CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54180 – btrfs: handle case when repair happens with dev-replace
https://notcve.org/view.php?id=CVE-2023-54180
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace [BUG] There is a bug report that a BUG_ON() in btrfs_repair_io_failure() (originally repair_io_failure() in v6.0 kernel) got triggered when replacing a unreliable disk: BTRFS warning (device sda1): csum failed root 257 ino 2397453 off 39624704 csum 0xb0d18c75 expected csum 0x4dae9c5e mirror 3 kernel BUG at fs/btrfs/extent_io.c:2380! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PI... • https://git.kernel.org/stable/c/ad6d620e2a5704f6bf3a39c92a75aad962c51cb3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54179 – scsi: qla2xxx: Array index may go out of bound
https://notcve.org/view.php?id=CVE-2023-54179
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54178 – of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
https://notcve.org/view.php?id=CVE-2023-54178
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() when kmalloc() fail to allocate memory in kasprintf(), name or full_name will be NULL, strcmp() will cause null pointer dereference. • https://git.kernel.org/stable/c/0d638a07d3a1e98a7598eb2812a6236324e4c55f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54177 – quota: fix warning in dqgrab()
https://notcve.org/view.php?id=CVE-2023-54177
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab() There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541 RIP: 0010:dquot_disable+0x13b7/0x18c0 RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980 RDX: 000000000... • https://git.kernel.org/stable/c/9f985cb6c45bc3f8b7e161c9658d409d051d576f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54176 – mptcp: stricter state check in mptcp_worker
https://notcve.org/view.php?id=CVE-2023-54176
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcp_worker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect() // incoming reset + fastclose // the mptcp worker is scheduled mptcp_disconnect() // msk is now CLOSED listen() mptcp_worker() Leading to the following splat: divide error: 0000 [#1] PREEMPT SMP CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 6.3.0-rc1-gde5e8fd0123c #11 Ha... • https://git.kernel.org/stable/c/e16163b6e2b720fb74e5af758546f6dad27e6c9e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54175 – i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
https://notcve.org/view.php?id=CVE-2023-54175
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path The xiic_xfer() function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path where the function exits directly, which leads to a leak of the runtime PM reference. Make sure that this error path also releases the runtime PM reference. • https://git.kernel.org/stable/c/fdacc3c7405d1fc33c1f2771699a4fc24551e480 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54174 – vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd
https://notcve.org/view.php?id=CVE-2023-54174
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd group->iommufd is not initialized for the iommufd_ctx_put() [20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000 [20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd] ... [20018.476483] Call Trace: [20018.479214]
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54173 – bpf: Disable preemption in bpf_event_output
https://notcve.org/view.php?id=CVE-2023-54173
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_event_output We received report [1] of kernel crash, which is caused by using nesting protection without disabled preemption. The bpf_event_output can be called by programs executed by bpf_prog_run_array_cg function that disabled migration but keeps preemption enabled. This can cause task to be preempted by another one inside the nesting protection and lead eventually to two tasks using same perf_sample_data b... • https://git.kernel.org/stable/c/2a916f2f546ca1c1e3323e2a4269307f6d9890eb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54172 – x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction
https://notcve.org/view.php?id=CVE-2023-54172
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking (IBT), Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current versions of Hyper-V have a bug in that there's not an ENDBR64 instruction at the beginning of the hypercall page. Since hypercalls are made with an indirect call to the hypercall page, all hypercall attempts fail with an exception ... • https://git.kernel.org/stable/c/991625f3dd2cbc4b787deb0213e2bcf8fa264b21 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54171 – tracing: Fix memory leak of iter->temp when reading trace_pipe
https://notcve.org/view.php?id=CVE-2023-54171
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter->temp when reading trace_pipe kmemleak reports: unreferenced object 0xffff88814d14e200 (size 256): comm "cat", pid 336, jiffies 4294871818 (age 779.490s) hex dump (first 32 bytes): 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... backtrace: [