CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54102 – scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
https://notcve.org/view.php?id=CVE-2023-54102
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow A static code analysis tool flagged the possibility of buffer overflow when using copy_from_user() for a debugfs entry. Currently, it is possible that copy_from_user() copies more bytes than what would fit in the mybuf char array. Add a min() restriction check between sizeof(mybuf) - 1 and nbytes passed from the userspace buffer to protect against buffer overflow. In the Linu... • https://git.kernel.org/stable/c/644a9d5e22761a41d5005a26996a643da96de962 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54100 – scsi: qedi: Fix use after free bug in qedi_remove()
https://notcve.org/view.php?id=CVE-2023-54100
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work. In qedi_remove(), which is called to remove the driver, the following sequence may be observed: Fix this by finishing the... • https://git.kernel.org/stable/c/4b1068f5d74b6cc92319bd7eba40809b1222e73f •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54099 – fs: Protect reconfiguration of sb read-write from racing writes
https://notcve.org/view.php?id=CVE-2023-54099
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounting read-only filesystem to read-write mode userspace writes can start immediately once we clear SB_RDONLY flag. This is inconvenient for example for ext4 because we need to do some writes to the filesystem (such as ... • https://git.kernel.org/stable/c/0336b42456e485fda1006b5b411e7372e20fbf03 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54098 – drm/i915/gvt: fix gvt debugfs destroy
https://notcve.org/view.php?id=CVE-2023-54098
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix gvt debugfs destroy When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs directory has already been removed, then intel_gvt_debugfs_clean() would act upon dangling pointer like below oops. i915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state f... • https://git.kernel.org/stable/c/bc7b0be316aebac42eb9e8e54c984609555944da •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54097 – regulator: stm32-pwr: fix of_iomap leak
https://notcve.org/view.php?id=CVE-2023-54097
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform_ioremap_resourc... • https://git.kernel.org/stable/c/dc62f951a6a8490bcccc7b6de36cd85bd57be740 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54096 – soundwire: fix enumeration completion
https://notcve.org/view.php?id=CVE-2023-54096
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for soundwire device to become enumerated on the bus and initialised by their drivers, respectively. The code implementing the signalling is currently broken as it does not signal all current and future waiters and also uses the wrong reinitialisation function, which can potentially lead to memory corruption if there are s... • https://git.kernel.org/stable/c/fb9469e54fa7a7b6a8137c40ae66c41b8d0ab175 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54095 – powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
https://notcve.org/view.php?id=CVE-2023-54095
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both PCI and VIO buses. struct notifier_block is a linked list node, so this causes any notifiers later registered to either bus type to also be registered to the other since they share the same node. This causes issues in (at least) the vgaarb code, which registers a notifier for PCI buses. pci_notify() ends up ... • https://git.kernel.org/stable/c/d6b9a81b2a45786384f5bd3516bd6ddfb4b772c6 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54094 – net: prevent skb corruption on frag list segmentation
https://notcve.org/view.php?id=CVE-2023-54094
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting different oops alike: [ 62.624003] BUG: kernel NULL pointer dereference, address: 00000000000000c0 [ 62.631083] #PF: supervisor read access in kernel mode [ 62.636312] #PF: error_code(0x0000) - not-present page [ 62.641541] PGD 0 P4D 0 [ 62.644174] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 62.648629] CPU: 1 PID: 913 Comm... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54093 – media: anysee: fix null-ptr-deref in anysee_master_xfer
https://notcve.org/view.php?id=CVE-2023-54093
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-pt... • https://git.kernel.org/stable/c/73c0b224ceeba12dee2a7a8cbc147648da0b2e63 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54092 – KVM: s390: pv: fix index value of replaced ASCE
https://notcve.org/view.php?id=CVE-2023-54092
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390_replace_asce(), the index of the new ASCE should also be set to 0. Having the wrong index might lead to the wrong addresses being passed around when notifying pte invalidations, and eventually to validity intercepts (VM crash) if the prefix gets unmapped and the notifier gets called wi... • https://git.kernel.org/stable/c/9d216035d173214cd33712d67d89220ef2283ebf •