CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54099 – fs: Protect reconfiguration of sb read-write from racing writes
https://notcve.org/view.php?id=CVE-2023-54099
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounting read-only filesystem to read-write mode userspace writes can start immediately once we clear SB_RDONLY flag. This is inconvenient for example for ext4 because we need to do some writes to the filesystem (such as ... • https://git.kernel.org/stable/c/8d0347f6c3a9d4953ddd636a31c6584da082e084 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54098 – drm/i915/gvt: fix gvt debugfs destroy
https://notcve.org/view.php?id=CVE-2023-54098
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix gvt debugfs destroy When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs directory has already been removed, then intel_gvt_debugfs_clean() would act upon dangling pointer like below oops. i915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state f... • https://git.kernel.org/stable/c/bc7b0be316aebac42eb9e8e54c984609555944da •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54097 – regulator: stm32-pwr: fix of_iomap leak
https://notcve.org/view.php?id=CVE-2023-54097
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform_ioremap_resourc... • https://git.kernel.org/stable/c/dc62f951a6a8490bcccc7b6de36cd85bd57be740 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54096 – soundwire: fix enumeration completion
https://notcve.org/view.php?id=CVE-2023-54096
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for soundwire device to become enumerated on the bus and initialised by their drivers, respectively. The code implementing the signalling is currently broken as it does not signal all current and future waiters and also uses the wrong reinitialisation function, which can potentially lead to memory corruption if there are s... • https://git.kernel.org/stable/c/fb9469e54fa7a7b6a8137c40ae66c41b8d0ab175 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54095 – powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
https://notcve.org/view.php?id=CVE-2023-54095
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both PCI and VIO buses. struct notifier_block is a linked list node, so this causes any notifiers later registered to either bus type to also be registered to the other since they share the same node. This causes issues in (at least) the vgaarb code, which registers a notifier for PCI buses. pci_notify() ends up ... • https://git.kernel.org/stable/c/d6b9a81b2a45786384f5bd3516bd6ddfb4b772c6 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54094 – net: prevent skb corruption on frag list segmentation
https://notcve.org/view.php?id=CVE-2023-54094
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting different oops alike: [ 62.624003] BUG: kernel NULL pointer dereference, address: 00000000000000c0 [ 62.631083] #PF: supervisor read access in kernel mode [ 62.636312] #PF: error_code(0x0000) - not-present page [ 62.641541] PGD 0 P4D 0 [ 62.644174] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 62.648629] CPU: 1 PID: 913 Comm... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54093 – media: anysee: fix null-ptr-deref in anysee_master_xfer
https://notcve.org/view.php?id=CVE-2023-54093
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-pt... • https://git.kernel.org/stable/c/a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54092 – KVM: s390: pv: fix index value of replaced ASCE
https://notcve.org/view.php?id=CVE-2023-54092
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390_replace_asce(), the index of the new ASCE should also be set to 0. Having the wrong index might lead to the wrong addresses being passed around when notifying pte invalidations, and eventually to validity intercepts (VM crash) if the prefix gets unmapped and the notifier gets called wi... • https://git.kernel.org/stable/c/9d216035d173214cd33712d67d89220ef2283ebf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54091 – drm/client: Fix memory leak in drm_client_target_cloned
https://notcve.org/view.php?id=CVE-2023-54091
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+... • https://git.kernel.org/stable/c/1d42bbc8f7f9ce4d852692ef7aa336b133b0830a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54090 – ixgbe: Fix panic during XDP_TX with > 64 CPUs
https://notcve.org/view.php?id=CVE-2023-54090
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus") adds support to allow XDP programs to run on systems with more than 64 CPUs by locking the XDP TX rings and indexing them using cpu % 64 (IXGBE_MAX_XDP_QS). Upon trying this out patch on a system with more than 64 cores, the kernel paniced with an array-index-out-of-bounds at the return in ixgbe_determine_xdp_ring in ixgbe... • https://git.kernel.org/stable/c/4fe815850bdc8d4cc94e06fe1de069424a895826 •