CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54200 – netfilter: nf_tables: always release netdev hooks from notifier
https://notcve.org/view.php?id=CVE-2023-54200
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always release netdev hooks from notifier This reverts "netfilter: nf_tables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will also queue the peer netns device for removal. Its possible that the peer netns is also slated for removal. In this case, the device memory is already released before the pre_exit hook of the peer netns runs: BUG: ... • https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54199 – drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
https://notcve.org/view.php?id=CVE-2023-54199
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() Fix the below kernel panic due to null pointer access: [ 18.504431] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 18.513464] Mem abort info: [ 18.516346] ESR = 0x0000000096000005 [ 18.520204] EC = 0x25: DABT (current EL), IL = 32 bits [ 18.525706] SET = 0, FnV = 0 [ 18.528878] EA = 0, S1PTW = 0 [ 18.532117] FSC = 0x05: level 1 translation fa... • https://git.kernel.org/stable/c/17e822f7591fb66162aca07685dc0b01468e5480 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54198 – tty: fix out-of-bounds access in tty_driver_lookup_tty()
https://notcve.org/view.php?id=CVE-2023-54198
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_driver_lookup_tty() returns the tty struct without checking whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \ -kernel ../linux-build-x86/arch/x86/boot/bzImage \ -append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kernel NULL pointer de... • https://git.kernel.org/stable/c/99f1fe189daf8e99a847e420567e49dd7ee2aae7 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54197 – Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
https://notcve.org/view.php?id=CVE-2023-54197
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f. This patch introduces a possible null-ptr-def problem. Revert it. And the fixed bug by this patch have resolved by commit 73f7b171b7c0 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition"). • https://git.kernel.org/stable/c/95eacef5692545f199fae4e52abfbfa273acb351 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54196 – fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode'
https://notcve.org/view.php?id=CVE-2023-54196
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' Syzbot found the following issue: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000016 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000010... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54195 – rxrpc: Fix timeout of a call that hasn't yet been granted a channel
https://notcve.org/view.php?id=CVE-2023-54195
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afs_make_call() calls rxrpc_kernel_begin_call() to begin a call (which may get stalled in the background waiting for a connection to become available); it then calls rxrpc_kernel_set_max_life() to set the timeouts - but that starts the call timer so the call timer might then expire before we get a connection assigned - leading to the following oops if the call stalled: BUG:... • https://git.kernel.org/stable/c/9d35d880e0e4a3ab32d8c12f9e4d76198aadd42d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54194 – exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
https://notcve.org/view.php?id=CVE-2023-54194
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmalloc_array due to system memory fragmentation, while the u-disk was inserted without recognition. Devices such as u-disk using the exfat file system are pluggable and may be insert into the system at any time. However, long-term running systems cannot guarantee the ... • https://git.kernel.org/stable/c/1e49a94cf707204b66a3fb242f2814712c941f52 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54193 – net/sched: cls_api: remove block_cb from driver_list before freeing
https://notcve.org/view.php?id=CVE-2023-54193
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: remove block_cb from driver_list before freeing Error handler of tcf_block_bind() frees the whole bo->cb_list on error. However, by that time the flow_block_cb instances are already in the driver list because driver ndo_setup_tc() callback is called before that up the call chain in tcf_block_offload_cmd(). This leaves dangling pointers to freed objects in the list and causes use-after-free[0]. Fix it by also removing flo... • https://git.kernel.org/stable/c/59094b1e5094c7e50a3d2912202fd30b6a1dadf8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54192 – f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block
https://notcve.org/view.php?id=CVE-2023-54192
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block We got a kernel panic if old_addr is NULL. https://bugzilla.kernel.org/show_bug.cgi?id=217266 BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace:
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54191 – wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit
https://notcve.org/view.php?id=CVE-2023-54191
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit Always purge mcu skb queues in mt7996_mcu_exit routine even if mt7996_firmware_state fails. • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •