77777 matches found
CVE-2026-64186
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs In iommummiowrite and iommucapabilitywrite, the variables dbgmmiooffset and dbgcapoffset are declared as int. However, they are populated using kstrtou32fromuser. If ...
CVE-2026-64185
In the Linux kernel, the following vulnerability has been resolved: sysfs: don't remove existing directory on update failure When sysfsupdategroup is called for a named group and createfiles fails e.g. -ENOMEM, internalcreategroup calls kernfsremovekn on the group directory. In the update path, k...
CVE-2026-64184
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: call missing memcgroupiterbreak damonsysfsmemcgpathtoid breaks memcgroupiter loop without calling memcgroupiterbreak. This leaks the cgroup reference. Fix the issue by calling memcgroupiterbreak before the...
CVE-2026-64183
In the Linux kernel, the following vulnerability has been resolved: efi: Allocate runtime workqueue before ACPI init Since commit 5894cf571e14 "acpi/prmt: Use EFI runtime sandbox to invoke PRM handlers" ACPI PRM calls are delegated to a workqueue which runs in a kernel thread, making it easier to...
CVE-2026-64182
In the Linux kernel, the following vulnerability has been resolved: drivers/base/memory: fix memory block reference leak in poison accounting memblknrpoisoninc and memblknrpoisonsub look up a memory block via findmemoryblockbyid, which acquires a reference to the memory block device. Both helpers...
CVE-2026-64181
In the Linux kernel, the following vulnerability has been resolved: mm: fix vmnormalpage to handle missing support for pmdspecial/pudspecial On x86 32-bit with THP enabled, zaphugepmd is seen to generate a "WARNING: mm/memory.c:735 at vmnormalpage+0x6a/0x7d", from the VMWARNONONCEiszeropfnpfn ||...
CVE-2026-64180
In the Linux kernel, the following vulnerability has been resolved: mm/memoryhotplug: fix memory block reference leak on remove Patch series "mm: Fix memory block leaks and locking", v2. This series fixes two memory block device reference leaks and one locking issue around the per-memoryblock...
CVE-2026-64179
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix potential memory leaks in ipcimeminit The memory allocated in ipcprotocolinit is not freed on the error paths that follow in ipcimeminit. Fix that by calling the corresponding release function ipcprotocoldein...
CVE-2026-64178
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: Fix UAF read of dev-name bnepaddconnection needs to keep holding the bnepsessionsem while reading dev-name just like bnepgetconnlist does; otherwise the bnepsession thread can concurrently free the netdevice, whi...
CVE-2026-64177
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: disable BH around forwarded skreceiveskb The networking receive path is usually run from softirq context, but protocols that take the socket lock may have packets stored in the backlog and processed later from process...
CVE-2026-64176
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix driver-set TX rates on old devices On old devices such as 7265D, rates are still encoded in version 1 format, which doesn't use the CCK/OFDM rate index 0-3/0-7 but rather their PLCP value e.g. 10 for 1 Mbp...
CVE-2026-64175
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: stop TX during firmware restart When iwlwifi firmware crashes e.g., NMIINTERRUPTUNKNOWN on Intel BE201/Wi-Fi 7, iwlmldnicerror sets mld-fwstatus.inhwrestart to true. However, iwlmldtxfromtxq does not check thi...
CVE-2026-64174
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: advance loop vars in cfg80211mergeprofile cfg80211mergeprofile reassembles a Multi-BSSID non-transmitted BSS profile that has been split across multiple consecutive MBSSID elements. Its while-loop calls...
CVE-2026-64173
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not call map-ops-eltfree if eltalloc fails In paths where tracingmapeltalloc failed to allocate objects, the map-ops-eltalloc call was never successful. In this case, map-ops-eltfree should not be called...
CVE-2026-64172
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h erratum 1235 Hygon Family 18h CPUs are derived from AMD Family 17h Zen1 silicon and share the same erratum 1235: hardware may read a stale IsRunning=1 bit during ICR...
