CVE-2025-38484

Technical details about CVE-2025-38484 are not provided in the supplied connected documents. The references list the CVE but do not describe affected components, impact, or fixes. Monitor vendor advisories for public details and remediation.

CVE-2025-38511

CVE-2025-38511 concerns a Linux kernel vulnerability in drm/xe/pf where LMEM (LMEM buffer objects) were not cleared by default on allocation, creating a risk that unused LMTT PTEs could point to other VF or PF pages. The patch clears all new LMTT pages on allocation to prevent a malicious VF from...

CVE-2025-38576

CVE-2025-38576 affects the Linux kernel PowerPC EEH hotplug path. Root cause: race conditions between the PCIe hotplug driver and the EEH driver can yield kernel oops during unplug/recovery cycles and bus disappearance. Resolution: refactor the EEH module to be PCI rescan and remove safe, with cl...

CVE-2025-38579

CVE-2025-38579 affects the Linux kernel F2FS: KMSAN reported use of uninitialized values in __is_extent_mergeable() and __is_back_mergeable() through the read extent tree path. Root cause: get_read_extent_info() only initializes three fields (fofs, blk, len) of struct extent_info, leaving others ...

CVE-2025-38616

CVE-2025-38616 (Linux kernel TLS ULP issue) affects the kernel TLS path handling data that may disappear from under the TLS ULP when the socket reader predated TLS installation or uses non-standard read APIs. The bug could lead to an out-of-bounds read or TLS state corruption if data is partially...

CVE-2025-38663

CVE-2025-38617 (nilfs2 issue) : In the Linux kernel, a vulnerability was fixed in the NILFS2 file system related to reading inodes from a block device. The root cause was a missing sanity check for the inode file type; if an inode with an invalid file type is encountered, the kernel now treats it...

CVE-2025-38668

CVE-2025-38668: In the Linux kernel regulator core, a NULL pointer dereference can occur on unbind if coupling data is stale because coupling_desc.n_coupled is not reset after freeing coupled_rdevs. This can affect runtime PM and other regulator operations that rely on coupling metadata, potentia...

CVE-2025-38691

Technical details about CVE-2025-38691 are not publicly provided in the supplied connected documents. Monitor vendor advisories (Debian, Mageia, Amazon Linux) for patches and mitigations and update accordingly.

CVE-2025-39823

CVE-2025-39823 is a Linux kernel KVM/CPU virtualization vulnerability affecting x86 where indices from the guest (min, dest_id) were used with array_index_nospec after bounds checks. The issue enables speculative execution side-channel leakage affecting confidentiality, integrity, and availabilit...

CVE-2025-39913

CVE-2025-39913 is a Linux kernel vulnerability related to tcp_bpf: when tcp_bpf_send_verdict() fails to allocate psock->cork, the code previously could proceed silently. The patch ensures sk_msg_free() is called if the cork allocation fails and that the copied count is set to 0, preventing cor...

CVE-2026-23003

CVE-2026-23003 : In the Linux kernel’s IPv6 tunnel receive path (ip6_tunnel, __ip6_tnl_rcv), VLAN encapsulations were not handled correctly due to a failed VLAN-aware pull in the decapsulation path. The fix substitutes skb_vlan_inet_prepare() for pskb_inet_may_pull() to properly accommodate VLAN-...

CVE-2026-23406

CVE-2026-23406 concerns the AppArmor Linux kernel module. The issue arises in the DFA matching logic used during file path checks, where the macro match_char() can evaluate its character parameter multiple times when traversing differential encoding chains. If invoked with *str++, the string poin...

CVE-2026-43038

CVE-2026-43038 affects the Linux kernel IPv6 ICMP error path. A forged IPv4 ICMP error with CIPSO options could cause ip6_err_gen_icmpv6_unreach() to misinterpret an inner IPv4 inet_skb_parm as an IPv6 parameter, allowing an offset misreference (dsthao) that could enable out-of-bounds or memory a...

CVE-2026-46241

CVE-2026-46241 concerns the SPI driver for the MPC52xx in the Linux kernel, where a use-after-free can occur if controller registration fails because interrupts are not properly disabled and freed. The issue is resolved by a fix that ensures interrupts are disabled and resources freed on registra...

CVE-2022-49967

CVE-2022-49967 is a Linux kernel data-race vulnerability in the bpf_jit_limit variable. The issue arises when bpf_jit_limit is read while it can be concurrently updated via sysctl, risking load-tearing due to the long size of the value. The fix adds a paired READ_ONCE() alongside WRITE_ONCE() in ...

CVE-2022-50373

The CVE-2022-50373 entry describes a race in the Linux kernel's DLM lowcomms path: in fs/dlm, between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The race can allow the final reference of a dlm_msg to be taken by queue_work(), causing msg->idx to contain garbage. A patch...

