CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2023-54243 – netfilter: ebtables: fix table blob use-after-free
https://notcve.org/view.php?id=CVE-2023-54243
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix table blob use-after-free We are not allowed to return an error at this point. Looking at the code it looks like ret is always 0 at this point, but its not. t = find_table_lock(net, repl->name, &ret, &ebt_mutex); ... this can return a valid table, with ret != 0. This bug causes update of table->private with the new blob, but then frees the blob right away in the caller. Syzbot report: BUG: KASAN: vmalloc-out-of-boun... • https://git.kernel.org/stable/c/c58dd2dd443c26d856a168db108a0cd11c285bf3 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54242 – block, bfq: Fix division by zero error on zero wsum
https://notcve.org/view.php?id=CVE-2023-54242
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by zero error. Fix this by continuing to the next level. This was discovered by running as root: stress-ng --ioprio 0 Fixes divison by error oops: [ 521.450556] divide error: 0000 [#1] SMP NOPTI [ 521.450766] CPU: 2 PID: 2684464 Comm: stress-ng-iopri Not tainted 6.2.1-1280.native #1 [ 521.451117] Hardware name: QEMU S... • https://git.kernel.org/stable/c/76f1df88bbc2f984eb0418cc90de0a8384e63604 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54241 – MIPS: KVM: Fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-54241
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 ("MIPS: Remove KVM_TE support") we get a NULL pointer dereference when creating a KVM guest: [ 146.243409] Starting KVM with MIPS VZ extensions [ 149.849151] CPU 3 Unable to handle kernel paging request at virtual address 0000000000000300, epc == ffffffffc06356ec, ra == ffffffffc063568c [ 149.849177] Oops[#1]: [ 149.849182] CPU: 3 PID: 2265 Comm: qemu-system-mip N... • https://git.kernel.org/stable/c/45c7e8af4a5e3f0bea4ac209eea34118dd57ac64 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54240 – net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
https://notcve.org/view.php?id=CVE-2023-54240
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rule_locs to avoid NULL pointer dereference. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54239 – iommufd: Check for uptr overflow
https://notcve.org/view.php?id=CVE-2023-54239
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARN_ONs, particularly from pin_user_pages weirdly returning 0 due to invalid arguments. Prevent creating a pages with a uptr and size that would math overflow. WARNING: CPU: 0 PID: 518 at drivers/iommu/iommufd/pages.c:793 pfn_reader_user_pin+0x2e6/0x390 Modules linked in: CPU: 0 PID: 518 Comm: repro Not tainted 6.3.0-rc2-e... • https://git.kernel.org/stable/c/8d160cd4d5066f864ec0f2c981470e55ac03ac27 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54238 – mlx5: fix skb leak while fifo resync and push
https://notcve.org/view.php?id=CVE-2023-54238
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call to napi_consume_skb to properly free SKBs. Another leak was happening because mlx5e_skb_fifo_has_room() had an error in the check. Comparing free running counters works well unless C promotes the types to something wider than the counter. In this case counters... • https://git.kernel.org/stable/c/58a518948f60153e8f6cb8361d2712aa3a1af94a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54237 – net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
https://notcve.org/view.php?id=CVE-2023-54237
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" #0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7 #1 [ffff9456c1cc79f0] __crash_kexec at ffffffff871b4c7a #2 [ffff9456c1cc7ab0] crash_kexec at ffffffff871b5b60 #3 [ffff9456c1cc7ac0] oops_end at ffffffff87026ce7 #4 [ffff9456c1cc7ae0] page_fault_... • https://git.kernel.org/stable/c/2d2209f2018943d4152a21eff5b76f1952e0b435 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54236 – net/net_failover: fix txq exceeding warning
https://notcve.org/view.php?id=CVE-2023-54236
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary device if the primary device is UP and running. If the primary device txq is bigger than the default 16, it can lead to the following warning: eth0 selects TX queue 18, but real number of TX queues is 16 The warning bac... • https://git.kernel.org/stable/c/cfc80d9a11635404a40199a1c9471c96890f3f74 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54235 – PCI/DOE: Fix destroy_work_on_stack() race
https://notcve.org/view.php?id=CVE-2023-54235
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroy_work_on_stack() race The following debug object splat was observed in testing: ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachine_work+0x0/0x510 WARNING: CPU: 1 PID: 71 at lib/debugobjects.c:514 debug_print_object+0x7d/0xb0 ... Workqueue: pci 0000:36:00.0 DOE [1 doe_statemachine_work RIP: 0010:debug_print_object+0x7d/0xb0 ... Call Trace: ? debug_print_object+0x7... • https://git.kernel.org/stable/c/2a0e0f4773fe8032fb17e56f897bee32ce3cdc2b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54234 – scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
https://notcve.org/view.php?id=CVE-2023-54234
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong ... • https://git.kernel.org/stable/c/c1af985d27da2d530c22604644e9025810f57d7c •