13804 matches found
CVE-2025-38421
CVE-2025-38421 affects the Linux kernel’s amd-pmf code in platform/x86/amd, where a path that fails smart PC setup could lead to a double free of dev->buf during module removal. The root cause is a freed pointer that isn’t NULL’d, causing amd_pmf_remove() to free it again. The provided fixes c...
CVE-2025-38532
CVE-2025-38532 affects the Linux kernel libwx RX path. When a device reset occurs due to feature changes (e.g., RX VLAN offload toggles), the hardware descriptor ring may retain stale values, leading to malformed SKBs if length handling isn’t reset. The patch fixes the reset sequence by ensuring ...
CVE-2025-38533
CVE-2025-38533 : In the Linux kernel, the net: libwx path fixed a DMA bug in the Rx buffer handling. The wx_rx_buffer structure had two DMA address fields, dma and page_dma ; only page_dma was initialized/used, while dma could remain uninitialized and be used in some paths. This could lead to und...
CVE-2025-38542
CVE-2025-38542 affects the Linux kernel net: appletalk path atrtr_create. A device refcount leak occurred when updating an existing route entry: the old device reference was not released before assigning the new device. The fix releases the previous reference with dev_put() before taking the new ...
CVE-2025-38581
CVE-2025-38581 affects the Linux kernel crypto CCP driver. When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the CCP device could crash the kernel due to a NULL-dereference in debugfs setup. The connected Unity Linux/UTSA advisory notes a patch that fixes this by setting ccp_debugfs_dir to...
CVE-2025-38585
CVE-2025-38585 concerns Linux kernel staging/atomisp: a stack buffer overflow in gmin_get_var_int() triggered when gmin_get_config_var() calls EFI get_variable() with a larger-than-expected EFI variable. The bug stems from two issues: (1) gmin_get_config_var() returning a stale error code on EFI ...
CVE-2025-38630
CVE-2025-38630 involves the Linux kernel fbdev imxfb driver. The issue arises when fb_add_videomode() returns -ENOMEM from internal kmalloc(), leaving the modelist empty but the driver still registers, risking a null pointer dereference. The patch adds a check on the return value to prevent this,...
CVE-2025-39701
Technical details for CVE-2025-39701 are not provided in the supplied documents. Monitor official kernel advisories for affected versions, impact, and remediation, as available information in connected sources is not detailed for this CVE.
CVE-2026-23112
CVE-2026-23112 affects the Linux kernel nvmet-tcp implementation. The issue in nvmet_tcp_build_pdu_iovec allows walking past cmd->req.sg when a PDU length/offset exceeds sg_cnt, causing bogus sg->length/offset usage and leading to _copy_to_iter() GPF/KASAN. The fix adds guards for sg_idx, r...
CVE-2026-46155
CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...
CVE-2022-50025
CVE-2022-50025 affects the Linux kernel. It fixes a memory leak in an error path: bitmap_zalloc() allocated in afu_allocate_irqs() must be balanced with a corresponding bitmap_free() in the error handling path. The issue was resolved by correcting the memory management in the afu_allocate_irqs() ...
CVE-2022-50167
CVE-2022-50167 affects the Linux kernel’s BPF array map element access. When an array map is larger than 4GB, the element pointer calculation can overflow because index and elem_size are 32-bit. The fix forces 64-bit multiplication, extracts the formula into a separate helper, and uses it consist...
CVE-2022-50316
CVE-2022-50316 concerns orangefs: Fix kmemleak in orangefs_sysfs_init() in the Linux kernel. The issue occurs when inserting/removing the orangefs module, leaking kobjects (multiple unreferenced objects shown in the report) due to kmemleak. The description clearly states the vulnerability has bee...
CVE-2023-4515
CVE-2023-4515: Linux kernel ksmbd had command payload size checks missing for most commands (except SMB2_OPLOCK_BREAK_HE). An attacker with local access could exploit this to trigger issues due to unchecked request sizes. A fix was committed to validate command payload sizes; the SUSE advisories ...
CVE-2023-53247
CVE-2023-53247 involves the Linux kernel Btrfs code (btrfs_cont_expand path). The issue arises when a page is retrieved during btrfs_cont_expand, then marked as mapped and read; if release_folio() is called before reacquiring the page lock, release_folio() may clear the page private flag but leav...
CVE-2025-38050
CVE-2025-38050 affects the Linux kernel hugetlb memory management. A race between __update_and_free_hugetlb_folio() and replace_free_hugepage_folios() can cause folio_hstate(folio) to see a NULL pointer, leading to a kernel NULL pointer dereference and crash. The description explains the root cau...
CVE-2025-38116
In CVE-2025-38116, the Linux kernel’s ath12k wireless driver suffers a use-after-free (UAF) in the notifier chain when ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails; the notifier chain is not unregistered and its memory may be freed after rmmod, risking access to freed noti...
