CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54129 – octeontx2-af: Add validation for lmac type
https://notcve.org/view.php?id=CVE-2023-54129
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received from firmware. In a few scenarios, firmware returns an invalid lmac_type_id, which is resulting in below kernel panic. This patch adds the missing validation of the lmac_type_id field. Internal error: Oops: 96000005 ... • https://git.kernel.org/stable/c/61071a871ea6eb2125ece91c1a0dbb124a318c8a •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54128 – fs: drop peer group ids under namespace lock
https://notcve.org/view.php?id=CVE-2023-54128
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a shared into a non-shared mount concurrently. In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to ... • https://git.kernel.org/stable/c/2a1867219c7b27f928e2545782b86daaf9ad50bd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54127 – fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
https://notcve.org/view.php?id=CVE-2023-54127
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800 Free of addr ffff888086408000 by task syz-executor.4/12750 [...] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54126 – crypto: safexcel - Cleanup ring IRQ workqueues on load failure
https://notcve.org/view.php?id=CVE-2023-54126
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure we clean up the affinity and workqueues on a failure to load the driver. crypto-safexcel: probe of f2800000.crypto failed with error -2 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 232 at kernel/irq/manage.c:1913 free_irq... • https://git.kernel.org/stable/c/1b44c5a60c137e5fd0c2c8b86e58fdbc9cd181ce •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54125 – fs/ntfs3: Return error for inconsistent extended attributes
https://notcve.org/view.php?id=CVE-2023-54125
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfs_read_ea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code for the inconsistent attributes, which might lead to unpredicted memory accesses after return. [ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0 [ 138.923876] Write of size 4 at addr ffff88800205... • https://git.kernel.org/stable/c/1474098b590a426d90f27bb992f17c326e0b60c1 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54124 – f2fs: fix to drop all dirty pages during umount() if cp_error is set
https://notcve.org/view.php?id=CVE-2023-54124
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all dirty pages during umount() if cp_error is set xfstest generic/361 reports a bug as below: f2fs_bug_on(sbi, sbi->fsync_node_num); kernel BUG at fs/f2fs/super.c:1627! RIP: 0010:f2fs_put_super+0x3a8/0x3b0 Call Trace: generic_shutdown_super+0x8c/0x1b0 kill_block_super+0x2b/0x60 kill_f2fs_super+0x87/0x110 deactivate_locked_super+0x39/0x80 deactivate_super+0x46/0x50 cleanup_mnt+0x109/0x170 __cleanup_mnt+0x16/0x20 task_work_... • https://git.kernel.org/stable/c/92575f05a32dafb16348bfa5e62478118a9be069 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54123 – md/raid10: fix memleak for 'conf->bio_split'
https://notcve.org/view.php?id=CVE-2023-54123
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf->bio_split' In the error path of raid10_run(), 'conf' need be freed, however, 'conf->bio_split' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix the problem. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf->bio_split' In the error path of raid10_run(), 'conf' need be freed, however, 'conf->bio_split' ... • https://git.kernel.org/stable/c/fc9977dd069e4f82fcacb262652117c488647319 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54122 – drm/msm/dpu: Add check for cstate
https://notcve.org/view.php?id=CVE-2023-54122
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in order to avoid the NULL pointer dereference in __drm_atomic_helper_crtc_reset. Patchwork: https://patchwork.freedesktop.org/patch/514163/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in or... • https://git.kernel.org/stable/c/1cff7440a86e04a613665803b42034c467f035fa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54121 – btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
https://notcve.org/view.php?id=CVE-2023-54121
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range In production we were seeing a variety of WARN_ON()'s in the extent_map code, specifically in btrfs_drop_extent_map_range() when we have to call add_extent_mapping() for our second split. Consider the following extent map layout PINNED [0 16K) [32K, 48K) and then we call btrfs_drop_extent_map_range for [0, 36K), with skip_pinned == true. The initial loop will have start = 0 end =... • https://git.kernel.org/stable/c/55ef68990029fcd8d04d42fc184aa7fb18cf309e •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54120 – Bluetooth: Fix race condition in hidp_session_thread
https://notcve.org/view.php?id=CVE-2023-54120
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called in hidp_session_thread(). After hidp_session_put, then 'session' will be freed, causing kernel panic when hidp_idle_timeout is running. The solution is to use del_timer_sync instead of del_timer. Here is the call trace: ? • https://git.kernel.org/stable/c/152f47bd6b995e0e98c85672f6d19894bc287ef2 •