CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54145 – bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
https://notcve.org/view.php?id=CVE-2023-54145
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two pieces of user-provided information that can be output through this buffer, and both can be arbitrarily sized by user: - BTF names; - BTF.ext source code lines strings. Verifier log buffer should be properly sized f... • https://git.kernel.org/stable/c/a2a7d5701052542cd2260e7659b12443e0a74733 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54143 – media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init()
https://notcve.org/view.php?id=CVE-2023-54143
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside the vdec_msg_queue_deinit() function. However, if the first call to allocate &msg_queue->wdma_addr fails, then the vdec_msg_queue_deinit() function is a no-op. For that situation, just set the size to zero explicitly and return. There w... • https://git.kernel.org/stable/c/b199fe46f35c57a415acd4d5295b0f4e35048c11 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-54142 – gtp: Fix use-after-free in __gtp_encap_destroy().
https://notcve.org/view.php?id=CVE-2023-54142
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix suspicious RCU usage") added lock_sock() and release_sock() in __gtp_encap_destroy() to protect sk->sk_user_data, but release_sock() is called after sock_put() releases the last refcnt. [0]: BUG: KASAN: slab-use-after-free in instrument_a... • https://git.kernel.org/stable/c/01f3c64e405ab3d25887d080a103ad76f30661d2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54141 – wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018
https://notcve.org/view.php?id=CVE-2023-54141
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018 During sending data after clients connected, hw_ops->get_ring_selector() will be called. But for IPQ5018, this member isn't set, and the following NULL pointer exception will be occurred: [ 38.840478] 8<--- cut here --- [ 38.840517] Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [ 38.923161] PC is at 0x0 [ 38.927930] LR is at ath11k_dp_tx+0x7... • https://git.kernel.org/stable/c/ba60f2793d3a37a00da14bb56a26558a902d2831 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54140 – nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
https://notcve.org/view.php?id=CVE-2023-54140
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can panic if the kernel is booted with panic_on_warn. This is because nilfs2 keeps buffer pointers in local structures for some metadata and reuses them, but such buffers may be fo... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54137 – vfio/type1: fix cap_migration information leak
https://notcve.org/view.php?id=CVE-2023-54137
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_migration on the stack is exposed to userspace. The definition of struct vfio_iommu_type1_info_cap_migration contains a hole as shown in this pahole(1) output: struct vfio_iommu_type1_info_cap_migration { struct vfio_info_cap_header header; /* 0 8 */ __u32 flags; /* 8 4 */ /* XXX 4 bytes hole, try to pack */... • https://git.kernel.org/stable/c/ad721705d09c62f0d108a6b4f59867ebfd592c90 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54136 – serial: sprd: Fix DMA buffer leak issue
https://notcve.org/view.php?id=CVE-2023-54136
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/f4487db58eb780a52d768f3b36aaaa8fd5839215 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54135 – maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()
https://notcve.org/view.php?id=CVE-2023-54135
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extends to the last slot in the node, in which case the node maximum should be used as the end pivot. akpm: this doesn't affect any current callers, but new users of mapletree may encounter this problem if backporte... • https://git.kernel.org/stable/c/54a611b605901c7d5d05b6b8f5d04a6ceb0962aa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54134 – autofs: fix memory leak of waitqueues in autofs_catatonic_mode
https://notcve.org/view.php?id=CVE-2023-54134
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'..... 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'............. backtrace: [
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54133 – nfp: clean mc addresses in application firmware when closing port
https://notcve.org/view.php?id=CVE-2023-54133
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc addresses are remained and will cause resource leak. Now use `__dev_mc_unsync` to clean mc addresses when closing port. In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmwa... • https://git.kernel.org/stable/c/e20aa071cd955aabc15be0ec1e914283592ddef4 •