14330 matches found
CVE-2025-38228
CVE-2025-38228: In the Linux kernel, a memory leak could occur in the media/imagination driver during e5010_probe(). The fix ensures memory allocated by video_device_alloc() is released if an error path is taken by adding video_device_release() in the failure handling path. This addresses leaked ...
CVE-2025-38302
Technical details about CVE-2025-38302 are not publicly provided in the connected documents. The Linux kernel fix is described at a high level; no vendor/product/version mappings or exploit details are included here. Monitor for updates from vendors/security advisories.
CVE-2025-38368
CVE-2025-38368 concerns the Linux kernel fix for a NULL dereference in the tps6594-pfsm subsystem. The issue arises in the misc: tps6594-pfsm driver where devm_kasprintf() could return NULL for pfsm->miscdev.name. The patch adds a NULL pointer check in tps6594_pfsm_probe() to prevent dereferen...
CVE-2025-38421
CVE-2025-38421 affects the Linux kernel’s amd-pmf code in platform/x86/amd, where a path that fails smart PC setup could lead to a double free of dev->buf during module removal. The root cause is a freed pointer that isn’t NULL’d, causing amd_pmf_remove() to free it again. The provided fixes c...
CVE-2025-38526
CVE-2025-38526 relates to the Linux kernel ice driver. The issue arises from missing NULL checks in eswitch lag checking: ice_lag_is_switchdev_running() may be invoked from outside the LAG event handler, causing lag->upper_netdev to be NULL and risking a NULL pointer dereference. A fix adds a ...
CVE-2025-38529
CVE-2025-38529 relates to the Linux kernel Comedi driver (aio_iiro_16) where an unchecked userspace-derived value in it->options[1] could cause a shift out of bounds or negative shift; the fix adds a bounds check on it->options[1] before evaluating the (1 <options[1]) & 0xdcfc test. Affe...
CVE-2025-38535
CVE-2025-38535 relates to the Linux kernel on Tegra XUSB where regulator disable logic became unbalanced when leaving USB_ROLE_DEVICE. The fix moves regulator control into tegra186_xusb_padctl_id_override() and disables the regulator only when transitioning from USB_ROLE_HOST to USB_ROLE_NONE aft...
CVE-2025-38552
CVE-2025-38552 concerns the Linux kernel and addresses a race in MPTCP where subflow creation and subflow failure can collide. The issue arises from a race between a subflow failing and the creation of an additional subflow, which could lead to inconsistent socket state if not synchronized. The f...
CVE-2025-38581
CVE-2025-38581 affects the Linux kernel crypto CCP driver. When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the CCP device could crash the kernel due to a NULL-dereference in debugfs setup. The connected Unity Linux/UTSA advisory notes a patch that fixes this by setting ccp_debugfs_dir to...
CVE-2025-39701
Technical details for CVE-2025-39701 are not provided in the supplied documents. Monitor official kernel advisories for affected versions, impact, and remediation, as available information in connected sources is not detailed for this CVE.
CVE-2025-39843
CVE-2025-39843 affects the Linux kernel mm/slub path. The vulnerability arises when set_track_prepare() can incur lock recursion due to waking up kswapd while holding per_cpu(hrtimer_bases)[n].lock (triggered via hrtimer_start_range_ns) under CONFIG_DEBUG_OBJECTS_TIMERS. The fix involves masking ...
CVE-2026-23247
CVE-2026-23247 is a Linux kernel TCP/TCP options issue that reintroduces port inclusion in the TS offset to mitigate an off-path TCP source port leakage via a SYN-cookie side-channel. The vulnerability is resolved by reverting a previous downgrade of timestamp offsets and performing a single siph...
CVE-2026-31754
The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...
CVE-2026-43247
CVE-2026-43247 affects the Linux kernel media driver for wave5 (chips-media). The issue causes a kernel panic triggered by an asynchronous SError interrupt when the system enters suspend mode due to an autosuspend delay timeout, leading to an unresponsive system (DoS-like impact). The vulnerabili...
CVE-2026-45892
CVE-2026-45892 affects the Linux kernel ext4 extent handling. The issue occurs when splitting an unwritten extent in the middle with EXT4_EXT_MAY_ZEROOUT and EXT4_EXT_DATA_VALID2, potentially leaving a stale unwritten extent in the extent status tree after maps are updated. The mitigation is a pa...
CVE-2026-46115
In the Linux kernel block subsystem, CVE-2026-46115 was addressed by adding a check so that zone_device_pages_have_same_pgmap() prevents merging bvec segments that span different dev_pagemaps in biovec_phys_mergeable. Root cause: biovec_phys_mergeable() did not verify that two physically contiguo...
CVE-2026-46173
CVE-2026-46173 concerns the Linux kernel. The issue arises when an already-exiting task oopses and make_task_dead() calls do_task_dead() with preemption enabled, while __schedule() must be called with preemption disabled. If a preempted oopsing task is still in the dead-state, finish_task_switch(...
