CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54110 – usb: rndis_host: Secure rndis_query check against int overflow
https://notcve.org/view.php?id=CVE-2023-54110
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries ... • https://git.kernel.org/stable/c/ddda08624013e8435e9f7cfc34a35bd7b3520b6d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54109 – media: rcar_fdp1: Fix refcount leak in probe and remove function
https://notcve.org/view.php?id=CVE-2023-54109
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rcar_fdp1: Fix refcount leak in probe and remove function rcar_fcp_get() take reference, which should be balanced with rcar_fcp_put(). Add missing rcar_fcp_put() in fdp1_remove and the error paths of fdp1_probe() to fix this. [hverkuil: resolve merge conflict, remove() is now void] In the Linux kernel, the following vulnerability has been resolved: media: rcar_fdp1: Fix refcount leak in probe and remove function rcar_fcp_get() take r... • https://git.kernel.org/stable/c/4710b752e029f3f82dd4a84d9dc61fe72c97bf82 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54098 – drm/i915/gvt: fix gvt debugfs destroy
https://notcve.org/view.php?id=CVE-2023-54098
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix gvt debugfs destroy When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs directory has already been removed, then intel_gvt_debugfs_clean() would act upon dangling pointer like below oops. i915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state f... • https://git.kernel.org/stable/c/bc7b0be316aebac42eb9e8e54c984609555944da •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54095 – powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
https://notcve.org/view.php?id=CVE-2023-54095
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both PCI and VIO buses. struct notifier_block is a linked list node, so this causes any notifiers later registered to either bus type to also be registered to the other since they share the same node. This causes issues in (at least) the vgaarb code, which registers a notifier for PCI buses. pci_notify() ends up ... • https://git.kernel.org/stable/c/d6b9a81b2a45786384f5bd3516bd6ddfb4b772c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54093 – media: anysee: fix null-ptr-deref in anysee_master_xfer
https://notcve.org/view.php?id=CVE-2023-54093
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-pt... • https://git.kernel.org/stable/c/a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54091 – drm/client: Fix memory leak in drm_client_target_cloned
https://notcve.org/view.php?id=CVE-2023-54091
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+... • https://git.kernel.org/stable/c/1d42bbc8f7f9ce4d852692ef7aa336b133b0830a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54087 – ubi: Fix possible null-ptr-deref in ubi_free_volume()
https://notcve.org/view.php?id=CVE-2023-54087
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether they are added o... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54081 – xen: speed up grant-table reclaim
https://notcve.org/view.php?id=CVE-2023-54081
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very la... • https://git.kernel.org/stable/c/569ca5b3f94cd0b3295ec5943aa457cf4a4f6a3a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54079 – power: supply: bq27xxx: Fix poll_interval handling and races on remove
https://notcve.org/view.php?id=CVE-2023-54079
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix poll_interval handling and races on remove Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item. There are 2 problems with this: 1. If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly 2. This is racy, after it being set poll_interval could be changed before bq2... • https://git.kernel.org/stable/c/8cfaaa811894a3ae2d7360a15a6cfccff3ebc7db •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50782 – ext4: fix bug_on in __es_tree_search caused by bad quota inode
https://notcve.org/view.php?id=CVE-2022-50782
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad quota inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extents_status.c:202! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 810 Comm: mount Not tainted 6.1.0-rc1-next-g9631525255e3 #352 RIP: 0010:__es_tree_search.isra.0+0xb8/0xe0 RSP: 0018:ffffc90001227900 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000077512a0f ... • https://git.kernel.org/stable/c/393d1d1d76933886d5e1ce603214c9987589c6d5 •