58894 matches found
CVE-2026-23171
In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be used for Tx immediatel...
CVE-2026-23169
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...
CVE-2026-23170
In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure e.g. probe deferral and on driver unbind...
CVE-2026-23168
In the Linux kernel, the following vulnerability has been resolved: flexproportions: make fpropnewperiod hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: runtimersoftirq - we are in softirq context calltimerfn...
CVE-2026-23167
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been destroyed before nciclosedevice was called via rfkill. ncidev.cmdwq is...
CVE-2026-23166
In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...
CVE-2026-23165
In the Linux kernel, the following vulnerability has been resolved: sfc: fix deadlock in RSS config read Since cited commit, core locks the netdevice's rsslock when handling ethtool -x command, so driver's implementation should not lock it again. Remove the latter...
CVE-2026-23164
In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rockerworldportpostfini In rockerworldportpreinit, rockerport-wpriv is allocated with kzallocwops-portprivsize, GFPKERNEL. However, in rockerworldportpostfini, the memory is only freed when...
CVE-2026-23162
In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliarydeviceinit, auxdev-dev.release xenvmreleasedev is responsible for the kfreenvm. When there is failure with auxiliarydeviceadd, driver will call...
CVE-2026-23163
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer dereference in amdgpugmcfilterfaultsremove On APUs such as Raven and Renoir GC 9.1.0, 9.2.2, 9.3.0, the ih1 and ih2 interrupt ring buffers are not initialized. This is by design, as these secondary IH...
CVE-2026-23161
In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xacmpxchgirq to erase the swap entry, but it gets the entry order before tha...
CVE-2026-23159
In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new isusertask helper In order to do a user space stacktrace the current task needs to be a user task that has executed in user space. It use to be possible to test if a task is a user task or not...
CVE-2026-23160
In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...
CVE-2026-23158
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...
CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages BUG There is an internal report that over 1000 processes are waiting at the ioscheduletimeout of balancedirtypages, causing a system hang and trigger...
CVE-2026-23156
In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivarentryget efivarentryget always returns success even if the underlying efivarentryget fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the...
CVE-2026-23155
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...
CVE-2026-23153
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completi...
CVE-2026-23154
In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKBGSODODGY flag for fraglist GSO packets, addressing low throughput issues observed when a station accesses IPv4...
CVE-2026-23152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping TTLM elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access point...
CVE-2026-23151
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in setsspcomplete Fix memory leak in setsspcomplete where mgmtpendingcmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs...
CVE-2026-23149
In the Linux kernel, the following vulnerability has been resolved: drm: Do not allow userspace to trigger kernel warnings in drmgemchangehandleioctl Since GEM bo handles are u32 in the uapi and the internal implementation uses idralloc which uses int ranges, passing a new handle larger than INTM...
CVE-2026-23150
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfcllcpsenduiframe. syzbot reported various memory leaks related to NFC, struct nfcllcpsock, skbuff, nfcdev, etc. 0 The leading log hinted that nfcllcpsenduiframe failed to allocate skb due to sockerrors...
CVE-2026-23148
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
CVE-2026-23147
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...
CVE-2026-23146
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix null-ptr-deref in hciuartwritework hciuartsetproto sets HCIUARTPROTOINIT before calling hciuartregisterdev, which calls proto-open to initialize hu-priv. However, if a TTY write wakeup occurs during this...
CVE-2026-23145
In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4xattrinodeupdateref The error branch for ext4xattrinodeupdateref forget to release the refcount for iloc.bh. Find this when review code...
CVE-2026-23144
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON...
CVE-2026-23143
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...
CVE-2026-23142
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-scheme: cleanup accesspattern subdirs on scheme dir setup failure When a DAMOS-scheme DAMON sysfs directory setup fails after setup of accesspattern/ directory, subdirectories of accesspattern/ directory are not...
CVE-2026-23141
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in rangeisholeinparent Before accessing the diskbytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data star...
CVE-2025-71202
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
CVE-2026-23139
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: update lastgc only when GC has been performed Currently lastgc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high...
CVE-2026-23138
In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...
CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
CVE-2025-71201
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet:...
CVE-2026-23136
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate stat...
CVE-2026-23135
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...
CVE-2026-23134
In the Linux kernel, the following vulnerability has been resolved: slab: fix kmallocnolock context check for PREEMPTRT On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmallocnolock only verifies we're not in NMI or hard IRQ context, but misses the case where...
CVE-2026-23133
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...
CVE-2026-23132
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dwdpbind Fix several issues in dwdpbind error handling: 1. Missing return after drmbridgeattach failure - the function continued execution instead of returning an error. 2. Resource...
CVE-2026-23131
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...
CVE-2026-23130
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dead lock while flushing management frames Commit 1 converted the management transmission work item into a wiphy work. Since a wiphy work can only run under wiphy lock protection, a race condition happens in bel...
CVE-2026-23129
In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...
CVE-2026-23127
In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event-mmapcount increment When calling refcountinc&event-mmapcount inside perfmmaprb, the following warning is triggered: refcountt: addition on 0; use-after-free. WARNING: lib/refcount.c:25 PoC:...
CVE-2026-23128
In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT is reported1 on an android based system when resume from hiberate. This happens because swsusparchsuspendexit is marked with SYMCODE and does not have a CFI hash, but swsusparchresume...
CVE-2026-23126
In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...
CVE-2026-23124
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
CVE-2026-23125
In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...