CVE-2026-46294
CVE-2026-46294 affects the Linux kernel device-mapper (dm-ioctl) in the retrieve_status path. A buffer-overflow could occur after aligning a pointer to an 8-byte boundary if the remaining length calculation wraps past the output buffer, potentially allowing writes beyond the buffer. The advisory ...
CVE-2006-3634
The CVE-2006-3634 entry describes a vulnerability in Linux kernel 2.6.17-rc4 through 2.6.18-rc2 where two futex helper functions, __futex_atomic_op and futex_atomic_cmpxchg_inatomic, perform the atomic futex operation in kernel address space instead of user space. This misplacement can allow a lo...
CVE-2016-8469
CVE-2016-8469 is an information-disclosure vulnerability in the Android camera driver affecting Kernel-3.10-based Android devices. The issue could allow a local malicious app to access data outside its permission levels by exploiting a privileged-process assumption; impact is data disclosure with...
CVE-2022-50025
CVE-2022-50025 affects the Linux kernel. It fixes a memory leak in an error path: bitmap_zalloc() allocated in afu_allocate_irqs() must be balanced with a corresponding bitmap_free() in the error handling path. The issue was resolved by correcting the memory management in the afu_allocate_irqs() ...
CVE-2022-50230
In the Linux kernel (arm64), the idmap access problem occurred on systems implementing FEAT_EPAN where UXN was not set on swapper page tables, causing idmap_kpti_install_ng_mappings to panic when accessing __idmap_kpti_flag. The issue was fixed upstream by applying UXN to the swapper PTEs as part...
CVE-2023-4515
CVE-2023-4515: Linux kernel ksmbd had command payload size checks missing for most commands (except SMB2_OPLOCK_BREAK_HE). An attacker with local access could exploit this to trigger issues due to unchecked request sizes. A fix was committed to validate command payload sizes; the SUSE advisories ...
CVE-2025-38130
Technical details for CVE-2025-38130 are not publicly provided in the connected documents. The materials only reiterate a kernel HDMI audio callback fix; monitor official advisories and patches for affected kernels and platforms.
CVE-2025-38314
CVE-2025-38314 affects the Linux kernel’s virtio-pci admin command path. The issue was that virtio_pci_admin_dev_parts_get() reported a result size 8 bytes larger than the actual data because result_sg_size was filled with virtqueue_get_buf() length (data + 8 bytes status). The oversized size cou...
CVE-2025-38318
CVE-2025-38318: In the Linux kernel, the perf/arm-ni driver missed a call path, missing platform_set_drvdata() in arm_ni_probe(), which caused platform_get_drvdata() to return NULL in remove. The SUSE advisory and OpenVAS references confirm this specific fix was applied to address the arm-ni PMU,...
CVE-2025-38329
CVE-2025-38329 – Linux kernel: firmware: cs_dsp: fixes OOB memory read in KUnit test (wmfw info). KASAN reported out-of-bounds access in cs_dsp_mock_wmfw_add_info() where source string length was rounded up to the allocation size. Impact: local attacker with LOW privileges; confidentiality and av...
CVE-2025-38423
CVE-2025-38423 — Linux kernel, ASoC: codecs: wcd9375. The issue occurs in the probe path where regulator supplies are obtained with devm_regulator_bulk_get() and could be freed twice if regulator_bulk_free() is called in error paths, leading to a potential double-free situation. The published fix...
CVE-2025-38454
CVE-2025-38454: In the Linux kernel, ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp(); switches to pr_warn() when 'pdev' is NULL to avoid NULL pointer dereference. The description indicates the fix is kernel-side and targets the ad1816A soundcard driver; no details on aff...
CVE-2025-38506
CVE-2025-38506 : In Linux, KVM can reschedule CPU while setting per-page memory attributes for SEV-SNP guests with very large memory (1TB+), causing host CPU soft lockups during kvm_vm_set_mem_attributes(). The issue arises while looping over guest memory attributes and invoking cond_resched() to...
CVE-2025-38532
CVE-2025-38532 affects the Linux kernel libwx RX path. When a device reset occurs due to feature changes (e.g., RX VLAN offload toggles), the hardware descriptor ring may retain stale values, leading to malformed SKBs if length handling isn’t reset. The patch fixes the reset sequence by ensuring ...
CVE-2025-38542
CVE-2025-38542 affects the Linux kernel net: appletalk path atrtr_create. A device refcount leak occurred when updating an existing route entry: the old device reference was not released before assigning the new device. The fix releases the previous reference with dev_put() before taking the new ...
CVE-2025-38568
In the Linux kernel, net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568). The TCA_MQPRIO_TC_ENTRY_INDEX policy allowed up to TC_QOPT_MAX_QUEUE (16), causing a 4-byte out-of-bounds write in the fp[] stack array. The fix changes the policy to allow only up to TC_QO...
CVE-2025-38587
CVE-2025-38587 affects the Linux kernel IPv6 code: fib6_info_uses_dev() may loop indefinitely due to relying on RCU without explicit protection, risking an infinite loop if anchors are removed by fib6_del_route() or fib6_add_rt2node(). The vulnerability has been resolved in the kernel; advisories...
