CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54211 – tracing: Fix warning in trace_buffered_event_disable()
https://notcve.org/view.php?id=CVE-2023-54211
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in trace_buffered_event_disable() Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref) Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 v... • https://git.kernel.org/stable/c/0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54210 – Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()
https://notcve.org/view.php?id=CVE-2023-54210
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() KASAN reports that there's a use-after-free in hci_remove_adv_monitor(). Trawling through the disassembly, you can see that the complaint is from the access in bt_dev_dbg() under the HCI_ADV_MONITOR_EXT_MSFT case. The problem case happens because msft_remove_monitor() can end up freeing the monitor structure. Specifically: hci_remove_adv_monitor() -> msft_remove_m... • https://git.kernel.org/stable/c/7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54209 – block: fix blktrace debugfs entries leakage
https://notcve.org/view.php?id=CVE-2023-54209
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b ("block: remove per-disk debugfs files in blk_unregister_queue") moves blk_trace_shutdown() from blk_release_queue() to blk_unregister_queue(), this is safe if blktrace is created through sysfs, however, there is a regression in corner case. blktrace can still be enabled after del_gendisk() through ioctl if the disk is opened before del_gendisk(), and if blktrace is not shutdow... • https://git.kernel.org/stable/c/99d055b4fd4bbb309c6cdb51a0d420669f777944 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54208 – media: ov5675: Fix memleak in ov5675_init_controls()
https://notcve.org/view.php?id=CVE-2023-54208
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ov5675: Fix memleak in ov5675_init_controls() There is a kmemleak when testing the media/i2c/ov5675.c with bpf mock device: AssertionError: unreferenced object 0xffff888107362160 (size 16): comm "python3", pid 277, jiffies 4294832798 (age 20.722s) hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0 [<000000008a725aac>] kvmalloc_node+0x34... • https://git.kernel.org/stable/c/bf27502b1f3bf8095bf81736e506d354a2ce9ec4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54207 – HID: uclogic: Correct devm device reference for hidinput input_dev name
https://notcve.org/view.php?id=CVE-2023-54207
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management. Use devm_kasprintf to simplify the logi... • https://git.kernel.org/stable/c/cce2dbdf258e6b27b2b100f511531edabb77f427 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54206 – net/sched: flower: fix filter idr initialization
https://notcve.org/view.php?id=CVE-2023-54206
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr initialization too early in fl_change() which allows concurrent users to access the filter that is still being initialized and is in inconsistent state, which, in turn, can cause NULL pointer dereference [0]. Since there is no obvious way to fix the ordering without reverting the whole cited commit, alternative approach taken to first insert NULL pointer into idr in... • https://git.kernel.org/stable/c/08a0063df3aed8d76a4034279117db12dbc1050f •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54205 – pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
https://notcve.org/view.php?id=CVE-2023-54205
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/d86f4d71e42a9fa1866f030074e54d7571d16ec1 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54204 – mmc: sunplus: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2023-54204
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: sunplus: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, 1. the memory allocated in mmc_alloc_host() will be leaked 2. null-ptr-deref will happen when calling mmc_remove_host() in remove function spmmc_drv_remove() because deleting not added device. Fix this by checking the return value of mmc_add_host(). Moreover, I fixed the error handling path of spmmc_drv_probe() to clean up. • https://git.kernel.org/stable/c/4e268fed8b1861616af28f9cfb4eed8ca5d7af6c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50847 – drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe
https://notcve.org/view.php?id=CVE-2022-50847
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe During device boot, the HPD interrupt could be triggered before the DRM subsystem registers it6505 as a DRM bridge. In such cases, the driver tries to access AUX channel and causes NULL pointer dereference. Initializing the AUX channel earlier to prevent such error. • https://git.kernel.org/stable/c/b5c84a9edcd418cd055becad6a22439e7c5e3bf8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50846 – mmc: via-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50846
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path which wil... • https://git.kernel.org/stable/c/f0bf7f61b8405224bc52fc9a3ccd167a68126e00 •