Lucene search
K
CvelistRecent

364063 matches found

Cvelist
Cvelist
added 2026/06/24 4:29 p.m.23 views

CVE-2026-53052 ASoC: qcom: qdsp6: topology: check widget type before accessing data

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: topology: check widget type before accessing data Check widget type before accessing the private data, as this could a virtual widget which is no associated with a dsp graph, container and module. Accessing...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53051 PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST is deasserted twice assert - deassert - assert - deassert, a CBB Control Backbone timeout occurs at DBI register offset 0x8bc PCIEMISCCONTROL1OFF...

0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.34 views

CVE-2026-53050 quota: Fix race of dquot_scan_active() with quota deactivation

In the Linux kernel, the following vulnerability has been resolved: quota: Fix race of dquotscanactive with quota deactivation dquotscanactive can race with quota deactivation in quotareleaseworkfn like: CPU0 quotareleaseworkfn CPU1 dquotscanactive ==============================...

7.8CVSS0.00129EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53049 gfs2: add some missing log locking

In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2logd calls the log flushing functions gfs2ail1start, gfs2ail1wait, and gfs2ail1empty without holding sdp-sdlogflushlock, but these functions require exclusion against concurrent...

9.8CVSS0.00509EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount

In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53047 efi/capsule-loader: fix incorrect sizeof in phys array reallocation

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...

0.00195EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53046 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine ksmbdcryptmessage sets a NULL completion callback on AEAD requests and does not handle the -EINPROGRESS return code from async hardware crypto engines like the...

9.8CVSS0.00531EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53044 soc/tegra: cbb: Fix incorrect ARRAY_SIZE in fabric lookup tables

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix incorrect ARRAYSIZE in fabric lookup tables Fix incorrect ARRAYSIZE usage in fabric lookup tables which could cause out-of-bounds access during target timeout lookup...

7.1CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

9.8CVSS0.00521EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.29 views

CVE-2026-53043 ocfs2/dlm: validate qr_numregions in dlm_match_regions()

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...

9.1CVSS0.00521EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53042 fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53040 ocfs2: validate bg_bits during freefrag scan

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

7.1CVSS0.00122EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53039 ocfs2: validate group add input before caching

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53038 ima_fs: Correctly create securityfs files for unsupported hash algos

In the Linux kernel, the following vulnerability has been resolved: imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53037 HID: usbhid: fix deadlock in hid_post_reset()

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

7.8CVSS0.00138EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53035 bpf, sockmap: Fix af_unix iter deadlock

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sockmapupdateelem's bhlocksock: WARNING:...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53034 bpf, sockmap: Fix af_unix null-ptr-deref in proto update

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix null-ptr-deref in proto update unixstreamconnect sets skstate WRITEONCEsk-skstate, TCPESTABLISHED before it assigns a peer unixpeersk = newsk. skstate == TCPESTABLISHED makes sockmapskstateallowed believe...

0.0018EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

7.8CVSS0.00133EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

7.8CVSS0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53032 bpf: Fix NULL deref in map_kptr_match_type for scalar regs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53030 i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53029 fs/ntfs3: prevent uninitialized lcn caused by zero len

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...

0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.23 views

CVE-2026-53028 usb: typec: Fix error pointer dereference

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53027 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to the frame start using cmask, which can result in vcn != vcn0. In this...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53026 NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...

7.5CVSS0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53025 greybus: raw: fix use-after-free on cdev close

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...

7.8CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53023 fs/ntfs3: terminate the cached volume label after UTF-8 conversion

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53022 platform/x86: dell-wmi-sysman: bound enumeration string aggregation

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.31 views

CVE-2026-53021 scsi: target: core: Fix integer overflow in UNMAP bounds check

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53020 um: Fix potential race condition in TLB sync

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...

7.8CVSS0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53019 clk: spacemit: ccu_mix: fix inverted condition in ccu_mix_trigger_fc()

In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: ccumix: fix inverted condition in ccumixtriggerfc Fix inverted condition that skips frequency change trigger, causing kernel panics during cpufreq scaling...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53018 f2fs: avoid reading already updated pages during GC

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53017 f2fs: fix data loss caused by incorrect use of nat_entry flag

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix data loss caused by incorrect use of natentry flag Data loss can occur when fsync is performed on a newly created file before any checkpoint has been written concurrently with a checkpoint operation. The scenario is as...

0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53016 crypto: ccp - copy IV using skcipher ivsize

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AFALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccpaescomplete restores AESBLOCKSIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, s...

7.8CVSS0.00132EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.24 views

CVE-2026-53015 erofs: unify lcn as u64 for 32-bit platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53014 net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: fix wrong device for macheaderxmit check in tcfblockcastredir In tcfblockcastredir, when iterating block ports to redirect packets to multiple devices, the macheaderxmit flag is queried from the wrong device...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53013 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53011 net/sched: taprio: fix use-after-free in advance_sched() on schedule switch

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

7.8CVSS0.00125EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53012 nexthop: fix IPv6 route referencing IPv4 nexthop

In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...

0.00185EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53009 ice: fix double-free of tx_buf skb

In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of txbuf skb If icetso or icetxcsum fail, the error path in icexmitframering frees the skb, but the 'first' txbuf still points to it and is marked as valid ICETXBUFSKB. 'nexttouse' remains unchanged, so the...

7.8CVSS0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53008 ice: fix race condition in TX timestamp ring cleanup

In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between icefreetxtstampring and icetxmap that can cause a NULL pointer dereference. icefreetxtstampring currently clears the ICETXFLAGSTXTIME flag after...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53007 ice: fix potential NULL pointer deref in error path of ice_set_ringparam()

In the Linux kernel, the following vulnerability has been resolved: ice: fix potential NULL pointer deref in error path of icesetringparam icesetringparam nullifies tstampring of temporary txrings, without clearing ICETXRINGFLAGSTXTIME bit. When ICETXRINGFLAGSTXTIME is set and the subsequent...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53006 ipv6: fix possible UAF in icmpv6_rcv()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6rcv Caching saddr and daddr before pskbpull is problematic since skb-head can change. Remove these temporary variables: - We only access &ipv6hdrskb-saddr and &ipv6hdrskb-daddr when netdbgratelimit...

9.8CVSS0.00377EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53004 sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks

In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

7.8CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53003 pppoe: drop PFC frames

In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...

7.5CVSS0.00508EPSS
Exploits0References8
Total number of security vulnerabilities364063