505 matches found
CVE-2026-23407
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...
kernel: net/sched: cls_u32: use skb_header_pointer_careful()
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...
CVE-2026-23327
In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxlpayloadfromuserallowed cxlpayloadfromuserallowed casts and dereferences the input payload without first verifying its size. When a raw mailbox command is sent with a...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
SUSE CVE-2026-23273
In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...
ROS-20260317-73-0035
A vulnerability in the kasanfindvmarea function mm/kasan/report.c of the kasan component of the Linux kernel is related to mutual blocking of execution threads. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
EUVD-2025-208323
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...
CVE-2025-70616
CVE-2025-70616 affects the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The issue is a stack buffer overflow caused by missing bounds checking on the user-controlled Options parameter before copying into a 40-byte stack buffer Src[40] via m...
kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...
CVE-2026-23204
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...
AZL-77724 CVE-2025-71202 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2025-71202
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
UBUNTU-CVE-2025-71202
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2025-71202
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2025-71202
CVE-2025-71202 affects the Linux kernel IOMMU SVA coherency. A new IOMMU interface flushes IOTLB paging cache entries for the CPU kernel address space, invoked from x86 code before freeing and reusing kernel page tables. The issue allows an unprivileged local user to trigger stale IOTLB translati...
CVE-2025-71202 iommu/sva: invalidate stale IOTLB entries for kernel address space
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2026-23112
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...
OESA-2026-1338 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...
kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...
kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...