CVE-2026-64171
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: fix pmruntime leak on mutexlock failure If tegrai2cmutexlock fails, the function returns without calling pmruntimeput, leaking the runtime PM reference acquired by the preceding pmruntimegetsync. This prevents the...
CVE-2026-64169
In the Linux kernel, the following vulnerability has been resolved: spi: ep93xx: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error...
CVE-2026-64170
In the Linux kernel, the following vulnerability has been resolved: spi: qup: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error pointer...
CVE-2026-64167
In the Linux kernel, the following vulnerability has been resolved: kho: skip KHO for crash kernel khofillkimage unconditionally populates the kimage with KHO metadata for every kexec image type. When the image is a crash kernel, this can be problematic as the crash kernel can run in a small...
CVE-2026-64168
In the Linux kernel, the following vulnerability has been resolved: spi: sprd: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to check the dma.enabled flag before trying to release the DMA channels also on late probe...
CVE-2026-64166
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Check for NULL FF-A ID table while driver registration The bus match callback assumes that every FF-A driver provides an idtable and dereferences it unconditionally. Enforce that contract at registration time so...
CVE-2026-64165
In the Linux kernel, the following vulnerability has been resolved: ARM: integrator: Fix early initialization Starting with commit bdb249fce9ad4 "ARM: integrator: read counter using syscon/regmap", intcpinitearly calls sysconregmaplookupbycompatible which in turn calls ofsysconregister. This...
CVE-2026-64164
In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: fix sleep while in atomic context in btrfssyncfile The trace event btrfssyncfile is called in an atomic context all trace events are and its call to dput, which is needed due to the call to dgetparent, can...
CVE-2026-64163
In the Linux kernel, the following vulnerability has been resolved: testkprobes: clear kprobes between test runs Running the kprobes sanity tests twice makes all tests fail and eventually crashes the kernel. root@martin-riscv-1 echo 1 /sys/kernel/debug/kunit/kprobestest/run ... Totals: pass:5...
CVE-2026-64162
In the Linux kernel, the following vulnerability has been resolved: idpf: fix readdevclklock spinlock init in idpfptpinit In idpfptpinit, readdevclklock is initialized after ptpscheduleworker had already been called and after idpfptpsettime64 could reach the lock. The PTP aux worker fires...
CVE-2026-64160
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix potential for tearing in -remoteisize and -zeropoint Fix potential tearing in using -remoteisize and -zeropoint by copying isizeread and isizewrite and using the same seqcount as for isize. We need to make sure that...
CVE-2026-64161
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssm-prueth: fix ethportsnode leak in probe The error path on ofpropertyreadu32 failure inside icssmpruethprobe returns without putting ethportsnode, which was acquired before the foreachchildofnode loop. Drop it before...
CVE-2026-64159
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix zeropoint update where isize remoteisize Fix the update of the zero point by netfsreleasefolio when there is uncommitted data in the pagecache beyond the folio being released but the on-server EOF is in this folio ie...
CVE-2026-64158
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix write streaming disablement if fd open ORDWR In netfsperformwrite, "write streaming" the caching of dirty data in dirty but !uptodate folios is performed to avoid the need to read data that is just going to get...
CVE-2026-64157
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix partial invalidation of streaming-write folio In netfsinvalidatefolio, if the region of a partial invalidation overlaps the front but not all of a dirty write cached in a streaming write page dirty, but not uptodate,...
CVE-2026-64156
In the Linux kernel, the following vulnerability has been resolved: netfs, afs: Fix write skipping in dir/link writepages Fix netfswritesingle and afssinglewritepages to better handle a write that would be skipped due to lock contention and WBSYNCNONE by returning 1 from netfswritesingle if it...
CVE-2026-64155
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix error path leaks in some WMI WOW calls Fix two instances where we used to directly return the result of ath11kwmicmdsend.... Because we did not check the return value, we also did not free the skb in the error...
