338 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-23475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves ...
SUSE CVE-2026-31389
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...
CVE-2026-23475
A flaw was found in the Linux kernel's Serial Peripheral Interface SPI component. The system's per-CPU statistics for the SPI controller were not allocated until after the controller was registered. This created a window where a local user or process could access system files sysfs attributes...
CVE-2026-31389
A flaw was found in the Linux kernel's Serial Peripheral Interface SPI subsystem. During controller registration, a use-after-free vulnerability can occur if the allocation of per-CPU statistics fails. This could allow a local attacker to cause system instability or a denial of service by accessi...
CVE-2026-31389
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...
CVE-2026-31389
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...
CVE-2026-23475
In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...
UBUNTU-CVE-2026-23459
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...
CVE-2026-31389
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...
CVE-2026-31389
CVE-2026-31389 affects the Linux kernel SPI subsystem. The vulnerability is a use-after-free that can occur during controller registration if per-CPU statistics allocation fails, potentially leading to access of freed driver resources and unclocked register accesses. The issue is mitigated by a p...
CVE-2026-23475
In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...
CVE-2026-23475
CVE-2026-23475 affects the Linux kernel SPI subsystem. The issue was a NULL pointer dereference window in per‑CPU controller statistics: stats were allocated only after controller registration with driver core, so early sysfs access could dereference NULL. The fix moves statistics allocation to t...
CVE-2026-23475 spi: fix statistics allocation
In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...
CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...
CVE-2026-23459
The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...
PT-2026-30169
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where controller per-cpu statistics were not allocated until after the controller was registered, creating a window where accessing sysfs attributes cou...
Linux Distros Unpatched Vulnerability : CVE-2026-23294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq ca...
Linux Distros Unpatched Vulnerability : CVE-2026-23342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpbulkqueue bq can b...
CVE-2026-23374
A flaw was found in the Linux kernel's blktrace component. This vulnerability arises when the tracingrecordcmdline function attempts to access a per-CPU variable in a preemptible context, which is an unsafe operation. A local attacker could exploit this to trigger a kernel bug, potentially leadin...
SUSE CVE-2026-23294
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...