Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/07/10 7:41 a.m.44 views

CVE-2025-38281

Public technical details about CVE-2025-38281 are not provided in the connected documents. The available descriptions indicate a NULL check addition in mt7996_thermal_init for Linux kernel wifi mt76 mt7996, but no further specifics.

5.5CVSS6.4AI score0.00137EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.44 views

CVE-2025-38316

CVE-2025-38316 relates to a Linux kernel vulnerability in the wifi driver (mt76 mt7996) where mt7996_set_monitor() dereferences a phy pointer before a NULL sanity check. The fix moves the dereference to occur after the NULL check, preventing a NULL pointer dereference. The issue is tied to a loca...

5.5CVSS6.5AI score0.00127EPSS
CVE
CVE
added 2025/08/16 10:55 a.m.44 views

CVE-2025-38520

In CVE-2025-38520, the Linux kernel’s DRM/AMDKFD path could deadlock during MMU notifier callbacks when a process exits, potentially leaking VRAM. The root cause was calling mmput from the MMU notifier callback, risking release of the mm struct and exit_mmap/free_pgtable. The fix takes a non-zero...

5.5CVSS6.5AI score0.00107EPSS
CVE
CVE
added 2025/08/16 11:12 a.m.44 views

CVE-2025-38533

CVE-2025-38533 : In the Linux kernel, the net: libwx path fixed a DMA bug in the Rx buffer handling. The wx_rx_buffer structure had two DMA address fields, dma and page_dma ; only page_dma was initialized/used, while dma could remain uninitialized and be used in some paths. This could lead to und...

7.8CVSS6.7AI score0.00138EPSS
CVE
CVE
added 2025/08/16 11:22 a.m.44 views

CVE-2025-38544

CVE-2025-38544 : The Linux kernel’s rxrpc implementation had a bug where preallocated call IDs could collide, triggering cleanup assertions when an in-use ID was released. The fix sets the call state in rxrpc_service_prealloc_one() and marks the call as released before cleanup, preventing both as...

5.5CVSS6.7AI score0.00135EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.44 views

CVE-2025-38569

CVE-2025-38569 (Linux kernel benet) arises from a bug in the be2net SR-IOV VF MAC address configuration flow where be_cmd_set_mac_list() calls dma_free_coherent() while still under spin_lock_bh, leading to a kernel crash (BUG at mm/vmalloc.c and OOPs) when SR-IOV VFs are created. The linked advis...

5.5CVSS7.1AI score0.0016EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.44 views

CVE-2025-38623

The CVE-2025-38623 entry describes a Linux kernel fix in PCI: pnv_php hotplug handling. The vulnerability stemmed from improper handling of surprise plug events, enabling a PE bridge to freeze MSI interrupt paths and leaving PHB/PE in a frozen state after removal. Consequences include stalled plu...

5.5CVSS6.7AI score0.00149EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.44 views

CVE-2025-38630

CVE-2025-38630 involves the Linux kernel fbdev imxfb driver. The issue arises when fb_add_videomode() returns -ENOMEM from internal kmalloc(), leaving the modelist empty but the driver still registers, risking a null pointer dereference. The patch adds a check on the return value to prevent this,...

5.5CVSS6.5AI score0.00153EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.44 views

CVE-2025-38665

CVE-2025-38665 (Linux kernel CAN): A NULL pointer dereference in netlink can_changelink() when restarting a CAN device, due to missing can_priv::do_set_mode callback. Two code paths call this callback: manual restart via can_changelink() and delayed automatic restart after bus off. The fix preven...

5.5CVSS6.8AI score0.00136EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.44 views

CVE-2025-38666

CVE-2025-38666 is a Linux kernel vulnerability in the Appletalk AARP proxy path. The issue is a use-after-free caused by a race: the aarp_proxy_network path releases aarp_lock, sleeps, re-acquires it, while a concurrent __aarp_expire_timer may remove and free the same aarp_entry, leading to a UAF...

7.8CVSS6.5AI score0.00151EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.44 views

CVE-2025-38668

CVE-2025-38668: In the Linux kernel regulator core, a NULL pointer dereference can occur on unbind if coupling data is stale because coupling_desc.n_coupled is not reset after freeing coupled_rdevs. This can affect runtime PM and other regulator operations that rely on coupling metadata, potentia...

5.5CVSS6.5AI score0.00148EPSS
CVE
CVE
added 2026/01/14 3:6 p.m.44 views

CVE-2025-71120

CVE-2025-71120 (Linux kernel) involves SUNRPC: svcauth_gss handling of a zero-length gss_token, which can dereference NULL when copying. The vulnerability occurs because code unconditionally dereferenced in_token->pages[0] during the initial memcpy, even if the copy length is 0. The fix guards...

