CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54134 – autofs: fix memory leak of waitqueues in autofs_catatonic_mode
https://notcve.org/view.php?id=CVE-2023-54134
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'..... 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'............. backtrace: [
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54127 – fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
https://notcve.org/view.php?id=CVE-2023-54127
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800 Free of addr ffff888086408000 by task syz-executor.4/12750 [...] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54121 – btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
https://notcve.org/view.php?id=CVE-2023-54121
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range In production we were seeing a variety of WARN_ON()'s in the extent_map code, specifically in btrfs_drop_extent_map_range() when we have to call add_extent_mapping() for our second split. Consider the following extent map layout PINNED [0 16K) [32K, 48K) and then we call btrfs_drop_extent_map_range for [0, 36K), with skip_pinned == true. The initial loop will have start = 0 end =... • https://git.kernel.org/stable/c/55ef68990029fcd8d04d42fc184aa7fb18cf309e •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54120 – Bluetooth: Fix race condition in hidp_session_thread
https://notcve.org/view.php?id=CVE-2023-54120
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called in hidp_session_thread(). After hidp_session_put, then 'session' will be freed, causing kernel panic when hidp_idle_timeout is running. The solution is to use del_timer_sync instead of del_timer. Here is the call trace: ? • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54119 – inotify: Avoid reporting event with invalid wd
https://notcve.org/view.php?id=CVE-2023-54119
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotify_freeing_mark() races with inotify_handle_inode_event() it can happen that inotify_handle_inode_event() sees that i_mark->wd got already reset to -1 and reports this value to userspace which can confuse the inotify listener. Avoid the problem by validating that wd is sensible (and pretend the mark got removed before the event got generated otherwise). In the Linux kernel, the follow... • https://git.kernel.org/stable/c/7e790dd5fc937bc8d2400c30a05e32a9e9eef276 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54115 – pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
https://notcve.org/view.php?id=CVE-2023-54115
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() When nonstatic_release_resource_db() frees all resources associated with an PCMCIA socket, it forgets to free socket_data too, causing a memory leak observable with kmemleak: unreferenced object 0xc28d1000 (size 64): comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ............... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54110 – usb: rndis_host: Secure rndis_query check against int overflow
https://notcve.org/view.php?id=CVE-2023-54110
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries ... • https://git.kernel.org/stable/c/ddda08624013e8435e9f7cfc34a35bd7b3520b6d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54093 – media: anysee: fix null-ptr-deref in anysee_master_xfer
https://notcve.org/view.php?id=CVE-2023-54093
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-pt... • https://git.kernel.org/stable/c/a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54091 – drm/client: Fix memory leak in drm_client_target_cloned
https://notcve.org/view.php?id=CVE-2023-54091
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+... • https://git.kernel.org/stable/c/1d42bbc8f7f9ce4d852692ef7aa336b133b0830a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54087 – ubi: Fix possible null-ptr-deref in ubi_free_volume()
https://notcve.org/view.php?id=CVE-2023-54087
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether they are added o... • https://git.kernel.org/stable/c/801c135ce73d5df1caf3eca35b66a10824ae0707 •