CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68750 – usb: potential integer overflow in usbg_make_tpg()
https://notcve.org/view.php?id=CVE-2025-68750
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and a... • https://git.kernel.org/stable/c/0861b9cb2ff519b7c5a3b1dd52a343e18c4efb24 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54160 – firmware: arm_sdei: Fix sleep from invalid context BUG
https://notcve.org/view.php?id=CVE-2023-54160
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0 preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by cpuhp/0/24: #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuh... • https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-54158 – btrfs: don't free qgroup space unless specified
https://notcve.org/view.php?id=CVE-2023-54158
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect of that change. In the delayed inode code we have an optimization that will free extra reservations if we think we can pack a dir item into an already modified leaf. Previously this wouldn't be triggered in the subvo... • https://git.kernel.org/stable/c/1e05bf5e80bb1161b7294c9ce5292b26232ab853 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54151 – f2fs: Fix system crash due to lack of free space in LFS
https://notcve.org/view.php?id=CVE-2023-54151
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data migration exceeds free space. The reproduction sequence is as follows. - 20GiB capacity block device (null_blk) - format and mount with LFS mode - create a file and write 20,000MiB - 4k random write on full range of... • https://git.kernel.org/stable/c/f4631d295ae3fff9e240ab78dc17f4b83d14f7bc •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54150 – drm/amd: Fix an out of bounds error in BIOS parser
https://notcve.org/view.php?id=CVE-2023-54150
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589 ("drm/amd/display: fix array index out of bound error in bios parser") fixed some of this, but there are two other cases not covered by it. Fix those as well. In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/b8e7589f50b709b647b642531599e70707faf70c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54145 – bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
https://notcve.org/view.php?id=CVE-2023-54145
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two pieces of user-provided information that can be output through this buffer, and both can be arbitrarily sized by user: - BTF names; - BTF.ext source code lines strings. Verifier log buffer should be properly sized f... • https://git.kernel.org/stable/c/40c88c429a598006f91ad7a2b89856cd50b3a008 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54140 – nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
https://notcve.org/view.php?id=CVE-2023-54140
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can panic if the kernel is booted with panic_on_warn. This is because nilfs2 keeps buffer pointers in local structures for some metadata and reuses them, but such buffers may be fo... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54134 – autofs: fix memory leak of waitqueues in autofs_catatonic_mode
https://notcve.org/view.php?id=CVE-2023-54134
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 4294964921 (age 23.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 9e 27 0b 81 88 ff ff ..........'..... 08 9e 27 0b 81 88 ff ff 00 00 00 00 00 00 00 00 ..'............. backtrace: [
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54127 – fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
https://notcve.org/view.php?id=CVE-2023-54127
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800 Free of addr ffff888086408000 by task syz-executor.4/12750 [...] Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54125 – fs/ntfs3: Return error for inconsistent extended attributes
https://notcve.org/view.php?id=CVE-2023-54125
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfs_read_ea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code for the inconsistent attributes, which might lead to unpredicted memory accesses after return. [ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0 [ 138.923876] Write of size 4 at addr ffff88800205... • https://git.kernel.org/stable/c/1474098b590a426d90f27bb992f17c326e0b60c1 •