5.5CVSS6.3AI score0.0016EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.44 views

CVE-2026-23152

Technical details for CVE-2026-23152 are not publicly provided in the supplied connected docs. The materials only note patching/release status in OSV/SUSE advisories; no specifics on affected components, exploitability, or fixes are included here.

5.5CVSS5.3AI score0.001EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.44 views

CVE-2026-43226

The CVE-2026-43226 issue affects the Linux kernel Reliable Datagram Sockets (RDS). A state-machine bug allowed an RDS_CONN_ERROR to bypass the proper shutdown path via a shortcut through RDS_CONN_CONNECTING, created by RDS/TCP multipath changes. This could leave a connection stuck in shutdown-que...

7.5CVSS5.8AI score0.00523EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.44 views

CVE-2026-46119

CVE-2026-46119 affects the Linux kernel libceph component. The flaw is a slab-out-of-bounds access in auth message processing: if CEPH_MSG_AUTH_REPLY carries a positive result, it is misinterpreted as an error code and later as the size of the front segment, causing out-of-bounds reads. The fix t...

9.1CVSS6AI score0.00525EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.44 views

CVE-2026-46218

The vulnerability CVE-2026-46218 affects the Linux kernel DRM AMDGPU driver. The issue is in ib_get_value/ib_set_value where the uvd/vce/vcn code accessed the Instruction Buffer (IB) at predefined offsets without verifying the IB size, enabling out-of-bounds reads/writes. The root cause is missin...

7.1CVSS6AI score0.00131EPSS
CVE
CVE
added 2026/06/08 2:30 p.m.44 views

CVE-2026-46274

CVE-2026-46274 (Linux kernel, io_wq) has concrete details: a bug in io_wq_remove_pending() allowed a non-hashed predecessor to be treated as hashed, causing a stale pointer in wq->hash_tail[] to persist and be dereferenced by future hashed bucket-0 enqueues. The root cause is that io_get_work_...

7.8CVSS5.4AI score0.00138EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.44 views

CVE-2026-46301

CVE-2026-46301 affects the Linux kernel SPI driver for topcliff-pch. The issue is a use-after-free on unbind caused by not flushing the driver queue before freeing DMA buffers. A patch fixes this by ensuring the queue is flushed prior to DMA buffer release. The NVD entry lists a High impact (CVSS...

7.8CVSS5.4AI score0.00117EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.44 views

CVE-2026-46306

CVE-2026-46306 — Linux kernel PPPoE PFC flow-dissector fix The vulnerability affects the Linux kernel flow dissector for PPPoE when handling Protocol Field Compression (PFC) frames. A compressed 1-byte Protocol Field can shift the PPP payload by one byte, causing a 4-byte misalignment in the netw...

7.5CVSS5.4AI score0.00389EPSS
CVE
CVE
added 2007/12/18 8:0 p.m.43 views

CVE-2007-6434

CVE-2007-6434 affects Linux kernel 2.6.23. A local attacker can create low pages in virtual userspace memory and bypass mmap_min_addr protection by supplying a crafted executable that calls do_brk. This is a local-attack scenario with partial impact on availability as per CVSS 2.0 (low base score...

2.1CVSS6.1AI score0.00439EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.43 views

CVE-2016-8408

CVE-2016-8408 describes a local information-disclosure vulnerability in the NVIDIA video driver on Android (Kernel-3.10). The issue could allow a local malicious application to access data outside its permission levels, and is rated Moderate because exploitation requires compromising a privileged...

4.7CVSS4.4AI score0.00881EPSS
CVE
CVE
added 2025/06/18 11:0 a.m.43 views

CVE-2022-49967

CVE-2022-49967 is a Linux kernel data-race vulnerability in the bpf_jit_limit variable. The issue arises when bpf_jit_limit is read while it can be concurrently updated via sysctl, risking load-tearing due to the long size of the value. The fix adds a paired READ_ONCE() alongside WRITE_ONCE() in ...

4.7CVSS6.4AI score0.00123EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.43 views

CVE-2022-50167

CVE-2022-50167 affects the Linux kernel’s BPF array map element access. When an array map is larger than 4GB, the element pointer calculation can overflow because index and elem_size are 32-bit. The fix forces 64-bit multiplication, extracts the formula into a separate helper, and uses it consist...

5.5CVSS6.8AI score0.00205EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.43 views

CVE-2023-53377

Technical details for CVE-2023-53377 are not publicly provided in the supplied Connected documents. The materials only show the vulnerability description without explicit affected products/versions or remediation specifics. Monitor for official disclosures.

