CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54232 – m68k: Only force 030 bus error if PC not in exception table
https://notcve.org/view.php?id=CVE-2023-54232
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table __get_kernel_nofault() does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrq_trigger. This is expected cause a bus error exception on e.g. NULL pointer dereferencing when logging a kernel task has no workqueue associated. This bus error ought to be ignored. Our 030 bus error handler is ill equipped to deal with this: Whenever ssw indicates a kernel... • https://git.kernel.org/stable/c/1a6059f5ed57f48edfe7159404ff7d538d9d405b •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54230 – amba: bus: fix refcount leak
https://notcve.org/view.php?id=CVE-2023-54230
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amba: bus: fix refcount leak commit 5de1540b7bc4 ("drivers/amba: create devices from device tree") increases the refcount of of_node, but not releases it in amba_device_release, so there is refcount leak. By using of_node_put to avoid refcount leak. • https://git.kernel.org/stable/c/5de1540b7bc4c23470f86add1e517be41e7fefe2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54229 – wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range
https://notcve.org/view.php?id=CVE-2023-54229
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Because of what seems to be a typo, a 6Ghz-only phy for which the BDF does not allow the 7115Mhz channel will fail to register: WARNING: CPU: 2 PID: 106 at net/wireless/core.c:907 wiphy_register+0x914/0x954 Modules linked in: ath11k_pci sbsa_gwdt CPU: 2 PID: 106 Comm: kworker/u8:5 Not tainted 6.3.0-rc7-next-20230418-00549-g1e096a17625a-dirty #9 Hardware name: Fre... • https://git.kernel.org/stable/c/532f8bac60419eb28158770470b9bb655de207c8 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54227 – blk-mq: fix tags leak when shrink nr_hw_queues
https://notcve.org/view.php?id=CVE-2023-54227
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 In step 4, will alloc 9 tags (8 subm... • https://git.kernel.org/stable/c/c0ef7493e68b8896806a2f598fcffbaa97333405 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54226 – af_unix: Fix data races around sk->sk_shutdown.
https://notcve.org/view.php?id=CVE-2023-54226
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races around sk->sk_shutdown. KCSAN found a data race around sk->sk_shutdown where unix_release_sock() and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll() and unix_dgram_poll() read it locklessly. We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE(). BUG: KCSAN: data-race in unix_poll / unix_release_sock write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unix_release_sock... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54224 – btrfs: fix lockdep splat and potential deadlock after failure running delayed items
https://notcve.org/view.php?id=CVE-2023-54224
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the delayed items. However if have an error during the insertions for example, btrfs_insert_delayed_items() may return with a path that has locked extent buffers (a leaf at the very least), and then we attempt to relea... • https://git.kernel.org/stable/c/50abe4b37f58a25214b732212926d35e6fabd6c3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54214 – Bluetooth: L2CAP: Fix potential user-after-free
https://notcve.org/view.php?id=CVE-2023-54214
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling alloc_skb which may release the chan lock and reacquire later which makes it possible that the chan is disconnected in the meantime. • https://git.kernel.org/stable/c/a6a5568c03c4805d4d250f6bd9d468eeeb4ea059 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54213 – USB: sisusbvga: Add endpoint checks
https://notcve.org/view.php?id=CVE-2023-54213
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: sisusbvga: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0 Hardware name: Google Google Compute E... • https://git.kernel.org/stable/c/bccb2ccb65515dc66a8001f99f4dcba8a45987f9 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54207 – HID: uclogic: Correct devm device reference for hidinput input_dev name
https://notcve.org/view.php?id=CVE-2023-54207
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management. Use devm_kasprintf to simplify the logi... • https://git.kernel.org/stable/c/cce2dbdf258e6b27b2b100f511531edabb77f427 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50846 – mmc: via-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50846
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path which wil... • https://git.kernel.org/stable/c/f0bf7f61b8405224bc52fc9a3ccd167a68126e00 •