CVE-2025-38179
Technical details about CVE-2025-38179 (affected product/component, root cause, impact, exploitability, or patch information) are not publicly provided in the connected documents. Monitor for updates.
CVE-2025-38281
Public technical details about CVE-2025-38281 are not provided in the connected documents. The available descriptions indicate a NULL check addition in mt7996_thermal_init for Linux kernel wifi mt76 mt7996, but no further specifics.
CVE-2025-38296
CVE-2025-38296 affects the Linux kernel platform_profile driver. On non-ACPI platforms, sysfs entries were initialized during module init, requiring acpi_kobj and triggering a warning. The fix is to check that ACPI is enabled before creating the sysfs entries (platform_profile_init) to prevent in...
CVE-2025-38372
CVE-2025-38372 : The Linux kernel patch for RDMA/mlx5 implicit ODP handling fixes an unsafe xarray access by replacing __xa_store() and __xa_erase() (which were used without proper locking) with xa_store() and xa_erase(), which perform the necessary locking internally. This resolves a suspicious ...
CVE-2025-38507
In CVE-2025-38507, the Linux kernel fix addresses HID Nintendo controllers by preventing kernel stalls during bluetooth suspend/resume. The patch adds JOYCON_CTLR_STATE_SUSPENDED in nintendo_hid_suspend to avoid waiting for stalled input reports, and avoids reinitializing bluetooth Joy-Cons in ni...
CVE-2025-38544
CVE-2025-38544 : The Linux kernel’s rxrpc implementation had a bug where preallocated call IDs could collide, triggering cleanup assertions when an in-use ID was released. The fix sets the call state in rxrpc_service_prealloc_one() and marks the call as released before cleanup, preventing both as...
CVE-2025-38552
CVE-2025-38552 concerns the Linux kernel and addresses a race in MPTCP where subflow creation and subflow failure can collide. The issue arises from a race between a subflow failing and the creation of an additional subflow, which could lead to inconsistent socket state if not synchronized. The f...
CVE-2025-38577
CVE-2025-38577 : In the Linux kernel, a use-after-free in the f2fs code path can trigger during inode eviction/writeback. The provided trace shows a KASAN use-after-free in __list_del_entry_valid() while f2fs_inode_synced → f2fs_update_inode → f2fs_write_inode, culminating in a crash during check...
CVE-2025-38666
CVE-2025-38666 is a Linux kernel vulnerability in the Appletalk AARP proxy path. The issue is a use-after-free caused by a race: the aarp_proxy_network path releases aarp_lock, sleeps, re-acquires it, while a concurrent __aarp_expire_timer may remove and free the same aarp_entry, leading to a UAF...
CVE-2025-39762
CVE-2025-39762 affects the Linux kernel drm/amd/display component. The root cause was a missing null check that could lead to a null pointer dereference. The fix adds an early null check and returns false when invalid, as described in the advisory. The CVSSv3.1 base score is 5.5 (MEDIUM) with LOC...
CVE-2026-31705
The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...
CVE-2022-50147
CVE-2022-50147 refers to a Linux kernel memory policy bug: mm/mempolicy get_nodes can access the nmask array out of bounds when a user specifies more nodes than supported. The issue is resolved in the Linux kernel (patches referenced), with CVSSv3.1 base score 7.1 (HIGH), local access, low privil...
CVE-2023-53361
CVE-2023-53361 affects the Linux kernel on LoongArch where pmd_leaf() was not defined, causing a panic in ksm06 during LTP tests (Huge page pmd to pte_present). The issue is resolved by adding LoongArch-specific p?d_leaf() definitions (as per commits referenced in the CVE description). The connec...
CVE-2023-53442
Technical details about CVE-2023-53442 are not present in the provided connected documents. The SUSE/Tenable entries reference kernel fixes in general but do not disclose affected products/versions or specific exploit vectors here. Monitor for official patch specifics.
CVE-2024-57992
CVE-2024-57992 relates to the Linux kernel wi lc1000 wireless driver where a race between wiphy allocation and registration could trigger a kernel panic. The issue arises from an error path in wilc drivers (sdio and SPI) that may call wiphy_unregister on a wiphy that has not been registered, lead...
CVE-2025-38175
The CVE-2025-38175 entry concerns a use-after-free in the Linux kernel binder subsystem (binder_devices) that could occur when a binder device is released without first being removed from the binder_devices list. The Astra Linux bulletin documents the root cause in binder_remove_device within bin...
CVE-2025-38374
CVE-2025-38374 – Linux kernel (OP-TEE FF-A): The issue arises because OP-TEE’s notif_callback() for FF-A notifications was executed in an atomic context, leading to a sleep and a kernel warning. The fix is to move notification processing to a non-atomic context by using a work queue. Affected des...
