CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54117 – s390/dcssblk: fix kernel crash with list_add corruption
https://notcve.org/view.php?id=CVE-2023-54117
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("dax: simplify the dax_device <-> gendisk association") introduced new logic for gendisk association, requiring drivers to explicitly call dax_add_host() and dax_remove_host(). For dcssblk driver, some dax_remove_host() calls were missing, e.g. in device remove path. The commit also broke error handling for out_dax case in device add path, resulting in an extra put... • https://git.kernel.org/stable/c/fb08a1908cb119a4585611d91461ab6d27756b14 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54116 – drm/fbdev-generic: prohibit potential out-of-bounds access
https://notcve.org/view.php?id=CVE-2023-54116
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, with 1680x1050 resolution, will cause the linux kernel hang with the following call trace: Oops: 0000 [#1] PREEMPT SMP PTI [IGT] fbdev: starting subtest eof Workqueue: events drm_fb_helper_damage_work [drm_kms_helper]... • https://git.kernel.org/stable/c/aa15c677cc34e626789cb65b8e7375180851c03b •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54115 – pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
https://notcve.org/view.php?id=CVE-2023-54115
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() When nonstatic_release_resource_db() frees all resources associated with an PCMCIA socket, it forgets to free socket_data too, causing a memory leak observable with kmemleak: unreferenced object 0xc28d1000 (size 64): comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ............... • https://git.kernel.org/stable/c/bde0b6da7bd893c37afaee3555cc3ac3be582313 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54114 – net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
https://notcve.org/view.php?id=CVE-2023-54114
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() As the call trace shows, skb_panic was caused by wrong skb->mac_header in nsh_gso_segment(): invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1 RIP: 0010:skb_panic+0xda/0xe0 call Trace: skb_push+0x91/0xa0 nsh_gso_segment+0x4f3/0x570 skb_mac_gso_segment+0x19e/0x270 __skb_gso_segment+0x1e8/0x3c0 validate_xmit_skb+... • https://git.kernel.org/stable/c/c411ed854584a71b0e86ac3019b60e4789d88086 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54113 – rcu: dump vmalloc memory info safely
https://notcve.org/view.php?id=CVE-2023-54113
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke call_rcu(), will dump rcu_head objects memory info, if the objects is not allocated from the slab allocator, the vmalloc_dump_obj() will be invoke and the vmap_area_lock spinlock need to be held, since the call_rcu() can be invoked in interrupt context, therefore, there is a possibility of spinlock deadlock scenarios. And in Preempt-RT kernel, the rcutorture test also trigger... • https://git.kernel.org/stable/c/98f180837a896ecedf8f7e12af22b57f271d43c9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54112 – kcm: Fix memory leak in error path of kcm_sendmsg()
https://notcve.org/view.php?id=CVE-2023-54112
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: Fix memory leak in error path of kcm_sendmsg() syzbot reported a memory leak like below: BUG: memory leak unreferenced object 0xffff88810b088c00 (size 240): comm "syz-executor186", pid 5012, jiffies 4294943306 (age 13.680s) hex dump (first 32 bytes): 00 89 08 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54111 – pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
https://notcve.org/view.php?id=CVE-2023-54111
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups of_find_node_by_phandle() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups of_find_node_by_phandle() returns a node pointer wi... • https://git.kernel.org/stable/c/d3e5116119bd02ea7716bbe04b39c21bba4bcf42 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54110 – usb: rndis_host: Secure rndis_query check against int overflow
https://notcve.org/view.php?id=CVE-2023-54110
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries ... • https://git.kernel.org/stable/c/ddda08624013e8435e9f7cfc34a35bd7b3520b6d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54109 – media: rcar_fdp1: Fix refcount leak in probe and remove function
https://notcve.org/view.php?id=CVE-2023-54109
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rcar_fdp1: Fix refcount leak in probe and remove function rcar_fcp_get() take reference, which should be balanced with rcar_fcp_put(). Add missing rcar_fcp_put() in fdp1_remove and the error paths of fdp1_probe() to fix this. [hverkuil: resolve merge conflict, remove() is now void] In the Linux kernel, the following vulnerability has been resolved: media: rcar_fdp1: Fix refcount leak in probe and remove function rcar_fcp_get() take r... • https://git.kernel.org/stable/c/4710b752e029f3f82dd4a84d9dc61fe72c97bf82 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54108 – scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
https://notcve.org/view.php?id=CVE-2023-54108
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as single] WARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017 check_unmap+0xf42/0x1990 Call Trace: debug_dma_unmap_page+0xc9/0x100 qla_nvme_ls_unmap+0x141/0x210 [qla2xxx] Remove DMA map... • https://git.kernel.org/stable/c/2d087c7e55db420107c3ea97b228e067a7b488a1 •