CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54097 – regulator: stm32-pwr: fix of_iomap leak
https://notcve.org/view.php?id=CVE-2023-54097
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform_ioremap_resourc... • https://git.kernel.org/stable/c/dc62f951a6a8490bcccc7b6de36cd85bd57be740 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54095 – powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
https://notcve.org/view.php?id=CVE-2023-54095
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both PCI and VIO buses. struct notifier_block is a linked list node, so this causes any notifiers later registered to either bus type to also be registered to the other since they share the same node. This causes issues in (at least) the vgaarb code, which registers a notifier for PCI buses. pci_notify() ends up ... • https://git.kernel.org/stable/c/d6b9a81b2a45786384f5bd3516bd6ddfb4b772c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54093 – media: anysee: fix null-ptr-deref in anysee_master_xfer
https://notcve.org/view.php?id=CVE-2023-54093
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-pt... • https://git.kernel.org/stable/c/73c0b224ceeba12dee2a7a8cbc147648da0b2e63 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54091 – drm/client: Fix memory leak in drm_client_target_cloned
https://notcve.org/view.php?id=CVE-2023-54091
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+... • https://git.kernel.org/stable/c/1d42bbc8f7f9ce4d852692ef7aa336b133b0830a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54087 – ubi: Fix possible null-ptr-deref in ubi_free_volume()
https://notcve.org/view.php?id=CVE-2023-54087
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether they are added o... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54086 – bpf: Add preempt_count_{sub,add} into btf id deny list
https://notcve.org/view.php?id=CVE-2023-54086
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add preempt_count_{sub,add} into btf id deny list The recursion check in __bpf_prog_enter* and __bpf_prog_exit* leave preempt_count_{sub,add} unprotected. When attaching trampoline to them we get panic as follows, [ 867.843050] BUG: TASK stack guard page was hit at 0000000009d325cf (stack is 0000000046a46a15..00000000537e7b28) [ 867.843064] stack guard page: 0000 [#1] PREEMPT SMP NOPTI [ 867.843067] CPU: 8 PID: 11009 Comm: trace Kdump:... • https://git.kernel.org/stable/c/095018267c87b8bfbbb12eeb1c0ebf2359e1782c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54084 – ALSA: firewire-digi00x: prevent potential use after free
https://notcve.org/view.php?id=CVE-2023-54084
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if init_stream() failed, but it instead freed dg00x->rx_stream and returned success. This potentially leads to a use after free. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if init_stream() failed, but it instead... • https://git.kernel.org/stable/c/9a08067ec318cbeaf0caa2d104cf677e723e02a3 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-54082 – af_unix: Fix null-ptr-deref in unix_stream_sendpage().
https://notcve.org/view.php?id=CVE-2023-54082
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Bing-Jhong Billy Jheng reported null-ptr-deref in unix_stream_sendpage() with detailed analysis and a nice repro. unix_stream_sendpage() tries to add data to the last skb in the peer's recv queue without locking the queue. If the peer's FD is passed to another socket and the socket's FD is passed to the peer, there is a loop between them. If we close both sockets without receiving FD, t... • https://git.kernel.org/stable/c/869e7c62486ec0e170a9771acaa251d1a33b5871 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54081 – xen: speed up grant-table reclaim
https://notcve.org/view.php?id=CVE-2023-54081
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very la... • https://git.kernel.org/stable/c/cd1a8952ff529adc210e62306849fd6f256608c0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54079 – power: supply: bq27xxx: Fix poll_interval handling and races on remove
https://notcve.org/view.php?id=CVE-2023-54079
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix poll_interval handling and races on remove Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item. There are 2 problems with this: 1. If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly 2. This is racy, after it being set poll_interval could be changed before bq2... • https://git.kernel.org/stable/c/8cfaaa811894a3ae2d7360a15a6cfccff3ebc7db •