CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54057 – iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
https://notcve.org/view.php?id=CVE-2023-54057
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has no width limitation. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid ... • https://git.kernel.org/stable/c/ca3bf5d47cec8b7614bcb2e9132c40081d6d81db •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54053 – wifi: iwlwifi: pcie: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-54053
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: ... • https://git.kernel.org/stable/c/f6f2d16c77f936041b8ac495fceabded4ec6c83c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54051 – net: do not allow gso_size to be set to GSO_BY_FRAGS
https://notcve.org/view.php?id=CVE-2023-54051
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because this magic value is used by the kernel. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 0 PID: 50... • https://git.kernel.org/stable/c/3953c46c3ac7eef31a9935427371c6f54a22f1ba •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54050 – ubifs: Fix memleak when insert_old_idx() failed
https://notcve.org/view.php?id=CVE-2023-54050
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (unlikely(err)) return ERR_PTR(err); // No one refers to zn. Fetch a reproducer in [Link]. Function copy_znode() is split into 2 parts: resource allocation and znode replacement, insert_old_idx() is split in similar way, so resource cleanup co... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54049 – rpmsg: glink: Add check for kstrdup
https://notcve.org/view.php?id=CVE-2023-54049
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/b4f8e52b89f69f5563ac4cb9ffdacc4418917af1 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54048 – RDMA/bnxt_re: Prevent handling any completions after qp destroy
https://notcve.org/view.php?id=CVE-2023-54048
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since CQs are active during the QP destroy, driver may still schedule completion handlers. This can cause a race where the destroy_cq and poll_cq running simultaneously. Snippet of kernel panic while doing bnxt_re drive... • https://git.kernel.org/stable/c/1ac5a404797523cedaf424a3aaa3cf8f9548dff8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54047 – drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
https://notcve.org/view.php?id=CVE-2023-54047
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The component memory gets freed before the main drm device is destroyed. Fix it by running encoder cleanup before tearing down its container. [moved encoder cleanup above clk_disable, similar to bind-error-path] In the Linux kernel, the fo... • https://git.kernel.org/stable/c/110d4202522373d629d14597af9bac97eb58bd67 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54045 – audit: fix possible soft lockup in __audit_inode_child()
https://notcve.org/view.php?id=CVE-2023-54045
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7... • https://git.kernel.org/stable/c/5195d8e217a78697152d64fc09a16e063a022465 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54044 – spmi: Add a check for remove callback when removing a SPMI driver
https://notcve.org/view.php?id=CVE-2023-54044
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_dr... • https://git.kernel.org/stable/c/5a86bf343976b9c8ab2f240bc866451fa67e5573 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50733 – usb: idmouse: fix an uninit-value in idmouse_open
https://notcve.org/view.php?id=CVE-2022-50733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouse_open In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference. Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data. Note that this is found... • https://git.kernel.org/stable/c/4244f72436ab77c3c29a6447af81734ab3925d85 •