2825 matches found
CVE-2026-23184 binder: fix UAF in binder_netlink_report()
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...
CVE-2026-23175
The CVE-2026-23175 issue concerns the Linux kernel networking CPSW driver. A change that removed the RTNL lock for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP triggered a problematic call trace in vlan_for_each() when cpsw_ndo_set_rx_mode() expected the RTNL lock, risking warnings and instability on...
EUVD-2026-5863
In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...
CVE-2026-23175 net: cpsw: Execute ndo_set_rx_mode callback in a work queue
In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...
CVE-2026-23169
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...
CVE-2026-23169
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...
PT-2026-8211
In the Linux kernel, the following vulnerability has been resolved: net: cpsw new: Execute ndo set rx mode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP." removed the RTNL lock for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP...
PT-2026-8192
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in binder netlink report Oneway transactions sent to frozen targets via binder proc transaction return a BR TRANSACTION PENDING FROZEN error but they are still treated as successful since the target is expected to...
PT-2026-8194
In the Linux kernel, the following vulnerability has been resolved: hwmon: acpi power meter Fix deadlocks related to acpi power meter notify The acpi power meter driver's .notify callback function, acpi power meter notify, calls hwmon device unregister under a lock that is also acquired by...
PT-2026-8183
In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo set rx mode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP." removed the RTNL lock for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP...
Linux Distros Unpatched Vulnerability : CVE-2026-23184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via...
CVE-2026-23099
In the Linux kernel, the following vulnerability has been resolved: bonding: limit BONDMODE8023AD to Ethernet devices BONDMODE8023AD makes sense for ARPHRDETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in hwaddrcreate net/core/devaddrlists.c:63 inline BUG: KASAN: global-out-of-boun...
kernel: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCAMQPRIOTCENTRYINDEX is validated using NLAPOLICYMAXNLAU32, TCQOPTMAXQUEUE, which allows the value TCQOPTMAXQUEUE 16. This leads to a 4-byte out-of-bounds stac...
CLSA-2026-1769610819 kernel: Fix of 39 CVEs
Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...
SUSE CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...
CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...
CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...
UBUNTU-CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...
CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...
CVE-2025-71157 RDMA/core: always drop device refcount in ib_del_sub_device_and_put()
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...