CVE-2025-38388
CVE-2025-38388 concerns the Linux kernel’s ARM Firmware Framework for ARMv8-A (FFA). The issue stems from using a mutex to protect the notifier hashtable accesses, which could sleep in atomic context and trigger warnings like “sleeping function called from invalid context.” Connected documents co...
CVE-2025-38390
CVE-2025-38390 relates to the Linux kernel firmware/arm_ffa notifier callbacks. The issue arises from allocating and inserting a notifier callback node into a hashtable during registration, but during unregistration the code only removes the node from the hashtable without freeing the allocated m...
CVE-2025-38405
In CVE-2025-38405, the Linux kernel nvmet subsystem was vulnerable to a memory leak in bio integrity (bio->bi_integrity) when commands carried metadata. The root cause was that after bio_init, some users (including nvmet inline bios) did not call bio_uninit, preventing proper deallocation. The...
CVE-2025-38423
CVE-2025-38423 — Linux kernel, ASoC: codecs: wcd9375. The issue occurs in the probe path where regulator supplies are obtained with devm_regulator_bulk_get() and could be freed twice if regulator_bulk_free() is called in error paths, leading to a potential double-free situation. The published fix...
CVE-2025-38510
The CVE-2025-38510 issue in the Linux kernel is about the KASAN memory debugger. The fix removes kasan_find_vm_area() to avoid deadlocks during KASAN reporting when find_vm_area() would be called in an atomic_context. The vulnerability stemmed from a potential deadlock between kernel VM area repo...
CVE-2025-38537
CVE-2025-38537: Linux kernel vulnerability in net: phy: Don’t register LEDs for genphy. Root cause: when a PHY has no driver, the genphy driver is probed/removed via phy_attach/detach, and if the PHY node has a leds subnode, LEDs get (un)registered during genphy probe/remove, leading to a determi...
CVE-2025-38541
Summary: In the Linux kernel, the mt7925 driver (mt76 family) had a NULL pointer dereference in mt7925_thermal_init() caused when devm_kasprintf() returns NULL. The fix adds a NULL check after devm_kasprintf() to prevent the crash, addressing an issue with thermal initialization in mt7925. Affect...
CVE-2025-38583
CVE-2025-38583 affects the Linux kernel clk xilinx vcu clock provider. The issue occurs when registration of pll_post fails and the code attempts to unregister it, which can lead to a NULL pointer dereference during clk_hw_unregister calls. The fix is to unregister pll_post only if it was registe...
CVE-2025-38623
The CVE-2025-38623 entry describes a Linux kernel fix in PCI: pnv_php hotplug handling. The vulnerability stemmed from improper handling of surprise plug events, enabling a PE bridge to freeze MSI interrupt paths and leaving PHB/PE in a frozen state after removal. Consequences include stalled plu...
CVE-2025-38639
CVE-2025-38639 is a Linux kernel vulnerability in netfilter xt_nfacct where the acct name is assumed to be null-terminated, enabling a slab-out-of-bounds read via KASAN in lib/vsprintf.c and related paths (nfacct_mt_checkentry/xt_check_match). The cited advisories indicate a local attacker could ...
CVE-2025-38650
CVE-2025-38650 affects the Linux kernel hfsplus code path. The issue arises from a deadlock-prone interaction around the extents tree: the code previously invoked mutex_lock in a path leading to hfsplus_free_extents, and a commit (31651c607151) was applied to unlock the extents tree before hfsplu...
CVE-2026-23406
CVE-2026-23406 concerns the AppArmor Linux kernel module. The issue arises in the DFA matching logic used during file path checks, where the macro match_char() can evaluate its character parameter multiple times when traversing differential encoding chains. If invoked with *str++, the string poin...
CVE-2022-50269
CVE-2022-50269 affects the Linux kernel (drm/vkms). Root cause: vkms_init() allocates a config with kmalloc and may leak if vkms_create() fails, since the return value isn’t checked before exiting. Impact: local attacker could cause memory leak during vkms module initialization. The fixed descrip...
CVE-2025-38233
The CVE 2025-38233 entry describes a Linux kernel PPC64 ftrace livepatching issue where r15 is clobbered and not restored in the livepatch sequence, causing kernel faults (example trace shows an oops and bad memory access). Connected docs confirm concrete fixes: restore r15 unconditionally in the...
CVE-2025-38316
CVE-2025-38316 relates to a Linux kernel vulnerability in the wifi driver (mt76 mt7996) where mt7996_set_monitor() dereferences a phy pointer before a NULL sanity check. The fix moves the dereference to occur after the NULL check, preventing a NULL pointer dereference. The issue is tied to a loca...
CVE-2025-38402
The CVE concerns the Linux kernel IDPF driver RSS handling. The vulnerability arises when RSS is not supported: the code returns a 0 RSS key size, while a -EOPNOTSUPP path may be cast to a 32-bit size, potentially producing an invalid allocation size. This can lead to an allocation failure on sys...