CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54198 – tty: fix out-of-bounds access in tty_driver_lookup_tty()
https://notcve.org/view.php?id=CVE-2023-54198
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_driver_lookup_tty() returns the tty struct without checking whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \ -kernel ../linux-build-x86/arch/x86/boot/bzImage \ -append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kernel NULL pointer de... • https://git.kernel.org/stable/c/99f1fe189daf8e99a847e420567e49dd7ee2aae7 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54187 – f2fs: fix potential corruption when moving a directory
https://notcve.org/view.php?id=CVE-2023-54187
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential corruption when moving a directory F2FS has the same issue in ext4_rename causing crash revealed by xfstests/generic/707. See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory") • https://git.kernel.org/stable/c/622f28ae9ba4fa89b4ff0f4a6cf75d153ea838ce •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54185 – btrfs: remove BUG_ON()'s in add_new_free_space()
https://notcve.org/view.php?id=CVE-2023-54185
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG_ON()'s in add_new_free_space() At add_new_free_space() we have these BUG_ON()'s that are there to deal with any failure to add free space to the in memory free space cache. Such failures are mostly -ENOMEM that should be very rare. However there's no need to have these BUG_ON()'s, we can just return any error to the caller and all callers and their upper call chain are already dealing with errors. So just make add_new_free... • https://git.kernel.org/stable/c/0f9dd46cda36b8de3b9f48bc42bd09d20b9c3b52 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54184 – scsi: target: iscsit: Free cmds before session free
https://notcve.org/view.php?id=CVE-2023-54184
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for SID: 1, cleaning up iSCSI session. BUG: kernel NULL pointer dereference, address: 0000000000000140 RIP: 0010:sbitmap_queue_clear+0x3a/0xa0 Call Trace: target_release_cmd_kref+0xd1/0x1f0 [target_core_mod] transport_ge... • https://git.kernel.org/stable/c/988e3a85463d9b6dabc681df3f8f131b23c19953 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54180 – btrfs: handle case when repair happens with dev-replace
https://notcve.org/view.php?id=CVE-2023-54180
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace [BUG] There is a bug report that a BUG_ON() in btrfs_repair_io_failure() (originally repair_io_failure() in v6.0 kernel) got triggered when replacing a unreliable disk: BTRFS warning (device sda1): csum failed root 257 ino 2397453 off 39624704 csum 0xb0d18c75 expected csum 0x4dae9c5e mirror 3 kernel BUG at fs/btrfs/extent_io.c:2380! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PI... • https://git.kernel.org/stable/c/ad6d620e2a5704f6bf3a39c92a75aad962c51cb3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54179 – scsi: qla2xxx: Array index may go out of bound
https://notcve.org/view.php?id=CVE-2023-54179
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54177 – quota: fix warning in dqgrab()
https://notcve.org/view.php?id=CVE-2023-54177
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab() There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541 RIP: 0010:dquot_disable+0x13b7/0x18c0 RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980 RDX: 000000000... • https://git.kernel.org/stable/c/9f985cb6c45bc3f8b7e161c9658d409d051d576f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54168 – RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
https://notcve.org/view.php?id=CVE-2023-54168
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()"). • https://git.kernel.org/stable/c/839041329fd3410e07d614f81e75bb43367d8f89 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50823 – clk: tegra: Fix refcount leak in tegra114_clock_init
https://notcve.org/view.php?id=CVE-2022-50823
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/2cb5efefd6f7d3e7df9a7430b910a80515821256 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50821 – SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
https://notcve.org/view.php?id=CVE-2022-50821
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails • https://git.kernel.org/stable/c/030d794bf49855f5e2a9e8dfbfad34211d1eb08b •