51406 matches found
EUVD-2026-38955
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...
CVE-2026-53071
CVE-2026-53071 concerns the Linux kernel Bluetooth L2CAP implementation. The flaw arises when l2cap_ecred_reconf_rsp() deletes a channel without holding l2cap_chan_lock(), unlike other callers which acquire the lock first. This can allow a remote BLE device to corrupt the channel list while anoth...
CVE-2026-53071 Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...
EUVD-2026-38933
In the Linux kernel, the following vulnerability has been resolved: ASoC: sti: use managed regmapfield allocations The regmapfield objects allocated at player init are never freed and may leak resources if the driver is removed. Switch to devmregmapfieldalloc to automatically limit the lifetime o...
CVE-2026-53062
The CVE-2026-53062 entry describes a Linux kernel flaw in the dm-cache policy smq in passthrough mode where invalidate_mapping is invoked concurrently by multiple workers without proper locking. This race can cause data races on the allocated blocks counter and potential use-after-free issues in ...
EUVD-2026-38931
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...
EUVD-2026-38930
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
EUVD-2026-38929
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...
CVE-2026-53059 dm log: fix out-of-bounds write due to region_count overflow
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
EUVD-2026-38927
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53059
CVE-2026-53059 affects the Linux kernel device-mapper log (dm_log) component. The root cause is an integer overflow: region_count is 32-bit, while dm_sector_div_up() returns 64-bit, so a large ti->len with a small region_size can overflow UINT_MAX. This truncation leads to undersized bitsets a...
EUVD-2026-38925
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...
EUVD-2026-38921
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...
CVE-2026-53053 iommu/amd: Fix clone_alias() to use the original device's devid
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...
CVE-2026-53053
The CVE-2026-53053 issue lies in the Linux kernel’s iommu/amd driver where clone_alias() incorrectly uses the wrong device ID (devid) for alias devices, risking propagation of wrong or stale Device Table Entries (DTEs). The fix passes the original pdev as opaque data to both clone_alias() and pci...
EUVD-2026-38910
In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...
CVE-2026-53042
In CVE-2026-53042, the Linux kernel vulnerability stems from an initialization order: CXL is linked before fwctl in drivers/Makefile, causing fwctl_register to run before fwctl_init, so fwctl_class isn’t registered when device_add is called. This makes class_to_subsys() return NULL, skipping knod...
CVE-2026-53025 greybus: raw: fix use-after-free on cdev close
In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...
CVE-2026-53025
Summary of CVE-2026-53025 : The Linux kernel’s Greybus raw subsystem is affected by a use-after-free when a raw bundle is disconnected while its chardev remains open, leading to a kernel panic and potential DoS. The issue occurs because the cdev can be released after freeing memory, creating an i...
CVE-2026-53014
CVE-2026-53014 : In the Linux kernel, the net/sched component (act_mirred) had a bug in tcf_blockcast_redir where the mac_header_xmit flag was checked on the wrong device during redirection across multiple devices. The loop sends to dev_prev but queries dev_is_mac_header_xmit(dev), which checks t...