linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54273 | — | >= 6.2.0, < 6.3.4 | 6.3.4 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call. | ||
| CVE-2023-54272 | — | >= 5.15.0, < 5.15.113 | 5.15.113 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in t | ||
| CVE-2023-54271 | — | >= 5.4.0, < 6.4.16 | 6.4.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: | ||
| CVE-2023-54270 | — | >= 4.6.0, < 4.14.308 | 4.14.308 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thr | ||
| CVE-2023-54269 | — | < 5.15.113 | 5.15.113 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprt_ctxt while still in use When an RPC request is deferred, the rq_xprt_ctxt pointer is moved out of the svc_rqst into the svc_deferred_req. When the deferred request is revisited, the poi | ||
| CVE-2023-54268 | — | >= 2.6.26, < 5.4.244 | 5.4.244 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation from debugobjects is using GFP_ATOMIC, which is (__GFP_HIGH | __GFP_KSWAPD_RECLAIM | ||
| CVE-2023-54267 | — | >= 3.12.0, < 5.10.195 | 5.10.195 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads t | ||
| CVE-2023-54266 | — | < 4.14.326 | 4.14.326 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920x_read | ||
| CVE-2023-54265 | — | >= 2.6.24, < 4.14.313 | 4.14.313 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in __ip6_make_skb() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in arch_atomic64_inc arch/x86/incl | ||
| CVE-2023-54264 | — | >= 2.6.19, < 4.14.322 | 4.14.322 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug. | ||
| CVE-2023-54263 | — | >= 5.10.0, < 6.4.7 | 6.4.7 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP Fixes OOPS on boards with ANX9805 DP encoders. | ||
| CVE-2023-54262 | — | >= 5.18.0, < 6.1.28 | 6.1.28 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5e_clone_flow_attr_for_post_act(). Creating another copy in mlx5e_tc_post_act_add() is a erron | ||
| CVE-2023-54261 | — | >= 6.5.0, < 6.5.4 | 6.5.4 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add missing gfx11 MQD manager callbacks mqd_stride function was introduced in commit 2f77b9a242a2 ("drm/amdkfd: Update MQD management on multi XCC setup") but not assigned for gfx11. Fixes a NULL de | ||
| CVE-2023-54260 | — | >= 4.16.0, < 4.19.276 | 4.19.276 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbd_destroy() will directly return, then the connection info will be leake | ||
| CVE-2023-54259 | — | >= 5.19.0, < 6.1.30 | 6.1.30 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow This reverts commit 443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()") Change calls to pm_runtime_resume_and_get() ba | ||
| CVE-2023-54258 | — | >= 5.15.121, < 5.15.128 | 5.15.128 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifs_oplock_break With deferred close we can have closes that race with lease breaks, and so with the current checks for whether to send the lease response, oplock_response(), this c | ||
| CVE-2023-54257 | — | >= 4.13.0, < 4.14.313 | 4.14.313 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: macb: fix a memory corruption in extended buffer descriptor mode For quite some time we were chasing a bug which looked like a sudden permanent failure of networking and mmc on some of our devices. The bug | ||
| CVE-2023-54255 | — | >= 3.5.0, < 4.14.322 | 4.14.322 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed between up to two DMAC modul | ||
| CVE-2023-54254 | — | >= 5.15.0, < 5.15.124 | 5.15.124 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on eviction error On eviction errors other than -EMULTIHOP we were leaking a resource. Fix. v2: - Avoid yet another goto (Andi Shyti) | ||
| CVE-2023-54253 | — | >= 5.12.0, < 6.1.54 | 6.1.54 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: set page extent mapped after read_folio in relocate_one_page One of the CI runs triggered the following panic assertion failed: PagePrivate(page) && page->private, in fs/btrfs/subpage.c:229 -------- |
- CVE-2023-54273Dec 30, 2025affected >= 6.2.0, < 6.3.4fixed 6.3.4
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call.
