12384 matches found
CVE-2026-23450
A flaw was found in the Linux kernel's net/smc component. A remote attacker could exploit a race condition during the concurrent closing of an SMC listen socket. This could lead to a NULL pointer dereference or a use-after-free vulnerability in the smctcpsynrecvsock function, potentially causing ...
CVE-2026-23473
A flaw was found in the Linux kernel's iouring/poll subsystem. A race condition can occur when a socket performs send and shutdown operations in quick succession. This can cause a multishot receive operation to hang indefinitely, leading to a Denial of Service DoS for affected systems...
EUVD-2026-18746
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown happen back-to-back, both fire wake-ups before the receiver's taskwork has a chance to run. The first wake gets poll ownership pollrefs=1...
EUVD-2026-18700
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23444
A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. This vulnerability occurs because a specific error path within the ieee80211txprepareskb function fails to properly release a network buffer, known as a socket buffer skb. This inconsistency can lead to a double-free condition, wher...
CVE-2026-23473
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-23439
In the Linux kernel, the following vulnerability has been resolved: udptunnel: fix NULL deref caused by udpsockcreate6 when CONFIGIPV6=n When CONFIGIPV6 is disabled, the udpsockcreate6 function returns 0 success without actually creating a socket. Callers such as foucreate then proceed to...
UBUNTU-CVE-2026-23444
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...
UBUNTU-CVE-2026-23439
In the Linux kernel, the following vulnerability has been resolved: udptunnel: fix NULL deref caused by udpsockcreate6 when CONFIGIPV6=n When CONFIGIPV6 is disabled, the udpsockcreate6 function returns 0 success without actually creating a socket. Callers such as foucreate then proceed to...
UBUNTU-CVE-2026-23445
In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: 883.803618 T1554...
EUVD-2026-18636
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...
CVE-2026-23450
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23450 net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23444
CVE-2026-23444 has been addressed in the Linux kernel by fixing skb ownership handling in wifi/mac80211. The patch adds kfree_skb() in the ieee80211_tx_prepare_skb() failure path to ensure all error paths free the skb, and removes redundant frees in callers (ath9k, mt76, mac80211_hwsim). The func...
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
In the Linux kernel, the following vulnerability has been resolved: udptunnel: fix NULL deref caused by udpsockcreate6 when CONFIGIPV6=n When CONFIGIPV6 is disabled, the udpsockcreate6 function returns 0 success without actually creating a socket. Callers such as foucreate then proceed to...
CVE-2026-23419
A flaw was found in the Linux kernel's net/rds module. This vulnerability involves a circular locking dependency within the rdstcptune function. The issue arises when the sknetrefcntupgrade function performs memory allocation while a socket lock is held, creating a deadlock with the fsreclaim loc...
CVE-2026-23419
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...
CVE-2026-23419
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...
UBUNTU-CVE-2026-23419
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...
CVE-2026-23419 net/rds: Fix circular locking dependency in rds_tcp_tune
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...