CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54271 – blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init
https://notcve.org/view.php?id=CVE-2023-54271
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:_raw_spin_lock+0x17/0x30 Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54270 – media: usb: siano: Fix use after free bugs caused by do_submit_urb
https://notcve.org/view.php?id=CVE-2023-54270
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware name: QEMU Standa... • https://git.kernel.org/stable/c/dd47fbd40e6ea6884e295e13a2e50b0894258fdf •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54269 – SUNRPC: double free xprt_ctxt while still in use
https://notcve.org/view.php?id=CVE-2023-54269
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprt_ctxt while still in use When an RPC request is deferred, the rq_xprt_ctxt pointer is moved out of the svc_rqst into the svc_deferred_req. When the deferred request is revisited, the pointer is copied into the new svc_rqst - and also remains in the svc_deferred_req. In the (rare?) case that the request is deferred a second time, the old svc_deferred_req is reused - it still has all the correct content. However in tha... • https://git.kernel.org/stable/c/f5e13d700a4d40ccde3d36e383f9247dcb3c1d2d •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54268 – debugobjects: Don't wake up kswapd from fill_pool()
https://notcve.org/view.php?id=CVE-2023-54268
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation from debugobjects is using GFP_ATOMIC, which is (__GFP_HIGH | __GFP_KSWAPD_RECLAIM) and therefore tries to wake up kswapd, which acquires kswapd_wait::lock. Since fill_pool() might be called with arbitrary locks held, fill_pool() should not assume that acquiring kswapd_wait::lock is safe. Use __GFP_HIGH instead and... • https://git.kernel.org/stable/c/3ac7fe5a4aab409bd5674d0b070bce97f9d20872 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54267 – powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
https://notcve.org/view.php?id=CVE-2023-54267
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads to checking if preemption is enabled, for example: BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693 caller is lparcfg_data+0x408/0x19a0 CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2 Call Trace: dump_stack... • https://git.kernel.org/stable/c/f13c13a005127b5dc5daaca190277a062d946e63 •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2023-54266 – media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-54266
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920x_read() call fail. • https://git.kernel.org/stable/c/82ce3084892c0c0e006ec61f6144f2cc4e5ece88 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54265 – ipv6: Fix an uninit variable access bug in __ip6_make_skb()
https://notcve.org/view.php?id=CVE-2023-54265
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in __ip6_make_skb() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in arch_atomic64_inc arch/x86/include/asm/atomic64_64.h:88 [inline] BUG: KMSAN: uninit-value in arch_atomic_long_inc include/linux/atomic/atomic-long.h:161 [inline] BUG: KMSAN: uninit-value in atomic_long_inc include/linux/atomic/atomic-instrumented.h:1429 [inline] BUG... • https://git.kernel.org/stable/c/14878f75abd5bf1d38becb405801cd491ee215dc •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54264 – fs/sysv: Null check to prevent null-ptr-deref bug
https://notcve.org/view.php?id=CVE-2023-54264
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug. • https://git.kernel.org/stable/c/e976988bc245ec3768cc0f76bed7d05488a7dd0f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54263 – drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP
https://notcve.org/view.php?id=CVE-2023-54263
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP Fixes OOPS on boards with ANX9805 DP encoders. • https://git.kernel.org/stable/c/92d48ce21645267c574268678131cd2b648dad0f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54262 – net/mlx5e: Don't clone flow post action attributes second time
https://notcve.org/view.php?id=CVE-2023-54262
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5e_clone_flow_attr_for_post_act(). Creating another copy in mlx5e_tc_post_act_add() is a erroneous leftover from original implementation. Instead, assign handle->attribute to post_attr provided by the caller. Note that cloning the attribute second time is not just wasteful but also causes issues like second copy not being prop... • https://git.kernel.org/stable/c/8300f225268be9ee2c0daf5a3f23929fcdcbf213 •