CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54316 – refscale: Fix uninitalized use of wait_queue_head_t
https://notcve.org/view.php?id=CVE-2023-54316
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of wait_queue_head_t Running the refscale test occasionally crashes the kernel with the following error: [ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 8569.952900] #PF: supervisor read access in kernel mode [ 8569.952902] #PF: error_code(0x0000) - not-present page [ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0 [ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI... • https://git.kernel.org/stable/c/653ed64b01dc5989f8f579d0038e987476c2c023 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54315 – powerpc/powernv/sriov: perform null check on iov before dereferencing iov
https://notcve.org/view.php?id=CVE-2023-54315
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/sriov: perform null check on iov before dereferencing iov Currently pointer iov is being dereferenced before the null check of iov which can lead to null pointer dereference errors. Fix this by moving the iov null check before the dereferencing. Detected using cppcheck static analysis: linux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either the condition '!iov' is redundant or there is possible null pointer ... • https://git.kernel.org/stable/c/052da31d45fc71238ea8bed7e9a84648a1ee0bf3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54314 – media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
https://notcve.org/view.php?id=CVE-2023-54314
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9005_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref i... • https://git.kernel.org/stable/c/af4e067e1dcf926d9523dff11e46c45fd9fa9da2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54313 – ovl: fix null pointer dereference in ovl_get_acl_rcu()
https://notcve.org/view.php?id=CVE-2023-54313
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovl_get_acl_rcu() Following process: P1 P2 path_openat link_path_walk may_lookup inode_permission(rcu) ovl_permission acl_permission_check check_acl get_cached_acl_rcu ovl_get_inode_acl realinode = ovl_inode_real(ovl_inode) drop_cache __dentry_kill(ovl_dentry) iput(ovl_inode) ovl_destroy_inode(ovl_inode) dput(oi->__upperdentry) dentry_kill(upperdentry) dentry_unlink_inode upperdentry->d_inode = NULL ovl_... • https://git.kernel.org/stable/c/332f606b32b6291a944c8cf23b91f53a6e676525 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54312 – samples/bpf: Fix buffer overflow in tcp_basertt
https://notcve.org/view.php?id=CVE-2023-54312
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcp_basertt Using sizeof(nv) or strlen(nv)+1 is correct. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/c890063e440456e75c2e70f6bcec3797f1771eb6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54311 – ext4: fix deadlock when converting an inline directory in nojournal mode
https://notcve.org/view.php?id=CVE-2023-54311
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock when converting an inline directory in nojournal mode In no journal mode, ext4_finish_convert_inline_dir() can self-deadlock by calling ext4_handle_dirty_dirblock() when it already has taken the directory lock. There is a similar self-deadlock in ext4_incvert_inline_data_nolock() for data files which we'll fix at the same time. A simple reproducer demonstrating the problem: mke2fs -Fq -t ext2 -O inline_data -b 4k /dev/vdc... • https://git.kernel.org/stable/c/3c47d54170b6a678875566b1b8d6dcf57904e49b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54310 – scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
https://notcve.org/view.php?id=CVE-2023-54310
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition mptlan_probe() calls mpt_register_lan_device() which initializes the &priv->post_buckets_task workqueue. A call to mpt_lan_wake_post_buckets_task() will subsequently start the work. During driver unload in mptlan_remove() the following race may occur: CPU0 CPU1 |mpt_lan_post_receive_buckets_work() mptlan_remove() | free_netdev() | kfree(dev); | | | dev->m... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54309 – tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
https://notcve.org/view.php?id=CVE-2023-54309
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the driver initialization. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/6f99612e250041a2402d3b1694bccb149cd424a4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54308 – ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
https://notcve.org/view.php?id=CVE-2023-54308
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snd_devm_card_new() snd_card_ymfpci_remove() was removed in commit c6e6bb5eab74 ("ALSA: ymfpci: Allocate resources with device-managed APIs"), but the call to snd_card_new() was not replaced with snd_devm_card_new(). Since there was no longer a call to snd_card_free, unloading the module would eventually result in Oops: [697561.532887] BUG: unable to handle page fault for address: ffffffffc09244... • https://git.kernel.org/stable/c/c6e6bb5eab7457a938c0405d5ccf319d3ee735c1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54307 – ptp_qoriq: fix memory leak in probe()
https://notcve.org/view.php?id=CVE-2023-54307
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp_qoriq: fix memory leak in probe() Smatch complains that: drivers/ptp/ptp_qoriq.c ptp_qoriq_probe() warn: 'base' from ioremap() not released. Fix this by revising the parameter from 'ptp_qoriq->base' to 'base'. This is only a bug if ptp_qoriq_init() returns on the first -ENODEV error path. For other error paths ptp_qoriq->base and base are the same. And this change makes the code more readable. • https://git.kernel.org/stable/c/7f4399ba405b6201fb318b43091703a34b1489ab •