Lucene search
K

74046 matches found

UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.5 views

CVE-2026-23322

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23317

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23357

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.11 views

CVE-2026-23339

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23376

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.4 views

CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.10 views

CVE-2026-23355

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferredqc Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning non-zero before issuing the deferred qc. atascsischeduledeferredqc is called during...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.4 views

CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/03/25 11:16 a.m.5 views

UBUNTU-CVE-2026-23317

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References9
OSV
OSV
added 2026/03/25 11:16 a.m.4 views

UBUNTU-CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
OSV
OSV
added 2026/03/25 11:16 a.m.4 views

UBUNTU-CVE-2026-23376

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.9 views

CVE-2026-23358

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for error handling. There it could make decision based on uninitialized hive pointer and could result i...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/03/25 11:16 a.m.3 views

UBUNTU-CVE-2026-23328

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.11 views

CVE-2026-23359

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap getupperifindexes iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 11:16 a.m.6 views

UBUNTU-CVE-2026-23386

In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates numbufs times and attempts to unmap entries in the dma array...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 11:16 a.m.6 views

UBUNTU-CVE-2026-23389

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in icesetringparam In icesetringparam, txrings and xdprings are allocated before rxrings. If the allocation of rxrings fails, the code jumps to the done label leaking both txrings and xdprings. Furthermore, i...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References5
OSV
OSV
added 2026/03/25 11:16 a.m.4 views

UBUNTU-CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
OSV
OSV
added 2026/03/25 11:16 a.m.5 views

UBUNTU-CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 11:16 a.m.2 views

UBUNTU-CVE-2026-23322

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References6
OSV
OSV
added 2026/03/25 11:16 a.m.4 views

UBUNTU-CVE-2026-23358

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for error handling. There it could make decision based on uninitialized hive pointer and could result i...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
Rows per page
Query Builder