linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54252 | — | >= 5.15.106, < 5.15.107 | 5.15.107 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmi_setting was not freed. This commit also renames it | ||
| CVE-2023-54251 | — | >= 5.3.0, < 5.15.126 | 5.15.126 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. syzkaller found zero division error [0] in div_s64_rem() called from get_cycle_time_elapsed(), where sched->cycle_time is the divisor. We h | ||
| CVE-2023-54250 | — | >= 5.15.0, < 5.15.145 | 5.15.145 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight | ||
| CVE-2023-54249 | — | >= 5.19.0, < 6.1.16 | 6.1.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result | ||
| CVE-2023-54248 | — | >= 5.15.0, < 5.15.111 | 5.15.111 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add check for kmemdup Since the kmemdup may return NULL pointer, it should be better to add check for the return value in order to avoid NULL pointer dereference. | ||
| CVE-2023-54247 | — | >= 5.16.0, < 6.1.110 | 6.1.110 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btf_type_id_size() syzbot reported a warning in [1] with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:19 | ||
| CVE-2023-54246 | — | >= 4.7.0, < 5.10.197 | 5.10.197 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() The rcuscale.holdoff module parameter can be used to delay the start of rcu_scale_writer() kthread. However, the hung-task timeou | ||
| CVE-2023-54245 | — | >= 5.12.0, < 5.15.106 | 5.15.106 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller we get below Out of Bound. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue: | ||
| CVE-2023-54244 | — | >= 2.6.33, < 4.14.316 | 4.14.316 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callbac | ||
| CVE-2023-54243 | — | >= 3.15.0, < 5.10.173 | 5.10.173 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix table blob use-after-free We are not allowed to return an error at this point. Looking at the code it looks like ret is always 0 at this point, but its not. t = find_table_lock(net, re | ||
| CVE-2023-54242 | — | >= 5.17.0, < 6.1.30 | 6.1.30 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by zero error. Fix this by continuing to the next level. This was discovered by runn | ||
| CVE-2023-54241 | — | >= 5.13.0, < 5.15.121 | 5.15.121 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 ("MIPS: Remove KVM_TE support") we get a NULL pointer dereference when creating a KVM guest: [ 146.243409] Starting KVM with MIPS | ||
| CVE-2023-54240 | — | >= 4.9.0, < 4.14.326 | 4.14.326 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt need | ||
| CVE-2023-54239 | — | >= 6.2.0, < 6.2.11 | 6.2.11 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARN_ONs, particularly from pin_user_pages weirdly returning 0 due to invalid arguments. P | ||
| CVE-2023-54238 | — | >= 6.0.0, < 6.1.18 | 6.1.18 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call to napi_consume_skb to pro | ||
| CVE-2023-54237 | — | >= 5.8.0, < 6.1.16 | 6.1.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" #0 [ffff9 | ||
| CVE-2023-54236 | — | >= 4.18.0, < 5.4.240 | 5.4.240 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned fr | ||
| CVE-2023-54235 | — | < 6.1.53 | 6.1.53 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroy_work_on_stack() race The following debug object splat was observed in testing: ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachi | ||
| CVE-2023-54234 | — | >= 5.17.0, < 6.1.16 | 6.1.16 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements w | ||
| CVE-2023-54233 | — | >= 6.0.0, < 6.2.11 | 6.2.11 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .module_info field won't be set, then sof_ipc4_route_setup() will cause a kernel Oops trying |
- CVE-2023-54252Dec 30, 2025affected >= 5.15.106, < 5.15.107fixed 5.15.107
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmi_setting was not freed. This commit also renames it
- CVE-2023-54251Dec 30, 2025affected >= 5.3.0, < 5.15.126fixed 5.15.126
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. syzkaller found zero division error [0] in div_s64_rem() called from get_cycle_time_elapsed(), where sched->cycle_time is the divisor. We h
- CVE-2023-54250Dec 30, 2025affected >= 5.15.0, < 5.15.145fixed 5.15.145
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight
- CVE-2023-54249Dec 30, 2025affected >= 5.19.0, < 6.1.16fixed 6.1.16
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result
- CVE-2023-54248Dec 30, 2025affected >= 5.15.0, < 5.15.111fixed 5.15.111
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add check for kmemdup Since the kmemdup may return NULL pointer, it should be better to add check for the return value in order to avoid NULL pointer dereference.
- CVE-2023-54247Dec 30, 2025affected >= 5.16.0, < 6.1.110fixed 6.1.110
In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btf_type_id_size() syzbot reported a warning in [1] with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:19
- CVE-2023-54246Dec 30, 2025affected >= 4.7.0, < 5.10.197fixed 5.10.197
In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() The rcuscale.holdoff module parameter can be used to delay the start of rcu_scale_writer() kthread. However, the hung-task timeou
- CVE-2023-54245Dec 30, 2025affected >= 5.12.0, < 5.15.106fixed 5.15.106
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller we get below Out of Bound. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue:
- CVE-2023-54244Dec 30, 2025affected >= 2.6.33, < 4.14.316fixed 4.14.316
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callbac
- CVE-2023-54243Dec 30, 2025affected >= 3.15.0, < 5.10.173fixed 5.10.173
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix table blob use-after-free We are not allowed to return an error at this point. Looking at the code it looks like ret is always 0 at this point, but its not. t = find_table_lock(net, re
- CVE-2023-54242Dec 30, 2025affected >= 5.17.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by zero error. Fix this by continuing to the next level. This was discovered by runn
- CVE-2023-54241Dec 30, 2025affected >= 5.13.0, < 5.15.121fixed 5.15.121
In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 ("MIPS: Remove KVM_TE support") we get a NULL pointer dereference when creating a KVM guest: [ 146.243409] Starting KVM with MIPS
- CVE-2023-54240Dec 30, 2025affected >= 4.9.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt need
- CVE-2023-54239Dec 30, 2025affected >= 6.2.0, < 6.2.11fixed 6.2.11
In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARN_ONs, particularly from pin_user_pages weirdly returning 0 due to invalid arguments. P
- CVE-2023-54238Dec 30, 2025affected >= 6.0.0, < 6.1.18fixed 6.1.18
In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call to napi_consume_skb to pro
- CVE-2023-54237Dec 30, 2025affected >= 5.8.0, < 6.1.16fixed 6.1.16
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" #0 [ffff9
- CVE-2023-54236Dec 30, 2025affected >= 4.18.0, < 5.4.240fixed 5.4.240
In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned fr
- CVE-2023-54235Dec 30, 2025affected < 6.1.53fixed 6.1.53
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroy_work_on_stack() race The following debug object splat was observed in testing: ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachi
- CVE-2023-54234Dec 30, 2025affected >= 5.17.0, < 6.1.16fixed 6.1.16
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements w
- CVE-2023-54233Dec 30, 2025affected >= 6.0.0, < 6.2.11fixed 6.2.11
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .module_info field won't be set, then sof_ipc4_route_setup() will cause a kernel Oops trying
Page 25 of 88