47 matches found
CVE-2026-53120
In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...
EUVD-2026-38988
In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...
CVE-2026-53120
The CVE-2026-53120 entry concerns the Linux kernel PCI subsystem. A vulnerability arises when a driver is probed via __driver_attach(): the bus match() callback can access the driver_override field without the device lock, creating a use-after-free risk. The fix uses the driver-core driver_overri...
CVE-2026-53118
In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause...
CVE-2026-53118
In the Linux kernel CVE-2026-53118, the issue is in the vdpa path where, during __driver_attach(), the bus' match() is invoked without holding the device lock, exposing the driver_override field to a use-after-free. The root cause is missing synchronization when accessing driver_override during p...
CVE-2026-53115
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which ca...
EUVD-2026-38983
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which ca...
PT-2026-52013
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the platform/wmi component. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device loc...
PT-2026-52014
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the PCI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...
PT-2026-52012
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the vdpa component. When a driver is probed through the driver attach function, the bus match callback is executed without holding the device lock...
PT-2026-52009
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the fsl-mc bus. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This lead...
PT-2026-52011
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the s390/cio component. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock...
OESA-2026-2415 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the devi...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed a potential deadlock in driverattach. In the driverattach function, there is also an AA deadlock issue, similar to the commit b232b02bf3c2 "Driver Core: Fix Deadlock in deviceattach". The stack trace is as...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Driver: Base – Fixed UAF when driverattach fails When driverattachdrv fails, the driverprivate variable is freed. However, it was added to the bus, which caused a UAF Use-after-Free error. To fix this issue, we need to remove it...
CVE-2026-31688
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-31688
...
PT-2026-35494
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A race condition exists in the driver core due to inconsistent locking in the driver match device function. While one call site holds the device lockdev, others such as bind store and...
SUSE CVE-2026-31527
In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock...
CVE-2026-31487
A flaw was found in the Linux kernel, specifically within its Serial Peripheral Interface SPI subsystem. This vulnerability arises from improper handling of memory when a driver is being attached, leading to a use-after-free UAF condition. A UAF vulnerability is a type of memory corruption that c...