CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54055 – RDMA/irdma: Fix memory leak of PBLE objects
https://notcve.org/view.php?id=CVE-2023-54055
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix memory leak of PBLE objects On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC objects. PBLEs objects and the Segment Descriptors (SD) for it can be dynamically allocated during scale up and SD's remain allocated till function deinitialization. Fix this leak by adding IRDMA_HMC_IW_PBLE to the iw_hmc_obj_types[] tab... • https://git.kernel.org/stable/c/44d9e52977a1b90b0db1c7f8b197c218e9226520 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54053 – wifi: iwlwifi: pcie: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-54053
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: ... • https://git.kernel.org/stable/c/809805a820c6445f7a701ded24fdc6bbc841d1e4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54052 – wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU
https://notcve.org/view.php?id=CVE-2023-54052
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the problem can be recovered by txs timeout handling, mt7921 still need to disable txs in AMSDU to avoid this issue. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs... • https://git.kernel.org/stable/c/163f4d22c118d4eb9e275bf9ee1577c0d14b3208 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54051 – net: do not allow gso_size to be set to GSO_BY_FRAGS
https://notcve.org/view.php?id=CVE-2023-54051
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because this magic value is used by the kernel. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 0 PID: 50... • https://git.kernel.org/stable/c/3953c46c3ac7eef31a9935427371c6f54a22f1ba •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54050 – ubifs: Fix memleak when insert_old_idx() failed
https://notcve.org/view.php?id=CVE-2023-54050
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (unlikely(err)) return ERR_PTR(err); // No one refers to zn. Fetch a reproducer in [Link]. Function copy_znode() is split into 2 parts: resource allocation and znode replacement, insert_old_idx() is split in similar way, so resource cleanup co... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54049 – rpmsg: glink: Add check for kstrdup
https://notcve.org/view.php?id=CVE-2023-54049
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix ... • https://git.kernel.org/stable/c/b4f8e52b89f69f5563ac4cb9ffdacc4418917af1 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54048 – RDMA/bnxt_re: Prevent handling any completions after qp destroy
https://notcve.org/view.php?id=CVE-2023-54048
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since CQs are active during the QP destroy, driver may still schedule completion handlers. This can cause a race where the destroy_cq and poll_cq running simultaneously. Snippet of kernel panic while doing bnxt_re drive... • https://git.kernel.org/stable/c/1ac5a404797523cedaf424a3aaa3cf8f9548dff8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54047 – drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
https://notcve.org/view.php?id=CVE-2023-54047
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchip_hdmi, which is allocated with the component. The component memory gets freed before the main drm device is destroyed. Fix it by running encoder cleanup before tearing down its container. [moved encoder cleanup above clk_disable, similar to bind-error-path] In the Linux kernel, the fo... • https://git.kernel.org/stable/c/8e3b16e2117409625b89807de3912ff773aea354 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54046 – crypto: essiv - Handle EBUSY correctly
https://notcve.org/view.php?id=CVE-2023-54046
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv... • https://git.kernel.org/stable/c/be1eb7f78aa8fbe34779c56c266ccd0364604e71 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54045 – audit: fix possible soft lockup in __audit_inode_child()
https://notcve.org/view.php?id=CVE-2023-54045
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7... • https://git.kernel.org/stable/c/5195d8e217a78697152d64fc09a16e063a022465 •