68528 matches found
CVE-2026-23147
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...
CVE-2026-23156
In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivarentryget efivarentryget always returns success even if the underlying efivarentryget fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the...
CVE-2026-23168
In the Linux kernel, the following vulnerability has been resolved: flexproportions: make fpropnewperiod hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: runtimersoftirq - we are in softirq context calltimerfn...
CVE-2025-71201
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet:...
CVE-2026-23153
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completi...
CVE-2026-23158
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...
CVE-2026-23142
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-scheme: cleanup accesspattern subdirs on scheme dir setup failure When a DAMOS-scheme DAMON sysfs directory setup fails after setup of accesspattern/ directory, subdirectories of accesspattern/ directory are not...
CVE-2026-23159
In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new isusertask helper In order to do a user space stacktrace the current task needs to be a user task that has executed in user space. It use to be possible to test if a task is a user task or not...
CVE-2026-23136
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate stat...
CVE-2026-23135
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...
CVE-2026-23138
In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...
CVE-2026-23162
In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliarydeviceinit, auxdev-dev.release xenvmreleasedev is responsible for the kfreenvm. When there is failure with auxiliarydeviceadd, driver will call...
CVE-2026-23169
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...
CVE-2026-23148
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
CVE-2026-23165
In the Linux kernel, the following vulnerability has been resolved: sfc: fix deadlock in RSS config read Since cited commit, core locks the netdevice's rsslock when handling ethtool -x command, so driver's implementation should not lock it again. Remove the latter...
CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
CVE-2026-23172
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb-frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xxdpmaifsetfragtoskb function adds page fragments to an skb without checking if the number of fragments has exceeded...
CVE-2026-23149
In the Linux kernel, the following vulnerability has been resolved: drm: Do not allow userspace to trigger kernel warnings in drmgemchangehandleioctl Since GEM bo handles are u32 in the uapi and the internal implementation uses idralloc which uses int ranges, passing a new handle larger than INTM...
CVE-2026-23164
In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rockerworldportpostfini In rockerworldportpreinit, rockerport-wpriv is allocated with kzallocwops-portprivsize, GFPKERNEL. However, in rockerworldportpostfini, the memory is only freed when...
CVE-2026-23134
In the Linux kernel, the following vulnerability has been resolved: slab: fix kmallocnolock context check for PREEMPTRT On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmallocnolock only verifies we're not in NMI or hard IRQ context, but misses the case where...
CVE-2026-23139
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: update lastgc only when GC has been performed Currently lastgc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high...
CVE-2026-23163
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer dereference in amdgpugmcfilterfaultsremove On APUs such as Raven and Renoir GC 9.1.0, 9.2.2, 9.3.0, the ih1 and ih2 interrupt ring buffers are not initialized. This is by design, as these secondary IH...
CVE-2026-23151
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in setsspcomplete Fix memory leak in setsspcomplete where mgmtpendingcmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs...
CVE-2026-23161
In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xacmpxchgirq to erase the swap entry, but it gets the entry order before tha...
CVE-2026-23154
In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKBGSODODGY flag for fraglist GSO packets, addressing low throughput issues observed when a station accesses IPv4...
CVE-2025-71202
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...
CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages BUG There is an internal report that over 1000 processes are waiting at the ioscheduletimeout of balancedirtypages, causing a system hang and trigger...
CVE-2026-23140
In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Subtract size of xdpframe from allowed metadata size The xdpframe structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpftestrun, we don't take this into account, which...
CVE-2026-23155
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...
CVE-2026-23141
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in rangeisholeinparent Before accessing the diskbytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data star...
CVE-2026-23166
In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...
CVE-2026-23152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping TTLM elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access point...
CVE-2026-23146
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix null-ptr-deref in hciuartwritework hciuartsetproto sets HCIUARTPROTOINIT before calling hciuartregisterdev, which calls proto-open to initialize hu-priv. However, if a TTY write wakeup occurs during this...
CVE-2026-23160
In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...
CVE-2026-23167
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been destroyed before nciclosedevice was called via rfkill. ncidev.cmdwq is...
CVE-2026-23150
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfcllcpsenduiframe. syzbot reported various memory leaks related to NFC, struct nfcllcpsock, skbuff, nfcdev, etc. 0 The leading log hinted that nfcllcpsenduiframe failed to allocate skb due to sockerrors...
CVE-2026-23171
In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be used for Tx immediatel...
CVE-2026-23133
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...
CVE-2026-23145
In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4xattrinodeupdateref The error branch for ext4xattrinodeupdateref forget to release the refcount for iloc.bh. Find this when review code...
CVE-2026-23170
In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure e.g. probe deferral and on driver unbind...
CVE-2026-23173
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...
CVE-2026-23122
In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestamping load. Reducing to 5 KB avoids these hangs and matches the TSN recommendation in I225/I226 SW Use...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23129
In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...
CVE-2026-23118
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpcpeerkeepaliveworker / rxrpcsenddatapacket which is reporting an issue with the reads and writes to -lasttxat in:...
CVE-2026-23116
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't...
CVE-2026-23123
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...
CVE-2026-23131
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...
CVE-2025-71200
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...
CVE-2026-23127
In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event-mmapcount increment When calling refcountinc&event-mmapcount inside perfmmaprb, the following warning is triggered: refcountt: addition on 0; use-after-free. WARNING: lib/refcount.c:25 PoC:...