457363 matches found
CVE-2026-53058
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomicenable In case if we get errors in cdnsmhdplinkup or cdnsmhdpregread in atomicenable, we will go to cdnsmhdpmodesetretryfn and will hit NULL pointer...
EUVD-2026-38916
In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...
CVE-2026-53048
The CVE concerns the Linux kernel gfs2 subsystem. During unmount, gfs2_log_flush() could dereference sdp->sd_jdesc when it had already been deallocated, leading to a NULL pointer dereference. A prior commit (35264909e9d1) added a NULL check in gfs2_log_flush(), but the dereference in gfs2_log_...
CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount
In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...
CVE-2026-53048
In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...
CVE-2026-53047 efi/capsule-loader: fix incorrect sizeof in phys array reallocation
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
EUVD-2026-38915
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
CVE-2026-53047
CVE-2026-53047 affects the Linux kernel’s efi/capsule-loader. The vulnerability arises from a mis-sized allocation in __efi_capsule_setup_info(): the krealloc() for cap_info->phys uses sizeof(phys_addr_t *) instead of sizeof(phys_addr_t). This can produce an undersized allocation, inconsistent...
CVE-2026-53047
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
EUVD-2026-38909
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...
CVE-2026-53041
CVE-2026-53041 concerns OCFS2 in the Linux kernel. When an OCFS2 inode has both inline and block-based xattrs, listxattr() could report a size larger than the caller’s buffer if inline names consumed the buffer exactly, triggering a kernel bug/DoS. The root cause was a refactor that used size == ...
CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...
CVE-2026-53041
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...
CVE-2026-53032
CVE-2026-53032 affects the Linux kernel BPF subsystem, specifically map_kptr_match_type used with scalar registers. The root cause was a NULL dereference when checking reg->btf in a path taken before verifying base_type(), leading to dereferencing a NULL btf pointer for kptr slots. The fix mov...
CVE-2026-53032 bpf: Fix NULL deref in map_kptr_match_type for scalar regs
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...
CVE-2026-53032
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...
CVE-2026-53018 f2fs: avoid reading already updated pages during GC
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...
CVE-2026-53018
CVE-2026-53018 concerns the Linux kernel F2FS filesystem and memory management during garbage collection. The issue arises when a page that has already been written and marked uptodate is subsequently moved between block addresses during GC, leading to a VM_BUG_ON_FOLIO condition triggered by the...
CVE-2026-53018
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...
CVE-2026-53013 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...