CVE-2023-53419

CVE-2023-53419 : Linux kernel fix for a NULL-pointer dereference in PREEMPT_RT RCU code. The vulnerability arises when CPU2 reads rnp->exp_tasks without holding rnp->lock while CPU1 may update rnp->exp_tasks to NULL, leading to a dereference of a NULL pointer. The documented fix is to ho...

CVE-2025-38235

CVE-2025-38235: Linux kernel fix for appletb_kbd backlight reference counting leak. backlight_device_get_by_name increments ref count for android backlight named "appletb_backlight" and it is not released, causing a reference leak. The fix decrements the reference count on removal via put_device ...

CVE-2025-38521

CVE-2025-38521 affects the Linux kernel DRM/imagination driver. The vulnerability stems from using pm_runtime_force_suspend() followed by pm_runtime_force_resume() during GPU hard reset, which can fail to resume the device if internal runtime PM state is not as expected, leaving GPU clocks disabl...

CVE-2025-38523

The CVE-2025-38523 issue affects the Linux kernel CIFS client/server path (smbd_recv/smbd_readv) where data copied from the smbd_response slab via copy_to_iter() could trigger kernel memory exposure when CONFIG_HARDENED_USERCOPY is enabled. The root cause is that the smbd_response slab’s packet f...

CVE-2025-38530

CVE-2025-38530 relates to the Linux kernel’s Comedi pcl812 code. The vulnerability arises from a test that shifts a constant with a user-supplied option: (1 <options[1]) & board->irq_bits. Since it->options[1] is unchecked from userspace, the shift amount can be negative or out of bounds...

CVE-2025-38624

CVE-2025-38624 : In the Linux kernel, the pnv_php PCI driver leaked IRQ resources for child bridges during hot unplug of a nested PCIe bridge root, causing a kernel panic. The fix walks all child buses to deallocate IRQ resources before removing devices, and extends the workqueue lifetime to stay...

CVE-2025-38727

Linux kernel vulnerability CVE-2025-38727 affects netlink in the Linux kernel. A bug in netlink_attachskb() may cause an infinite retry loop when memory checks for skb->truesize against sk_rcvbuf are inconclusive (rmem + skb->truesize > sk_rcvbuf), potentially triggering an rcu_sched sta...

CVE-2025-39716

CVE-2025-39716 affects the Linux kernel (parisc) and describes a read-access checking issue in __get_user(). Because read access support was only triggered at privilege levels 2/3, the kernel ran at ring 0 and failed to raise a read-access fault (code 26). The fix probes read access rights at pri...

CVE-2026-22976

CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...

CVE-2022-50009

CVE-2022-50009 corresponds to a Linux kernel vulnerability in f2fs → fixed null-ptr-deref in f2fs_get_dnode_of_data during atomic write. The provided data describe a scenario where f2fs_do_write_data_page writes a cow_inode (for atomic writes) and ends up dereferencing a NULL cow_inode, triggerin...

CVE-2022-50090

CVE-2022-50090 relates to the Linux kernel/Btrfs: it replaces the hard-coded limit BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size. On zoned filesystems, data writes are limited by max_zone_append_size, and a large ordered extent can trigger more extents than expected, causing the estimato...

CVE-2024-57983

The CVE-2024-57983 issue concerns the Linux kernel mailbox support (th1520) for ICU0. The vulnerability arose from an incorrectly sized array used to save and restore interrupt mask registers, leading to memory corruption when accessing all four registers during suspend and resume. The connected ...

CVE-2025-38032

The CVE pertains to the Linux kernel (CVE-2025-38032) where a splat was reported in the ipmr netns cleanup path due to ipmr_can_free_table() checks in net/ipv4/ipmr.c. The issue was addressed by consolidating the relevant sanity check in a single helper and reusing it for both IPv4 and IPv6 code ...

CVE-2025-38121

The CVE-2025-38121 entry describes a Linux kernel issue in the wifi: iwlwifi: mld path. When an error occurs during init, in_hw_restart is set but never cleared, causing the code to retry init as if in a restart while not actually in one. This can lead to a NULL pointer dereference during cancell...

CVE-2025-38254

The CVE-2025-38254 issue is in the Linux kernel (drm/amd/display) where drm_edid_raw() could return NULL or oversized EDID bytes, risking an Oops or memory corruption. The fix adds sanity checks for drm_edid_raw() and returns EDID_BAD_INPUT in those corner cases. It is related to EDID handling wh...

CVE-2025-38325

The CVE-2025-38325 entry covers a Linux kernel issue in the ksmbd subsystem. The vulnerability arises because the free_transport function for a TCP connection could be invoked via the smbdirect path, potentially triggering a kernel oops. The published patch adds free_transport ops to the ksmbd co...

CVE-2025-38434

Technical details for CVE-2025-38434 are not publicly provided in the connected documents. The sources do not specify affected products/versions, root cause, impact, or remediation; monitor for updates.