- CVE-2023-54272Dec 30, 2025affected >= 5.15.0, < 5.15.113fixed 5.15.113
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in t
- CVE-2023-54271Dec 30, 2025affected >= 5.4.0, < 6.4.16fixed 6.4.16
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP:
- CVE-2023-54270Dec 30, 2025affected >= 4.6.0, < 4.14.308fixed 4.14.308
In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thr
- CVE-2023-54269Dec 30, 2025affected < 5.15.113fixed 5.15.113
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprt_ctxt while still in use When an RPC request is deferred, the rq_xprt_ctxt pointer is moved out of the svc_rqst into the svc_deferred_req. When the deferred request is revisited, the poi
- CVE-2023-54268Dec 30, 2025affected >= 2.6.26, < 5.4.244fixed 5.4.244
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation from debugobjects is using GFP_ATOMIC, which is (__GFP_HIGH | __GFP_KSWAPD_RECLAIM
- CVE-2023-54267Dec 30, 2025affected >= 3.12.0, < 5.10.195fixed 5.10.195
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads t
- CVE-2023-54266Dec 30, 2025affected < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920x_read
- CVE-2023-54265Dec 30, 2025affected >= 2.6.24, < 4.14.313fixed 4.14.313
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in __ip6_make_skb() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in arch_atomic64_inc arch/x86/incl
- CVE-2023-54264Dec 30, 2025affected >= 2.6.19, < 4.14.322fixed 4.14.322
In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug.
- CVE-2023-54263Dec 30, 2025affected >= 5.10.0, < 6.4.7fixed 6.4.7
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP Fixes OOPS on boards with ANX9805 DP encoders.
- CVE-2023-54262Dec 30, 2025affected >= 5.18.0, < 6.1.28fixed 6.1.28
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5e_clone_flow_attr_for_post_act(). Creating another copy in mlx5e_tc_post_act_add() is a erron
- CVE-2023-54261Dec 30, 2025affected >= 6.5.0, < 6.5.4fixed 6.5.4
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add missing gfx11 MQD manager callbacks mqd_stride function was introduced in commit 2f77b9a242a2 ("drm/amdkfd: Update MQD management on multi XCC setup") but not assigned for gfx11. Fixes a NULL de
- CVE-2023-54260Dec 30, 2025affected >= 4.16.0, < 4.19.276fixed 4.19.276
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbd_destroy() will directly return, then the connection info will be leake
- CVE-2023-54259Dec 30, 2025affected >= 5.19.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow This reverts commit 443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()") Change calls to pm_runtime_resume_and_get() ba
- CVE-2023-54258Dec 30, 2025affected >= 5.15.121, < 5.15.128fixed 5.15.128
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifs_oplock_break With deferred close we can have closes that race with lease breaks, and so with the current checks for whether to send the lease response, oplock_response(), this c
- CVE-2023-54257Dec 30, 2025affected >= 4.13.0, < 4.14.313fixed 4.14.313
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix a memory corruption in extended buffer descriptor mode For quite some time we were chasing a bug which looked like a sudden permanent failure of networking and mmc on some of our devices. The bug
- CVE-2023-54255Dec 30, 2025affected >= 3.5.0, < 4.14.322fixed 4.14.322
In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed between up to two DMAC modul
- CVE-2023-54254Dec 30, 2025affected >= 5.15.0, < 5.15.124fixed 5.15.124
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on eviction error On eviction errors other than -EMULTIHOP we were leaking a resource. Fix. v2: - Avoid yet another goto (Andi Shyti)
- CVE-2023-54253Dec 30, 2025affected >= 5.12.0, < 6.1.54fixed 6.1.54
In the Linux kernel, the following vulnerability has been resolved: btrfs: set page extent mapped after read_folio in relocate_one_page One of the CI runs triggered the following panic assertion failed: PagePrivate(page) && page->private, in fs/btrfs/subpage.c:229 --------
Page 24 of 88