CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54053 – wifi: iwlwifi: pcie: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-54053
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: ... • https://git.kernel.org/stable/c/809805a820c6445f7a701ded24fdc6bbc841d1e4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54051 – net: do not allow gso_size to be set to GSO_BY_FRAGS
https://notcve.org/view.php?id=CVE-2023-54051
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because this magic value is used by the kernel. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 0 PID: 50... • https://git.kernel.org/stable/c/3953c46c3ac7eef31a9935427371c6f54a22f1ba •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54050 – ubifs: Fix memleak when insert_old_idx() failed
https://notcve.org/view.php?id=CVE-2023-54050
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (unlikely(err)) return ERR_PTR(err); // No one refers to zn. Fetch a reproducer in [Link]. Function copy_znode() is split into 2 parts: resource allocation and znode replacement, insert_old_idx() is split in similar way, so resource cleanup co... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54049 – rpmsg: glink: Add check for kstrdup
https://notcve.org/view.php?id=CVE-2023-54049
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix ... • https://git.kernel.org/stable/c/b4f8e52b89f69f5563ac4cb9ffdacc4418917af1 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54048 – RDMA/bnxt_re: Prevent handling any completions after qp destroy
https://notcve.org/view.php?id=CVE-2023-54048
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since CQs are active during the QP destroy, driver may still schedule completion handlers. This can cause a race where the destroy_cq and poll_cq running simultaneously. Snippet of kernel panic while doing bnxt_re drive... • https://git.kernel.org/stable/c/1ac5a404797523cedaf424a3aaa3cf8f9548dff8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54047 – drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
https://notcve.org/view.php?id=CVE-2023-54047
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The component memory gets freed before the main drm device is destroyed. Fix it by running encoder cleanup before tearing down its container. [moved encoder cleanup above clk_disable, similar to bind-error-path] In the Linux kernel, the fo... • https://git.kernel.org/stable/c/8e3b16e2117409625b89807de3912ff773aea354 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54046 – crypto: essiv - Handle EBUSY correctly
https://notcve.org/view.php?id=CVE-2023-54046
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv... • https://git.kernel.org/stable/c/be1eb7f78aa8fbe34779c56c266ccd0364604e71 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54045 – audit: fix possible soft lockup in __audit_inode_child()
https://notcve.org/view.php?id=CVE-2023-54045
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7... • https://git.kernel.org/stable/c/5195d8e217a78697152d64fc09a16e063a022465 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54044 – spmi: Add a check for remove callback when removing a SPMI driver
https://notcve.org/view.php?id=CVE-2023-54044
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_dr... • https://git.kernel.org/stable/c/5a86bf343976b9c8ab2f240bc866451fa67e5573 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50736 – RDMA/siw: Fix immediate work request flush to completion queue
https://notcve.org/view.php?id=CVE-2022-50736
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value results in out-of-bounds access to an array for mapping the opcode between siw internal and RDMA core representation in work completion generation. It resulted in a KASAN BUG report of type 'global-out-of-bounds' during... • https://git.kernel.org/stable/c/303ae1cdfdf7280ff4cfbbe65563b5ff15bb025b •