CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54279 – MIPS: fw: Allow firmware to pass a empty env
https://notcve.org/view.php?id=CVE-2023-54279
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference. • https://git.kernel.org/stable/c/14aecdd419217e041fb5dd2749d11f58503bdf62 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54278 – s390/vmem: split pages when debug pagealloc is enabled
https://notcve.org/view.php?id=CVE-2023-54278
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec560024... • https://git.kernel.org/stable/c/bb1520d581a3a46e2d6e12bb74604ace33404de5 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54277 – fbdev: udlfb: Fix endpoint check
https://notcve.org/view.php?id=CVE-2023-54277
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU... • https://git.kernel.org/stable/c/f6db63819db632158647d5bbf4d7d2d90dc1a268 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54276 – nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
https://notcve.org/view.php?id=CVE-2023-54276
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of the reply cache into nfsd startup, but didn't account for the stats counters, which can be accessed before nfsd is ever started. The result can be a NULL pointer dereference when someone accesses /proc/fs/nfsd/reply_cache_stats while nfsd is still shut down. Th... • https://git.kernel.org/stable/c/f5f9d4a314da88c0a5faa6d168bf69081b7a25ae •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54275 – wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
https://notcve.org/view.php?id=CVE-2023-54275
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/243874c64c8137bc90455200a7735da72836ecab •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54274 – RDMA/srpt: Add a check for valid 'mad_agent' pointer
https://notcve.org/view.php?id=CVE-2023-54274
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent'... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54273 – xfrm: Fix leak of dev tracker
https://notcve.org/view.php?id=CVE-2023-54273
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call. • https://git.kernel.org/stable/c/919e43fad5163a8ceb39826ecdee897a9f799351 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54272 – fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
https://notcve.org/view.php?id=CVE-2023-54272
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni->mi.mrec can be also dereferenced in ni_clear(): ntfs_evict_inode(inode) ni_write_inode(inode, ...) ni = ntfs_i(inode); is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit ni_clear(ntfs_i(inode)) is_... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54271 – blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init
https://notcve.org/view.php?id=CVE-2023-54271
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:_raw_spin_lock+0x17/0x30 Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54270 – media: usb: siano: Fix use after free bugs caused by do_submit_urb
https://notcve.org/view.php?id=CVE-2023-54270
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware name: QEMU Standa... • https://git.kernel.org/stable/c/dd47fbd40e6ea6884e295e13a2e50b0894258fdf •