linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-54146 | — | < 5.15.87 | 5.15.87 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"), freeing image->elf_headers in the error path of crash_load_segments() is not needed be | ||
| CVE-2023-54145 | — | >= 4.15.0, < 6.1.107 | 6.1.107 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and ther | ||
| CVE-2023-54144 | — | >= 6.0.0, < 6.0.19 | 6.0.19 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kernel warning during topology setup This patch fixes the following kernel warning seen during driver load by correctly initializing the p2plink attr before creating the sysfs file: [ +0.00286 | ||
| CVE-2023-54143 | — | >= 5.18.0, < 6.1.53 | 6.1.53 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside t | ||
| CVE-2023-54142 | — | < 4.14.322 | 4.14.322 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix su | ||
| CVE-2023-54141 | — | >= 6.3.0, < 6.3.13 | 6.3.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018 During sending data after clients connected, hw_ops->get_ring_selector() will be called. But for IPQ5018, this member isn't set, and the followi | ||
| CVE-2023-54140 | — | >= 3.10.0, < 4.14.326 | 4.14.326 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_ | ||
| CVE-2023-54139 | — | >= 5.18.0, < 6.1.28 | 6.1.28 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the | ||
| CVE-2023-54138 | — | >= 5.15.0, < 5.15.112 | 5.15.112 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Pat | ||
| CVE-2023-54137 | — | >= 5.8.0, < 5.10.195 | 5.10.195 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_migration on the stack is exposed to userspace. The definition of struct v | ||
| CVE-2023-54136 | — | >= 5.2.0, < 5.4.257 | 5.4.257 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. | ||
| CVE-2023-54135 | — | >= 6.1.0, < 6.1.37 | 6.1.37 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot | ||
| CVE-2023-54134 | — | >= 2.6.27, < 4.14.326 | 4.14.326 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 42 | ||
| CVE-2023-54133 | — | >= 6.2.0, < 6.4.5 | 6.4.5 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc | ||
| CVE-2023-54132 | — | >= 4.19.0, < 5.4.243 | 5.4.243 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which | ||
| CVE-2023-54131 | — | >= 5.11.0, < 5.15.111 | 5.15.111 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0 | ||
| CVE-2023-54130 | — | >= 5.16.0, < 6.0.19 | 6.0.19 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it tur | ||
| CVE-2023-54129 | — | >= 4.20.0, < 6.1.32 | 6.1.32 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac | ||
| CVE-2023-54128 | — | >= 5.12.0, < 5.15.107 | 5.15.107 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a | ||
| CVE-2023-54127 | — | >= 2.6.12, < 4.14.326 | 4.14.326 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_f |
- CVE-2023-54146Dec 24, 2025affected < 5.15.87fixed 5.15.87
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"), freeing image->elf_headers in the error path of crash_load_segments() is not needed be
- CVE-2023-54145Dec 24, 2025affected >= 4.15.0, < 6.1.107fixed 6.1.107
In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and ther
- CVE-2023-54144Dec 24, 2025affected >= 6.0.0, < 6.0.19fixed 6.0.19
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kernel warning during topology setup This patch fixes the following kernel warning seen during driver load by correctly initializing the p2plink attr before creating the sysfs file: [ +0.00286
- CVE-2023-54143Dec 24, 2025affected >= 5.18.0, < 6.1.53fixed 6.1.53
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside t
- CVE-2023-54142Dec 24, 2025affected < 4.14.322fixed 4.14.322
In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix su
- CVE-2023-54141Dec 24, 2025affected >= 6.3.0, < 6.3.13fixed 6.3.13
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018 During sending data after clients connected, hw_ops->get_ring_selector() will be called. But for IPQ5018, this member isn't set, and the followi
- CVE-2023-54140Dec 24, 2025affected >= 3.10.0, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_
- CVE-2023-54139Dec 24, 2025affected >= 5.18.0, < 6.1.28fixed 6.1.28
In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the
- CVE-2023-54138Dec 24, 2025affected >= 5.15.0, < 5.15.112fixed 5.15.112
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Pat
- CVE-2023-54137Dec 24, 2025affected >= 5.8.0, < 5.10.195fixed 5.10.195
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_migration on the stack is exposed to userspace. The definition of struct v
- CVE-2023-54136Dec 24, 2025affected >= 5.2.0, < 5.4.257fixed 5.4.257
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak.
- CVE-2023-54135Dec 24, 2025affected >= 6.1.0, < 6.1.37fixed 6.1.37
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot
- CVE-2023-54134Dec 24, 2025affected >= 2.6.27, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: autofs: fix memory leak of waitqueues in autofs_catatonic_mode Syzkaller reports a memory leak: BUG: memory leak unreferenced object 0xffff88810b279e00 (size 96): comm "syz-executor399", pid 3631, jiffies 42
- CVE-2023-54133Dec 24, 2025affected >= 6.2.0, < 6.4.5fixed 6.4.5
In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc
- CVE-2023-54132Dec 24, 2025affected >= 4.19.0, < 5.4.243fixed 5.4.243
In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which
- CVE-2023-54131Dec 24, 2025affected >= 5.11.0, < 5.15.111fixed 5.15.111
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0
- CVE-2023-54130Dec 24, 2025affected >= 5.16.0, < 6.0.19fixed 6.0.19
In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it tur
- CVE-2023-54129Dec 24, 2025affected >= 4.20.0, < 6.1.32fixed 6.1.32
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac
- CVE-2023-54128Dec 24, 2025affected >= 5.12.0, < 5.15.107fixed 5.15.107
In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a
- CVE-2023-54127Dec 24, 2025affected >= 2.6.12, < 4.14.326fixed 4.14.326
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_f
Page 35 of 88