CVE-2025-38450

CVE-2025-38450: Linux kernel fix for MT7925 decap offload NULL pointer dereference. A NULL check for msta->vif (and readiness of wcid.sta) prevents dereferencing before station init completes, avoiding kernel panic in AP mode. Affects MT7925 wireless path in Linux kernel; remediation is the up...

CVE-2025-38551

Technical details about CVE-2025-38551 are not publicly provided in the supplied connected documents. Monitor for updates.

CVE-2025-38586

In the ARM64 Linux kernel, the BPF JIT for a program acting as an exception boundary does not call find_used_callee_regs, so the frame pointer (FP) is not marked as used and FP is not set up in the prologue, risking a pagefault crash. The fix sets ctx->fp_used = true for exception-boundary pro...

CVE-2025-38605

CVE-2025-38605 affects the Linux kernel’s wifi/ath12k driver. In ath12k_dp_tx_get_encap_type(), arvif may be NULL during vdev delete, risking a kernel panic. The fix passes the valid ab pointer directly from the caller to avoid dereferencing arvif. Affected reference points to ath12k_dp_tx and re...

CVE-2025-38643

CVE-2025-38643 affects the Linux kernel wifi stack (cfg80211). The root cause is a missing lock in cfg80211_check_and_end_cac(), while callers of wdev_chandef() are expected to hold the wiphy mutex; however the worker cfg80211_propagate_cac_done_wk() does not acquire it. This can trigger a warnin...

CVE-2025-38646

CVE-2025-38646 exploits a NULL pointer dereference in the Linux kernel’s wifi driver rtW89 during RX processing for packets on an unsupported 6 GHz band. The vulnerability occurs when a problematic RX report makes software think a packet arrived on 6 GHz even though the chip does not support it, ...

CVE-2025-38664

The CVE-2025-38664 entry is a Linux kernel issue affecting the ice driver: a null pointer dereference in ice_copy_and_init_pkg() could occur if devm_kmemdup() returns NULL. The advisory notes a fix by adding a NULL check for the return value of devm_kmemdup() to prevent the dereference, with the ...

CVE-2025-38724

CVE-2025-38724: Linux kernel NFS server (nfsd) had a race in nfsd4_setclientid_confirm() where it did not check get_client_locked() return, risking reference loss and a potential use-after-free. A fix obtains a reference early when a confirmed client exists, and handles failure as if no confirmed...

CVE-2025-39795

CVE-2025-39795 involves a kernel block layer (blk_stack_limits) overflow where chunk_sectors could exceed an unsigned int when interpreted in bytes. The concrete fix, documented in multiple advisories (e.g., Ubuntu USN entries and Oracle/Linux ELSA/DLA), changes the validation to operate on secto...

CVE-2025-39828

Summary (CVE-2025-39828) : In the Linux kernel’s ATM subsystem, the atmtcp_recv_control path allowed an in-kernel pointer (kptr) in a control message to be overwritten via an unvalidated sendmsg path. This enables an arbitrary-write condition through a crafted atmtcp_control message, exploitable ...

CVE-2025-39843

CVE-2025-39843 affects the Linux kernel mm/slub path. The vulnerability arises when set_track_prepare() can incur lock recursion due to waking up kswapd while holding per_cpu(hrtimer_bases)[n].lock (triggered via hrtimer_start_range_ns) under CONFIG_DEBUG_OBJECTS_TIMERS. The fix involves masking ...

CVE-2025-39866

CVE-2025-39866 concerns a use-after-free in the Linux kernel’s fs writeback path, specifically __mark_inode_dirty() when the inode’s wb switching occurs. The root cause is a race during switching inode_writeback backends (wb) which can lead to use-after-free via wb_wakeup_delayed() accessing a fr...

CVE-2026-46215

The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...

CVE-2026-46259

In the Linux kernel procfs path do_task_stat() reading /proc/[pid]/stat, task->real_parent is accessed without proper RCU protection, enabling a potential Use-After-Free when another task is released. The fix switches from task_tgid_nr_ns() to task_ppid_nr_ns() to add proper RCU protection for...

CVE-2022-50163

CVE-2022-50163 concerns a Linux kernel fix for ax25: fix incorrect dev_tracker usage. The root cause was that an ax25_dev could be used by one or more ax25_cb structures, requiring separate dev_tracker per ax25_cb. The patch introduces per-structure tracking to prevent reference tracker mismanage...

CVE-2022-50361

Summary: CVE-2022-50361 concerns the Linux kernel wilc1000 module. In wilc_netdev_ifc_init(), an unregister_netdev() path is missing in the error handling path. The fault report shows a kernel BUG at net/core/dev.c with an invalid opcode when alloc_ordered_workqueue() fails. The root issue is tha...

CVE-2025-38379

CVE-2025-38379 affects the Linux kernel SMB/CIFS client during channel reconnect in smb2_reconnect_server(). A dummy tcon passed to smb2_reconnect() had an uninitialized ->query_interface, causing queue_delayed_work() to be invoked on an incorrect tcon and triggering a kernel warning (seen in ...