CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54106 – net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
https://notcve.org/view.php?id=CVE-2023-54106
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5e_init_rep_rx The memory pointed to by the priv->rx_res pointer is not freed in the error path of mlx5e_init_rep_rx, which can lead to a memory leak. Fix by freeing the memory in the error path, thereby making the error path identical to mlx5e_cleanup_rep_rx(). In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5e_init_rep_rx The memory poi... • https://git.kernel.org/stable/c/af8bbf7300686961f74e72e2dc10a76672603cb3 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54105 – can: isotp: check CAN address family in isotp_bind()
https://notcve.org/view.php?id=CVE-2023-54105
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotp_bind() Add missing check to block non-AF_CAN binds. Syzbot created some code which matched the right sockaddr struct size but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family field: bind$xdp(r2, &(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10) ^^^^ This has no funtional impact but the userspace should be notified about the wrong address family field content. In the Linux kernel... • https://git.kernel.org/stable/c/e057dd3fc20ffb3d7f150af46542a51b59b90127 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54104 – mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
https://notcve.org/view.php?id=CVE-2023-54104
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() 'op-cs' is copied in 'fun->mchip_number' which is used to access the 'mchip_offsets' and the 'rnb_gpio' arrays. These arrays have NAND_MAX_CHIPS elements, so the index must be below this limit. Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This would lead to out-of-bound accesses. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand... • https://git.kernel.org/stable/c/54309d65776755bcdb9dcf3744cd764fc1e254ea •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54102 – scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
https://notcve.org/view.php?id=CVE-2023-54102
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow A static code analysis tool flagged the possibility of buffer overflow when using copy_from_user() for a debugfs entry. Currently, it is possible that copy_from_user() copies more bytes than what would fit in the mybuf char array. Add a min() restriction check between sizeof(mybuf) - 1 and nbytes passed from the userspace buffer to protect against buffer overflow. In the Linu... • https://git.kernel.org/stable/c/6a828b0f6192b4930894925d1c1d0dc1f1d99e6e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54101 – driver: soc: xilinx: use _safe loop iterator to avoid a use after free
https://notcve.org/view.php?id=CVE-2023-54101
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use _safe loop iterator to avoid a use after free The hash_for_each_possible() loop dereferences "eve_data" to get the next item on the list. However the loop frees eve_data so it leads to a use after free. Use hash_for_each_possible_safe() instead. In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use _safe loop iterator to avoid a use after free The hash_for_each_possible() loop ... • https://git.kernel.org/stable/c/c7fdb2404f66131bc9c22e06f712717288826487 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54100 – scsi: qedi: Fix use after free bug in qedi_remove()
https://notcve.org/view.php?id=CVE-2023-54100
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work. In qedi_remove(), which is called to remove the driver, the following sequence may be observed: Fix this by finishing the... • https://git.kernel.org/stable/c/4b1068f5d74b6cc92319bd7eba40809b1222e73f •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54099 – fs: Protect reconfiguration of sb read-write from racing writes
https://notcve.org/view.php?id=CVE-2023-54099
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounting read-only filesystem to read-write mode userspace writes can start immediately once we clear SB_RDONLY flag. This is inconvenient for example for ext4 because we need to do some writes to the filesystem (such as ... • https://git.kernel.org/stable/c/8d0347f6c3a9d4953ddd636a31c6584da082e084 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54098 – drm/i915/gvt: fix gvt debugfs destroy
https://notcve.org/view.php?id=CVE-2023-54098
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix gvt debugfs destroy When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs directory has already been removed, then intel_gvt_debugfs_clean() would act upon dangling pointer like below oops. i915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state f... • https://git.kernel.org/stable/c/bc7b0be316aebac42eb9e8e54c984609555944da •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54097 – regulator: stm32-pwr: fix of_iomap leak
https://notcve.org/view.php?id=CVE-2023-54097
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform_ioremap_resourc... • https://git.kernel.org/stable/c/dc62f951a6a8490bcccc7b6de36cd85bd57be740 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54096 – soundwire: fix enumeration completion
https://notcve.org/view.php?id=CVE-2023-54096
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for soundwire device to become enumerated on the bus and initialised by their drivers, respectively. The code implementing the signalling is currently broken as it does not signal all current and future waiters and also uses the wrong reinitialisation function, which can potentially lead to memory corruption if there are s... • https://git.kernel.org/stable/c/fb9469e54fa7a7b6a8137c40ae66c41b8d0ab175 •