CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54179 – scsi: qla2xxx: Array index may go out of bound
https://notcve.org/view.php?id=CVE-2023-54179
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54178 – of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
https://notcve.org/view.php?id=CVE-2023-54178
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() when kmalloc() fail to allocate memory in kasprintf(), name or full_name will be NULL, strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/0d638a07d3a1e98a7598eb2812a6236324e4c55f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54177 – quota: fix warning in dqgrab()
https://notcve.org/view.php?id=CVE-2023-54177
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab() There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541 RIP: 0010:dquot_disable+0x13b7/0x18c0 RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980 RDX: 000000000... • https://git.kernel.org/stable/c/9f985cb6c45bc3f8b7e161c9658d409d051d576f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54176 – mptcp: stricter state check in mptcp_worker
https://notcve.org/view.php?id=CVE-2023-54176
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcp_worker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect() // incoming reset + fastclose // the mptcp worker is scheduled mptcp_disconnect() // msk is now CLOSED listen() mptcp_worker() Leading to the following splat: divide error: 0000 [#1] PREEMPT SMP CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 6.3.0-rc1-gde5e8fd0123c #11 Ha... • https://git.kernel.org/stable/c/e16163b6e2b720fb74e5af758546f6dad27e6c9e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54173 – bpf: Disable preemption in bpf_event_output
https://notcve.org/view.php?id=CVE-2023-54173
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_event_output We received report [1] of kernel crash, which is caused by using nesting protection without disabled preemption. The bpf_event_output can be called by programs executed by bpf_prog_run_array_cg function that disabled migration but keeps preemption enabled. This can cause task to be preempted by another one inside the nesting protection and lead eventually to two tasks using same perf_sample_data b... • https://git.kernel.org/stable/c/2a916f2f546ca1c1e3323e2a4269307f6d9890eb •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54171 – tracing: Fix memory leak of iter->temp when reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-54171
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter->temp when reading trace_pipe kmemleak reports: unreferenced object 0xffff88814d14e200 (size 256): comm "cat", pid 336, jiffies 4294871818 (age 779.490s) hex dump (first 32 bytes): 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... backtrace: [
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54170 – keys: Fix linking a duplicate key to a keyring's assoc_array
https://notcve.org/view.php?id=CVE-2023-54170
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS query inside the kernel using dns_query(), the request code can in rare cases end up creating a duplicate index key in the assoc_array of the destination keyring. It is eventually found by a BUG_ON() check in the assoc_array implementation and results in a crash. Example report: [2158499.700025] kernel BUG at ../lib/assoc_array.c:652! [2158499.700039] invalid opc... • https://git.kernel.org/stable/c/df593ee23e05cdda16c8c995e5818779431bb29f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54169 – net/mlx5e: fix memory leak in mlx5e_ptp_open
https://notcve.org/view.php?id=CVE-2023-54169
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_ptp_open When kvzalloc_node or kvzalloc failed in mlx5e_ptp_open, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the array in the error path. • https://git.kernel.org/stable/c/145e5637d941daec2e8d1ff21676cbf1aa62cf4d •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54168 – RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
https://notcve.org/view.php?id=CVE-2023-54168
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()"). • https://git.kernel.org/stable/c/839041329fd3410e07d614f81e75bb43367d8f89 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54166 – igc: Fix Kernel Panic during ndo_tx_timeout callback
https://notcve.org/view.php?id=CVE-2023-54166
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndo_tx_timeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This will cause the reset adapter function to be called by igc_tx_timeout(). Similar race conditions may arise when the interface is being brought down and up in igc_reinit_locked(), an interrupt being generated, and i... • https://git.kernel.org/stable/c/48d6d8f2f6096ef51bd193e2a2fb59cbbc350599 •