CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54294 – md/raid10: fix memleak of md thread
https://notcve.org/view.php?id=CVE-2023-54294
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setting 'mddev->thread' right after setup_conf(). The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/43a521238aca0e24d50add1db125a61bda2a3527 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54293 – bcache: fixup btree_cache_wait list damage
https://notcve.org/view.php?id=CVE-2023-54293
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btree_cache_wait list damage We get a kernel crash about "list_add corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct list_head 0xffff9c801bc01210 struct list_head { next = 0xffffae586d8afe68, prev = 0xffffae586d8afe68 } crash> struct list_head 0xffff9c77b688237c struct list_head { next = 0x0, prev = 0x0 } crash> struct list_head 0xffffae586d8afe68 struct... • https://git.kernel.org/stable/c/8e7102273f597dbb38af43da874f8c123f8e6dbe •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54292 – RDMA/irdma: Fix data race on CQP request done
https://notcve.org/view.php?id=CVE-2023-54292
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqp_request->request_done memory location which is accessed locklessly in irdma_handle_cqp_op while being updated in irdma_cqp_ce_handler. Annotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any compiler optimizations like load fusing and/or KCSAN warning. [222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma] [222808... • https://git.kernel.org/stable/c/915cc7ac0f8e2a23675ee896e87f17c7d3c47089 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54289 – scsi: qedf: Fix NULL dereference in error handling
https://notcve.org/view.php?id=CVE-2023-54289
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL. The SUSE Linux Enterprise... • https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54287 – tty: serial: imx: disable Ageing Timer interrupt request irq
https://notcve.org/view.php?id=CVE-2023-54287
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.... • https://git.kernel.org/stable/c/8a61f0c70ae65c6b70d13228c3120c73d7425a60 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54286 – wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
https://notcve.org/view.php?id=CVE-2023-54286
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net... • https://git.kernel.org/stable/c/5a3d9882b84edf5fa8e8ca33a5d6df25e2e727a5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54284 – media: av7110: prevent underflow in write_ts_to_decoder()
https://notcve.org/view.php?id=CVE-2023-54284
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is not negative. It's not clear that passing a negative len value does anything bad necessarily, but it's not best practice. With the new bounds checking the "if (! • https://git.kernel.org/stable/c/fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54283 – bpf: Address KCSAN report on bpf_lru_list
https://notcve.org/view.php?id=CVE-2023-54283
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() pattern instead of data_race(). There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref(). This patch also adds bpf_lru_node_clear_ref() to do the WRITE_ONCE(node->ref, 0) also. ===========================================... • https://git.kernel.org/stable/c/3a08c2fd763450a927d1130de078d6f9e74944fb •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54282 – media: tuners: qt1010: replace BUG_ON with a regular error
https://notcve.org/view.php?id=CVE-2023-54282
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/4682b58e5af01ee856a706083eac71238fb69cd0 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54281 – btrfs: release path before inode lookup during the ino lookup ioctl
https://notcve.org/view.php?id=CVE-2023-54281
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget() needs to lookup the inode from the root's btree, because it's not currently loaded in memory, then it will need to lock another or the same path in the same root btree. This may result in a deadlock and trigger the following lockde... • https://git.kernel.org/stable/c/23d0b79dfaed2305b500b0215b0421701ada6b1a •