CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54250 – ksmbd: avoid out of bounds access in decode_preauth_ctxt()
https://notcve.org/view.php?id=CVE-2023-54250
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes SMB311_SALT_SI... • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54249 – bus: mhi: ep: Only send -ENOTCONN status if client driver is available
https://notcve.org/view.php?id=CVE-2023-54249
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer dereference. • https://git.kernel.org/stable/c/e827569062a804c67b51930ce83a4cb886113cb7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54248 – fs/ntfs3: Add check for kmemdup
https://notcve.org/view.php?id=CVE-2023-54248
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add check for kmemdup Since the kmemdup may return NULL pointer, it should be better to add check for the return value in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54247 – bpf: Silence a warning in btf_type_id_size()
https://notcve.org/view.php?id=CVE-2023-54247
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btf_type_id_size() syzbot reported a warning in [1] with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP: 0010:btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... Call Trace:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54246 – rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()
https://notcve.org/view.php?id=CVE-2023-54246
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() The rcuscale.holdoff module parameter can be used to delay the start of rcu_scale_writer() kthread. However, the hung-task timeout will trigger when the timeout specified by rcuscale.holdoff is greater than hung_task_timeout_secs: runqemu kvm nographic slirp qemuparams="-smp 4 -m 2048M" bootparams="rcuscale.shutdown=0 rcuscale.holdoff=300" [ 247.071753] INFO: ta... • https://git.kernel.org/stable/c/df37e66bfdbb57e8cae7dbf39a0c66b1b8701338 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54245 – ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
https://notcve.org/view.php?id=CVE-2023-54245
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller we get below Out of Bound. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue: dump_backtrace+0x0/0x4c8 show_stack+0x34/0x44 dump_stack_lvl+0xd8/0x118 print_address_description+0x30/0x2d8 kasan_report+0x158/0x198 __asan_report_load4_noabort+0x44/0x50 regcache_flat_read+0x10c/0x110 regcache_read+0xf4/0x180 _regmap_read+0xc4... • https://git.kernel.org/stable/c/d207bdea0ca9efde321ff142e9b9f2ef73f9cdf5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54244 – ACPI: EC: Fix oops when removing custom query handlers
https://notcve.org/view.php?id=CVE-2023-54244
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callback function was already unloaded. Fix this by flushing the EC query workqueue when removing custom query handlers. Tested on a Acer Travelmate 4002WLMi • https://git.kernel.org/stable/c/a62e8f1978f49e52f87a711ff6711b323d4b12ff •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50873 – vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
https://notcve.org/view.php?id=CVE-2022-50873
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this: Unable to handle kernel paging request at virtual address 00ffff003363e30c Internal error: Oops: 96000004 [#1] SMP Call trace: rb_next+0x20/0x5c ext4_readdir+0x494/0x5c4 [ext4] iterate_dir+0x168/0x1b4 ... • https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50872 – ARM: OMAP2+: Fix memory leak in realtime_counter_init()
https://notcve.org/view.php?id=CVE-2022-50872
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtime_counter_init() The "sys_clk" resource is malloced by clk_get(), it is not released when the function return. • https://git.kernel.org/stable/c/fa6d79d27614223d82418023b7f5300f1a1530d3 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50871 – wifi: ath11k: Fix qmi_msg_handler data structure initialization
https://notcve.org/view.php?id=CVE-2022-50871
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmi_msg_handler data structure initialization qmi_msg_handler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead to infinite loop while searching the handler and therefore out of bound access in qmi_invoke_handler(). Hence update the initialization in qmi_msg_handler data structure. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •