CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54086 – bpf: Add preempt_count_{sub,add} into btf id deny list
https://notcve.org/view.php?id=CVE-2023-54086
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add preempt_count_{sub,add} into btf id deny list The recursion check in __bpf_prog_enter* and __bpf_prog_exit* leave preempt_count_{sub,add} unprotected. When attaching trampoline to them we get panic as follows, [ 867.843050] BUG: TASK stack guard page was hit at 0000000009d325cf (stack is 0000000046a46a15..00000000537e7b28) [ 867.843064] stack guard page: 0000 [#1] PREEMPT SMP NOPTI [ 867.843067] CPU: 8 PID: 11009 Comm: trace Kdump:... • https://git.kernel.org/stable/c/35e3815fa8102fab4dee75f3547472c66581125d •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54084 – ALSA: firewire-digi00x: prevent potential use after free
https://notcve.org/view.php?id=CVE-2023-54084
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if init_stream() failed, but it instead freed dg00x->rx_stream and returned success. This potentially leads to a use after free. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if init_stream() failed, but it instead... • https://git.kernel.org/stable/c/9a08067ec318cbeaf0caa2d104cf677e723e02a3 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54083 – phy: tegra: xusb: Clear the driver reference in usb-phy dev
https://notcve.org/view.php?id=CVE-2023-54083
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy. When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN. In the Linux kernel, the following vulnerability has been resolved: phy: tegr... • https://git.kernel.org/stable/c/e8f7d2f409a15c519d5a6085777d85c1c4bab73a •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54081 – xen: speed up grant-table reclaim
https://notcve.org/view.php?id=CVE-2023-54081
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very la... • https://git.kernel.org/stable/c/569ca5b3f94cd0b3295ec5943aa457cf4a4f6a3a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54079 – power: supply: bq27xxx: Fix poll_interval handling and races on remove
https://notcve.org/view.php?id=CVE-2023-54079
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix poll_interval handling and races on remove Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item. There are 2 problems with this: 1. If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly 2. This is racy, after it being set poll_interval could be changed before bq2... • https://git.kernel.org/stable/c/8cfaaa811894a3ae2d7360a15a6cfccff3ebc7db •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54078 – media: max9286: Free control handler
https://notcve.org/view.php?id=CVE-2023-54078
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path. Fix it. In the Linux kernel, the following vulnerability has been resolved: media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path. Fix it. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/66d8c9d2422da21ed41f75c03ba0685987b65fe0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50783 – mptcp: use proper req destructor for IPv6
https://notcve.org/view.php?id=CVE-2022-50783
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks with some advanced IPv6 features, e.g. when the request socks contain specific IPv6 options. In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from T... • https://git.kernel.org/stable/c/79c0949e9a09f6a14a6dd18dc8396029423f9b68 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50782 – ext4: fix bug_on in __es_tree_search caused by bad quota inode
https://notcve.org/view.php?id=CVE-2022-50782
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search caused by bad quota inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extents_status.c:202! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 810 Comm: mount Not tainted 6.1.0-rc1-next-g9631525255e3 #352 RIP: 0010:__es_tree_search.isra.0+0xb8/0xe0 RSP: 0018:ffffc90001227900 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000077512a0f ... • https://git.kernel.org/stable/c/393d1d1d76933886d5e1ce603214c9987589c6d5 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50781 – amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
https://notcve.org/view.php?id=CVE-2022-50781
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() In the PP_OD_EDIT_VDDC_CURVE case the "input_index" variable is capped at 2 but not checked for negative values so it results in an out of bounds read. This value comes from the user via sysfs. In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() In the PP_OD_EDIT_VDDC_CURVE case the "input_index... • https://git.kernel.org/stable/c/d5bf26539494d16dfabbbea0854a47d202ea15c0 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50780 – net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
https://notcve.org/view.php?id=CVE-2022-50780
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed When the ops_init() interface is invoked to initialize the net, but ops->init() fails, data is released. However, the ptr pointer in net->gen is invalid. In this case, when nfqnl_nf_hook_drop() is invoked to release the net, invalid address access occurs. The process is as follows: setup_net() ops_init() data = kzalloc(...) ---> alloc "data" net_assign_generic() ---> assign "... • https://git.kernel.org/stable/c/f875bae065334907796da12523f9df85c89f5712 •