CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54069 – ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
https://notcve.org/view.php?id=CVE-2023-54069
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow When we calculate the end position of ext4_free_extent, this position may be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not the first case of adjusting the best extent, that is, new_bex_end > 0, the following BUG_ON will be ... • https://git.kernel.org/stable/c/8659c5f4ffaacbe932849b98462c3d635b4eacea •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54068 – f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
https://notcve.org/view.php?id=CVE-2023-54068
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() BUG_ON() will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folio_end_writeback(struct folio *folio) 1598 { ...... 1618 if (!__folio_end_writeback(folio)) 1619 BUG(); ...... 1625 } kernel BUG at mm/filemap.c:1619! Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54067 – btrfs: fix race when deleting free space root from the dirty cow roots list
https://notcve.org/view.php?id=CVE-2023-54067
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fs_info->dirty_cowonly_roots without taking the lock that protects it, which is struct btrfs_fs_info::trans_lock. This unsynchronized list manipulation may cause chaos if there's another concurrent manipulation of this list, such as when adding a root to it with ctree.c:add_root_to_d... • https://git.kernel.org/stable/c/a5ed91828518ab076209266c2bc510adabd078df •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54066 – media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
https://notcve.org/view.php?id=CVE-2023-54066
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach gl861_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb:... • https://git.kernel.org/stable/c/1ea76d16569b7fc242b860c7e19549be028b13d1 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54064 – ipmi:ssif: Fix a memory leak when scanning for an adapter
https://notcve.org/view.php?id=CVE-2023-54064
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssif_info_find() sets info->adapter_name if the adapter info came from SMBIOS, as it's not set in that case. However, this function can be called more than once, and it will leak the adapter name if it had already been set. So check for NULL before setting it. In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanni... • https://git.kernel.org/stable/c/c4436c9149c5d2bc0c49ab57ec85c75ea1c4d61c •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54063 – fs/ntfs3: Fix OOB read in indx_insert_into_buffer
https://notcve.org/view.php?id=CVE-2023-54063
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indx_insert_into_buffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54062 – ext4: fix invalid free tracking in ext4_xattr_move_to_block()
https://notcve.org/view.php?id=CVE-2023-54062
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was... • https://git.kernel.org/stable/c/c7851208abffe5ae4deb01cf48763911dc14fc67 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54058 – firmware: arm_ffa: Check if ffa_driver remove is present before executing
https://notcve.org/view.php?id=CVE-2023-54058
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currently ffa_drv->remove() is called unconditionally from ffa_device_remove(). Since the driver registration doesn't check for it and allows it to be registered without .remove callback, we need to check for the presence of it before executing it from ffa_device_remove() to above a NULL pointer dereference like the one below: | Unable to handle kernel NULL pointer de... • https://git.kernel.org/stable/c/244f5d597e1ea519c2085fbd9819458688775e42 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54057 – iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
https://notcve.org/view.php?id=CVE-2023-54057
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has no width limitation. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid ... • https://git.kernel.org/stable/c/ca3bf5d47cec8b7614bcb2e9132c40081d6d81db •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54056 – kheaders: Use array declaration instead of char
https://notcve.org/view.php?id=CVE-2023-54056
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination and source buffers. Defining kernel_headers_data as "char" would trip this check. Since these addresses are treated as byte arrays, define them as arrays (as done everywhere else). This was seen with: $ cat /sys/kernel/kheaders.tar.xz >> /dev/null detected buffer overflow in memcpy kernel BUG at lib/string_helpers.c:1027!... • https://git.kernel.org/stable/c/43d8ce9d65a54846d378545770991e65838981e0 •