850b1 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54310 – scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
https://notcve.org/view.php?id=CVE-2023-54310
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition mptlan_probe() calls mpt_register_lan_device() which initializes the &priv->post_buckets_task workqueue. A call to mpt_lan_wake_post_buckets_task() will subsequently start the work. During driver unload in mptlan_remove() the following race may occur: CPU0 CPU1 |mpt_lan_post_receive_buckets_work() mptlan_remove() | free_netdev() | kfree(dev); | | | dev->m... • https://git.kernel.org/stable/c/92f869693d84e813895ff4d25363744575515423 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54309 – tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
https://notcve.org/view.php?id=CVE-2023-54309
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the driver initialization. • https://git.kernel.org/stable/c/6f99612e250041a2402d3b1694bccb149cd424a4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54307 – ptp_qoriq: fix memory leak in probe()
https://notcve.org/view.php?id=CVE-2023-54307
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp_qoriq: fix memory leak in probe() Smatch complains that: drivers/ptp/ptp_qoriq.c ptp_qoriq_probe() warn: 'base' from ioremap() not released. Fix this by revising the parameter from 'ptp_qoriq->base' to 'base'. This is only a bug if ptp_qoriq_init() returns on the first -ENODEV error path. For other error paths ptp_qoriq->base and base are the same. And this change makes the code more readable. • https://git.kernel.org/stable/c/7f4399ba405b6201fb318b43091703a34b1489ab •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54306 – net: tls: avoid hanging tasks on the tx_lock
https://notcve.org/view.php?id=CVE-2023-54306
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took tx_lock and went to sleep may not release tx_lock for hours. Use interruptible sleep where possible and reschedule the work if it can't take the lock. Testing: existing selftest passes • https://git.kernel.org/stable/c/79ffe6087e9145d2377385cac48d0d6a6b4225a5 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54305 – ext4: refuse to create ea block when umounted
https://notcve.org/view.php?id=CVE-2023-54305
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access s_root while it is already set as NULL when umount is triggered. Refuse this request to avoid panic. • https://git.kernel.org/stable/c/aedea161d031502a423ed1c7597754681a4f8cda •