CVE-2025-39702
CVE-2025-39702 affects the Linux kernel IPv6 source routing path (ipv6 sr) where MAC comparison was not constant-time, exposing potential timing attacks. The vulnerability is confirmed resolved in the kernel and is documented across multiple advisories (e.g., Debian LTS, Amazon Linux ALAS/* advis...
CVE-2025-39762
CVE-2025-39762 affects the Linux kernel drm/amd/display component. The root cause was a missing null check that could lead to a null pointer dereference. The fix adds an early null check and returns false when invalid, as described in the advisory. The CVSSv3.1 base score is 5.5 (MEDIUM) with LOC...
CVE-2025-39823
CVE-2025-39823 is a Linux kernel KVM/CPU virtualization vulnerability affecting x86 where indices from the guest (min, dest_id) were used with array_index_nospec after bounds checks. The issue enables speculative execution side-channel leakage affecting confidentiality, integrity, and availabilit...
CVE-2025-39913
CVE-2025-39913 is a Linux kernel vulnerability related to tcp_bpf: when tcp_bpf_send_verdict() fails to allocate psock->cork, the code previously could proceed silently. The patch ensures sk_msg_free() is called if the cork allocation fails and that the copied count is set to 0, preventing cor...
CVE-2026-23207
CVE-2026-23207 concerns the Linux kernel SPI Tegra210 quad driver. The issue arose because curr_xfer accesses were not consistently protected by the lock in the IRQ thread path, enabling a race against the timeout path where curr_xfer could be NULL after being cleared but still dereferenced in ha...
CVE-2026-23274
CVE-2026-23274 : In the Linux kernel, a bug in netfilter xt_IDLETIMER allows rev0 rules to reuse timers labeled as ALARM if a prior timer exists. This can cause mod_timer() to run on an uninitialized timer_list, triggering debug warnings and potentially a panic when panic_on_warn=1. The fix rejec...
CVE-2026-46174
In CVE-2026-46174, the Linux kernel vulnerability affects x86/CPU/AMD Zen2 by allowing improper isolation of shared resources in the Zen2 op cache, potentially leading to instruction corruption. The issue has been resolved in the Linux kernel, with Debian and Root packaging advisories noting fixe...
CVE-2026-46177
The CVE-2026-46177 issue affects the Linux kernel IPMI driver. It describes a vulnerability where the driver could continuously fetch events and receive messages from the BMC (or become stuck) due to the BMC not signaling completion or the attn bit getting stuck. The documented fix limits event/m...
CVE-2016-10295
An information disclosure vulnerability in the Qualcomm LED driver (CVE-2016-10295) could allow a local malicious Android app to access data outside its permission levels. Affected product: Android; Kernel version: 3.18. Android ID: A-33781694. The issue is rated Moderate because exploitation req...
CVE-2016-6778
CVE-2016-6778 is an Elevation of Privilege affecting the Android kernel path via the HTC sound codec driver. The vulnerability could let a local malicious application execute arbitrary kernel code, requiring initial compromise of a privileged process before exploitation. Affected stack: Android o...
CVE-2022-50269
CVE-2022-50269 affects the Linux kernel (drm/vkms). Root cause: vkms_init() allocates a config with kmalloc and may leak if vkms_create() fails, since the return value isn’t checked before exiting. Impact: local attacker could cause memory leak during vkms module initialization. The fixed descrip...
CVE-2022-50316
CVE-2022-50316 concerns orangefs: Fix kmemleak in orangefs_sysfs_init() in the Linux kernel. The issue occurs when inserting/removing the orangefs module, leaking kobjects (multiple unreferenced objects shown in the report) due to kmemleak. The description clearly states the vulnerability has bee...
CVE-2023-53218
The CVE-2023-53218 entry concerns the Linux kernel rxrpc path. A call created by sendmsg() could be aborted only after a connection assignment, but interrupted scheduling could cause subsequent sendmsg() calls to fail with EBUSY until an assignment occurs. The fix ensures that such a waiting rxrp...
CVE-2023-53247
CVE-2023-53247 involves the Linux kernel Btrfs code (btrfs_cont_expand path). The issue arises when a page is retrieved during btrfs_cont_expand, then marked as mapped and read; if release_folio() is called before reacquiring the page lock, release_folio() may clear the page private flag but leav...
CVE-2023-53361
CVE-2023-53361 affects the Linux kernel on LoongArch where pmd_leaf() was not defined, causing a panic in ksm06 during LTP tests (Huge page pmd to pte_present). The issue is resolved by adding LoongArch-specific p?d_leaf() definitions (as per commits referenced in the CVE description). The connec...
CVE-2023-53442
Technical details about CVE-2023-53442 are not present in the provided connected documents. The SUSE/Tenable entries reference kernel fixes in general but do not disclose affected products/versions or specific exploit vectors here. Monitor for official patch specifics.