74044 matches found
CVE-2026-23357
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...
CVE-2026-23357
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...
CVE-2026-23356
The CVE-2026-23356 issue affects the Linux kernel DRBD subsystem. A logic bug in drbd_al_begin_io_nonblock() could mis-handle a reference-counted extent when lc_get_cumulative() and lc_try_lock() timing collided, risking a crash or incorrect assumption that an activity log extent is active during...
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
CVE-2026-23344
The CVE-2026-23344 issue affects the Linux kernel crypto: ccp module. In sev_tsm_init_locked(), the error path dereferences t after it has been freed (kfree), with pr_err() attempting to access t->tio_en and t->tio_init_done after free. The documented fix moves the pr_err() call before kfre...
CVE-2026-23344 crypto: ccp - Fix use-after-free on error path
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...
CVE-2026-23344
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...
CVE-2026-23344 crypto: ccp - Fix use-after-free on error path
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferences 't' after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory...
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...
CVE-2026-23339
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...
CVE-2026-23339
CVE-2026-23339 is resolved in the Linux kernel through fixes around NFC/NCI skb handling (nci_transceive error paths releasing skb) as cited by multiple OSV entries and kernel patches. Connected advisories show Root: Debian/Ubuntu/Mageia patches for rootio-linux, with multiple fixed versions (e.g...
CVE-2026-23339
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...
CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...
CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...
CVE-2026-23322
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...
CVE-2026-23322
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...
CVE-2026-23322
The CVE-2026-23322 entry concerns the Linux kernel IPMI sender path. The root cause is a use-after-free and list corruption in the SMI sender error handling: when sender() fails, smi_work() delivers an error response but restarts without clearing curr_msg, leaving newmsg pointing to the same mess...
CVE-2026-23322 ipmi: Fix use-after-free and list corruption on sender error
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...