Lucene search
K
CvelistRecent

363766 matches found

Cvelist
Cvelist
added 2026/06/24 4:30 p.m.26 views

CVE-2026-53059 dm log: fix out-of-bounds write due to region_count overflow

In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...

0.00127EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.24 views

CVE-2026-53058 drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomicenable In case if we get errors in cdnsmhdplinkup or cdnsmhdpregread in atomicenable, we will go to cdnsmhdpmodesetretryfn and will hit NULL pointer...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.28 views

CVE-2026-53057 iommu/riscv: Add IOTINVAL after updating DDT/PDT entries

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...

8.8CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.29 views

CVE-2026-53056 drm/msm/dpu: fix mismatch between power and frequency

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: fix mismatch between power and frequency During DPU runtime suspend, calling devpmoppsetratedev, 0 drops the MMCX rail to MINSVS while the core clock frequency remains at its original highest rate. When runtime resum...

0.0018EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.27 views

CVE-2026-53055 crypto: hisilicon/sec2 - prevent req used-after-free for sec

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory req before the transmission...

9.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53053 iommu/amd: Fix clone_alias() to use the original device's devid

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...

8.8CVSS0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.38 views

CVE-2026-53054 drm/msm: Fix VM_BIND UNMAP locking

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix VMBIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since NOSHARE objs share a common resv with the VM which is always locked this would only show up with...

7.8CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.23 views

CVE-2026-53052 ASoC: qcom: qdsp6: topology: check widget type before accessing data

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: topology: check widget type before accessing data Check widget type before accessing the private data, as this could a virtual widget which is no associated with a dsp graph, container and module. Accessing...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.34 views

CVE-2026-53050 quota: Fix race of dquot_scan_active() with quota deactivation

In the Linux kernel, the following vulnerability has been resolved: quota: Fix race of dquotscanactive with quota deactivation dquotscanactive can race with quota deactivation in quotareleaseworkfn like: CPU0 quotareleaseworkfn CPU1 dquotscanactive ==============================...

7.8CVSS0.00129EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53051 PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST is deasserted twice assert - deassert - assert - deassert, a CBB Control Backbone timeout occurs at DBI register offset 0x8bc PCIEMISCCONTROL1OFF...

0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53049 gfs2: add some missing log locking

In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2logd calls the log flushing functions gfs2ail1start, gfs2ail1wait, and gfs2ail1empty without holding sdp-sdlogflushlock, but these functions require exclusion against concurrent...

9.8CVSS0.00509EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount

In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53047 efi/capsule-loader: fix incorrect sizeof in phys array reallocation

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...

0.00195EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53046 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine ksmbdcryptmessage sets a NULL completion callback on AEAD requests and does not handle the -EINPROGRESS return code from async hardware crypto engines like the...

9.8CVSS0.00531EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53044 soc/tegra: cbb: Fix incorrect ARRAY_SIZE in fabric lookup tables

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix incorrect ARRAYSIZE in fabric lookup tables Fix incorrect ARRAYSIZE usage in fabric lookup tables which could cause out-of-bounds access during target timeout lookup...

7.1CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

9.8CVSS0.00521EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.29 views

CVE-2026-53043 ocfs2/dlm: validate qr_numregions in dlm_match_regions()

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...

9.1CVSS0.00521EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53042 fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53040 ocfs2: validate bg_bits during freefrag scan

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

7.1CVSS0.00122EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53039 ocfs2: validate group add input before caching

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53038 ima_fs: Correctly create securityfs files for unsupported hash algos

In the Linux kernel, the following vulnerability has been resolved: imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53037 HID: usbhid: fix deadlock in hid_post_reset()

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

7.8CVSS0.00138EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53035 bpf, sockmap: Fix af_unix iter deadlock

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sockmapupdateelem's bhlocksock: WARNING:...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53034 bpf, sockmap: Fix af_unix null-ptr-deref in proto update

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix null-ptr-deref in proto update unixstreamconnect sets skstate WRITEONCEsk-skstate, TCPESTABLISHED before it assigns a peer unixpeersk = newsk. skstate == TCPESTABLISHED makes sockmapskstateallowed believe...

0.0018EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

7.8CVSS0.00133EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53032 bpf: Fix NULL deref in map_kptr_match_type for scalar regs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

7.8CVSS0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53030 i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53029 fs/ntfs3: prevent uninitialized lcn caused by zero len

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...

0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.23 views

CVE-2026-53028 usb: typec: Fix error pointer dereference

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53027 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53026 NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...

7.5CVSS0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53025 greybus: raw: fix use-after-free on cdev close

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...

7.8CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53023 fs/ntfs3: terminate the cached volume label after UTF-8 conversion

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53022 platform/x86: dell-wmi-sysman: bound enumeration string aggregation

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.31 views

CVE-2026-53021 scsi: target: core: Fix integer overflow in UNMAP bounds check

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53020 um: Fix potential race condition in TLB sync

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...

7.8CVSS0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53019 clk: spacemit: ccu_mix: fix inverted condition in ccu_mix_trigger_fc()

In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: ccumix: fix inverted condition in ccumixtriggerfc Fix inverted condition that skips frequency change trigger, causing kernel panics during cpufreq scaling...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53018 f2fs: avoid reading already updated pages during GC

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53017 f2fs: fix data loss caused by incorrect use of nat_entry flag

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix data loss caused by incorrect use of natentry flag Data loss can occur when fsync is performed on a newly created file before any checkpoint has been written concurrently with a checkpoint operation. The scenario is as...

0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53016 crypto: ccp - copy IV using skcipher ivsize

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AFALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccpaescomplete restores AESBLOCKSIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, s...

7.8CVSS0.00132EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53015 erofs: unify lcn as u64 for 32-bit platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53014 net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: fix wrong device for macheaderxmit check in tcfblockcastredir In tcfblockcastredir, when iterating block ports to redirect packets to multiple devices, the macheaderxmit flag is queried from the wrong device...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53013 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53012 nexthop: fix IPv6 route referencing IPv4 nexthop

In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...

0.00185EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53011 net/sched: taprio: fix use-after-free in advance_sched() on schedule switch

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

7.8CVSS0.00125EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS0.00435EPSS
Exploits0References3
Total number of security vulnerabilities363766