Lucene search
K

74044 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23357

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

5.6AI score0.00099EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23357

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

5.5CVSS5.2AI score0.00099EPSS
Exploits0
OSV
OSV
added 2026/03/25 10:27 a.m.7 views

CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References9
CVE
CVE
added 2026/03/25 10:27 a.m.8 views

CVE-2026-23356

The CVE-2026-23356 issue affects the Linux kernel DRBD subsystem. A logic bug in drbd_al_begin_io_nonblock() could mis-handle a reference-counted extent when lc_get_cumulative() and lc_try_lock() timing collided, risking a crash or incorrect assumption that an activity log extent is active during...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()

In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References9
CVE
CVE
added 2026/03/25 10:27 a.m.12 views

CVE-2026-23344

The CVE-2026-23344 issue affects the Linux kernel crypto: ccp module. In sev_tsm_init_locked(), the error path dereferences t after it has been freed (kfree), with pr_err() attempting to access t->tio_en and t->tio_init_done after free. The documented fix moves the pr_err() call before kfre...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23344 crypto: ccp - Fix use-after-free on error path

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...

0.0012EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23344

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...

7.8CVSS5.4AI score0.0012EPSS
Exploits0
OSV
OSV
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23344 crypto: ccp - Fix use-after-free on error path

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.17 views

CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23339

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/03/25 10:27 a.m.11 views

CVE-2026-23339

CVE-2026-23339 is resolved in the Linux kernel through fixes around NFC/NCI skb handling (nci_transceive error paths releasing skb) as cited by multiple OSV entries and kernel patches. Connected advisories show Root: Debian/Ubuntu/Mageia patches for rootio-linux, with multiple fixed versions (e.g...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23339

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.21 views

CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...

0.00107EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23322

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

5.5AI score0.00124EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23322

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

7.8CVSS5.4AI score0.00124EPSS
Exploits0
CVE
CVE
added 2026/03/25 10:27 a.m.12 views

CVE-2026-23322

The CVE-2026-23322 entry concerns the Linux kernel IPMI sender path. The root cause is a use-after-free and list corruption in the SMI sender error handling: when sender() fails, smi_work() delivers an error response but restarts without clearing curr_msg, leaving newmsg pointing to the same mess...

7.8CVSS5.6AI score0.00124EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23322 ipmi: Fix use-after-free and list corruption on sender error

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

0.00124EPSS
Exploits0References3
Rows per page
Query Builder