CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54233 – ASoC: SOF: avoid a NULL dereference with unsupported widgets
https://notcve.org/view.php?id=CVE-2023-54233
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .module_info field won't be set, then sof_ipc4_route_setup() will cause a kernel Oops trying to dereference it. Add a check for such cases. • https://git.kernel.org/stable/c/3acd527089463742a3dd95e274d53c2fdd834716 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54232 – m68k: Only force 030 bus error if PC not in exception table
https://notcve.org/view.php?id=CVE-2023-54232
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table __get_kernel_nofault() does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrq_trigger. This is expected cause a bus error exception on e.g. NULL pointer dereferencing when logging a kernel task has no workqueue associated. This bus error ought to be ignored. Our 030 bus error handler is ill equipped to deal with this: Whenever ssw indicates a kernel... • https://git.kernel.org/stable/c/f2325ecebc5b7988fd49968bd3a660fd1594dc84 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54231 – net: libwx: fix memory leak in wx_setup_rx_resources
https://notcve.org/view.php?id=CVE-2023-54231
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix memory leak in wx_setup_rx_resources When wx_alloc_page_pool() failed in wx_setup_rx_resources(), it doesn't release DMA buffer. Add dma_free_coherent() in the error path to release the DMA buffer. • https://git.kernel.org/stable/c/850b971110b20cbcc2367516fefe78e84fec7d79 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54230 – amba: bus: fix refcount leak
https://notcve.org/view.php?id=CVE-2023-54230
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amba: bus: fix refcount leak commit 5de1540b7bc4 ("drivers/amba: create devices from device tree") increases the refcount of of_node, but not releases it in amba_device_release, so there is refcount leak. By using of_node_put to avoid refcount leak. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/5de1540b7bc4c23470f86add1e517be41e7fefe2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54229 – wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range
https://notcve.org/view.php?id=CVE-2023-54229
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Because of what seems to be a typo, a 6Ghz-only phy for which the BDF does not allow the 7115Mhz channel will fail to register: WARNING: CPU: 2 PID: 106 at net/wireless/core.c:907 wiphy_register+0x914/0x954 Modules linked in: ath11k_pci sbsa_gwdt CPU: 2 PID: 106 Comm: kworker/u8:5 Not tainted 6.3.0-rc7-next-20230418-00549-g1e096a17625a-dirty #9 Hardware name: Fre... • https://git.kernel.org/stable/c/22eeadcdeab63e88983401f699f61a0121c03a0d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54228 – regulator: raa215300: Fix resource leak in case of error
https://notcve.org/view.php?id=CVE-2023-54228
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: raa215300: Fix resource leak in case of error The clk_register_clkdev() allocates memory by calling vclkdev_alloc() and this memory is not freed in the error path. Similarly, resources allocated by clk_register_fixed_rate() are not freed in the error path. Fix these issues by using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev(). After this, the static variable clk is not needed. Replace it with local variable... • https://git.kernel.org/stable/c/7bce16630837c705f72e8fd53a11ae8c236236f4 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54227 – blk-mq: fix tags leak when shrink nr_hw_queues
https://notcve.org/view.php?id=CVE-2023-54227
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 In step 4, will alloc 9 tags (8 subm... • https://git.kernel.org/stable/c/a846a8e6c9a5949582c5a6a8bbc83a7d27fd891e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54226 – af_unix: Fix data races around sk->sk_shutdown.
https://notcve.org/view.php?id=CVE-2023-54226
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races around sk->sk_shutdown. KCSAN found a data race around sk->sk_shutdown where unix_release_sock() and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll() and unix_dgram_poll() read it locklessly. We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE(). BUG: KCSAN: data-race in unix_poll / unix_release_sock write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unix_release_sock... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54225 – net: ipa: only reset hashed tables when supported
https://notcve.org/view.php?id=CVE-2023-54225
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipa: only reset hashed tables when supported Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently, Google reported seeing transaction reference count underflows occasionally during shutdown. Doug Anderson found a way to reproduce the issue reliably, and bisected the issue to the commit that eliminated the linked l... • https://git.kernel.org/stable/c/d338ae28d8a866c57fcac38f3d77bcc1d1702d19 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54224 – btrfs: fix lockdep splat and potential deadlock after failure running delayed items
https://notcve.org/view.php?id=CVE-2023-54224
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the delayed items. However if have an error during the insertions for example, btrfs_insert_delayed_items() may return with a path that has locked extent buffers (a leaf at the very least), and then we attempt to relea... • https://git.kernel.org/stable/c/506650dcb3a716ad98681f7091ba2f8e748c04b8 •