CVE-2026-64154
In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix a reference leak in a6xxgpuinit In a6xxgpuinit, node is obtained via ofparsephandle. While there was a manual ofnodeput at the end of the common path, several early error returns would bypass this call,...
CVE-2026-64153
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix iommumapsgtable return value check and avoid WARN Commit "iommu: return full error code from iommumapsgatomic" changed iommumapsgtable to return an ssizet and negative values in error cases, rather than a sizet and a...
CVE-2026-64152
In the Linux kernel, the following vulnerability has been resolved: iommu: Handle unmap error when iommudebug is enabled Sashiko noticed a latent bug where the map error flow called iommuunmap which calls iommudebugunmapbegin/iommudebugunmapend however since this is an error path the map flow nev...
CVE-2026-64151
In the Linux kernel, the following vulnerability has been resolved: iommupt: Check for missing PAGESIZE in the pgsizebitmap Sashiko pointed out that the driver could drop PAGESIZE from the pgsizebitmap. That is technically allowed but nothing does it, and such an iommudomain would not be used wit...
CVE-2026-64150
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: release locallock before re-enabling softirqs Quoting sashiko: In the error path, localbhenable is called before localunlocknestedbh...
CVE-2026-64149
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: move dmamapresource sanity check into debug code dmamapresource uses pfnvalid to ensure the range is not RAM. However, pfnvalid only checks for availability of the memory map for a PFN but it does not ensure that the...
CVE-2026-64147
In the Linux kernel, the following vulnerability has been resolved: pdscore: fix debugfslookup dentry leak and error handling debugfslookup returns a dentry with an elevated reference count that must be released with dput. The current code discards the returned dentry without calling dput, causin...
CVE-2026-64148
In the Linux kernel, the following vulnerability has been resolved: pdscore: fix error handling in pdscdevcmdwait Fix two cases where pdscdevcmdwait returns stale success from the completion register instead of an error: 1. FW crash: If firmware stops running, the wait loop breaks early with...
CVE-2026-64146
In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...
CVE-2026-64145
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
CVE-2026-64144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: fix urb-setuppacket leak in error paths The setuppacket of control urb is not freed if usbsubmiturb fails or the submitted urb is killed. Add free in these two paths...
CVE-2026-64143
In the Linux kernel, the following vulnerability has been resolved: platform/x86: uniwill-laptop: Do not enable the charging limit even when forced It seems that on some older models 2020 the battery charging limit can permanently damage the battery. Prevent users from enabling this feature thru...
CVE-2026-64142
In the Linux kernel, the following vulnerability has been resolved: ksmbd: close durable scavenger races against mfplist lookups ksmbddurablescavenger has two related races against any walker that iterates fci-mfplist, including ksmbdlookupfdinode used by ksmbdvfsrename and the share-mode checks ...
CVE-2026-64141
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in compareguidkey sessionfdcheck walks the per-inode moplist during durable-handle session teardown and sets op-conn = NULL for every opinfo whose conn matched the closing session's connection...
CVE-2026-64140
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in procshowfiles When a SMB2 client opens a file with a durable v2 handle and then issues SMB2 SESSIONLOGOFF, sessionfdcheck clears fp-tcon = NULL on the reconnectable file pointer but leaves t...
CVE-2026-64139
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix SID memory leak in setposixaclentriesdacl on overflow Commit 299f962c0b02 "ksmbd: use checkaddoverflow to prevent u16 DACL size overflow" added checkaddoverflow guards that break out of the ACE-building loops in...
CVE-2026-64137
In the Linux kernel, the following vulnerability has been resolved: smb: client: require net admin for CIFS SWN netlink CIFSGENLCMDSWNNOTIFY is the userspace witness-notify command. The intended sender is the cifs.witness helper, but the generic-netlink operation currently has no capability flag,...
CVE-2026-64138
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate SID in parent security descriptor during ACL inheritance Introduce smbvalidatentsdsid helper to safely validate Owner SID and Group SID inside the NT Security Descriptor smbntsd retrieved from the parent directory...