CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54292 – RDMA/irdma: Fix data race on CQP request done
https://notcve.org/view.php?id=CVE-2023-54292
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqp_request->request_done memory location which is accessed locklessly in irdma_handle_cqp_op while being updated in irdma_cqp_ce_handler. Annotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any compiler optimizations like load fusing and/or KCSAN warning. [222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma] [222808... • https://git.kernel.org/stable/c/915cc7ac0f8e2a23675ee896e87f17c7d3c47089 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54289 – scsi: qedf: Fix NULL dereference in error handling
https://notcve.org/view.php?id=CVE-2023-54289
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL. • https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54288 – wifi: mac80211: fortify the spinlock against deadlock by interrupt
https://notcve.org/view.php?id=CVE-2023-54288
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211_tx_dequeue() there is a particular locking sequence: begin: spin_lock(&local->queue_stop_reason_lock); q_stopped = local->queue_stop_reasons[q]; spin_unlock(&local->queue_stop_reason_lock); However small the chance (increased by ftracetest), an asynchronous interrupt can occur in between of spin_lock() and spin_unlock(), and the interrupt routine wi... • https://git.kernel.org/stable/c/7b8fe53d2a1da48db02ae961b29b8ee2f5515861 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54287 – tty: serial: imx: disable Ageing Timer interrupt request irq
https://notcve.org/view.php?id=CVE-2023-54287
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.... • https://git.kernel.org/stable/c/8a61f0c70ae65c6b70d13228c3120c73d7425a60 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54286 – wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
https://notcve.org/view.php?id=CVE-2023-54286
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net... • https://git.kernel.org/stable/c/76b5ea43ad2fb4f726ddfaff839430a706e7d7c2 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54285 – iomap: Fix possible overflow condition in iomap_write_delalloc_scan
https://notcve.org/view.php?id=CVE-2023-54285
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_index() returns an unsigned long value which left shifted by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead use folio_pos(folio) + folio_size(folio), which does this correctly. • https://git.kernel.org/stable/c/5c281b0c5d18c8eeb1cfd5023f4adb153e6d1240 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54284 – media: av7110: prevent underflow in write_ts_to_decoder()
https://notcve.org/view.php?id=CVE-2023-54284
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is not negative. It's not clear that passing a negative len value does anything bad necessarily, but it's not best practice. With the new bounds checking the "if (! • https://git.kernel.org/stable/c/fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54283 – bpf: Address KCSAN report on bpf_lru_list
https://notcve.org/view.php?id=CVE-2023-54283
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() pattern instead of data_race(). There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref(). This patch also adds bpf_lru_node_clear_ref() to do the WRITE_ONCE(node->ref, 0) also. ===========================================... • https://git.kernel.org/stable/c/6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54282 – media: tuners: qt1010: replace BUG_ON with a regular error
https://notcve.org/view.php?id=CVE-2023-54282
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 • https://git.kernel.org/stable/c/6cae780862d221106626b2b5fb21a197f398c6ec •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54281 – btrfs: release path before inode lookup during the ino lookup ioctl
https://notcve.org/view.php?id=CVE-2023-54281
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfs_iget() to get an inode reference while we are holding on a root's btree. If btrfs_iget() needs to lookup the inode from the root's btree, because it's not currently loaded in memory, then it will need to lock another or the same path in the same root btree. This may result in a deadlock and trigger the following lockde... • https://git.kernel.org/stable/c/23d0b79dfaed2305b500b0215b0421701ada6b1a •