7.8CVSS6.1AI score0.00138EPSS
CVE
CVE
added 2025/10/01 11:46 a.m.43 views

CVE-2023-53531

Technical details for CVE-2023-53531 are not publicly available in the provided connected documents. The materials reference Linux kernel patch notes but do not disclose product/version, exploit vectors, impact, or remediation specifics.

5.5CVSS6AI score0.00134EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.43 views

CVE-2025-38116

In CVE-2025-38116, the Linux kernel’s ath12k wireless driver suffers a use-after-free (UAF) in the notifier chain when ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails; the notifier chain is not unregistered and its memory may be freed after rmmod, risking access to freed noti...

7.8CVSS7.2AI score0.00156EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.43 views

CVE-2025-38179

Technical details about CVE-2025-38179 (affected product/component, root cause, impact, exploitability, or patch information) are not publicly provided in the connected documents. Monitor for updates.

7.8CVSS6.8AI score0.00153EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.43 views

CVE-2025-38233

The CVE 2025-38233 entry describes a Linux kernel PPC64 ftrace livepatching issue where r15 is clobbered and not restored in the livepatch sequence, causing kernel faults (example trace shows an oops and bad memory access). Connected docs confirm concrete fixes: restore r15 unconditionally in the...

7.8CVSS6.4AI score0.00135EPSS
CVE
CVE
added 2025/07/09 10:42 a.m.43 views

CVE-2025-38253

CVE-2025-38253 affects the Linux kernel HID driver for Wacom devices. The issue arises when wacom_remove() does not cancel the pending delayed work aes_battery_work, which can cause hard crashes or general protection faults when aes_battery_work runs after device removal (e.g., after resume from ...

5.5CVSS6.5AI score0.00136EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.43 views

CVE-2025-38294

The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...

5.5CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.43 views

CVE-2025-38341

CVE-2025-38341 pertains to the Linux kernel fbnic driver. The issue is described as a double-free scenario when DMA-mapping a FW message fails within fbnic_mbx_map_msg(), with the documented behavior that the caller retains ownership of the message on error and the page is freed by existing calle...

7.8CVSS6.6AI score0.00151EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.43 views

CVE-2025-38388

CVE-2025-38388 concerns the Linux kernel’s ARM Firmware Framework for ARMv8-A (FFA). The issue stems from using a mutex to protect the notifier hashtable accesses, which could sleep in atomic context and trigger warnings like “sleeping function called from invalid context.” Connected documents co...

5.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2025/08/16 10:54 a.m.43 views

CVE-2025-38507

In CVE-2025-38507, the Linux kernel fix addresses HID Nintendo controllers by preventing kernel stalls during bluetooth suspend/resume. The patch adds JOYCON_CTLR_STATE_SUSPENDED in nintendo_hid_suspend to avoid waiting for stalled input reports, and avoids reinitializing bluetooth Joy-Cons in ni...

5.5CVSS6.5AI score0.00135EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.43 views

CVE-2025-38577

CVE-2025-38577 : In the Linux kernel, a use-after-free in the f2fs code path can trigger during inode eviction/writeback. The provided trace shows a KASAN use-after-free in __list_del_entry_valid() while f2fs_inode_synced → f2fs_update_inode → f2fs_write_inode, culminating in a crash during check...

5.5CVSS7.1AI score0.00161EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.43 views

CVE-2025-38579

CVE-2025-38579 affects the Linux kernel F2FS: KMSAN reported use of uninitialized values in __is_extent_mergeable() and __is_back_mergeable() through the read extent tree path. Root cause: get_read_extent_info() only initializes three fields (fofs, blk, len) of struct extent_info, leaving others ...

7.8CVSS7AI score0.00153EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.43 views

CVE-2025-38586

In the ARM64 Linux kernel, the BPF JIT for a program acting as an exception boundary does not call find_used_callee_regs, so the frame pointer (FP) is not marked as used and FP is not set up in the prologue, risking a pagefault crash. The fix sets ctx->fp_used = true for exception-boundary pro...

5.5CVSS7AI score0.00145EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.43 views

CVE-2025-38609

CVE-2025-38609 is a Linux kernel vulnerability in the PM/devfreq subsystem where code could dereference governor->name if governor is NULL. The fix, implemented by moving the NULL check before accessing governor->name, updates the handling of the governor to prevent a null pointer exception...

5.5CVSS7.1AI score0.00146EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.43 views

CVE-2025-38639

CVE-2025-38639 is a Linux kernel vulnerability in netfilter xt_nfacct where the acct name is assumed to be null-terminated, enabling a slab-out-of-bounds read via KASAN in lib/vsprintf.c and related paths (nfacct_mt_checkentry/xt_check_match). The cited advisories indicate a local attacker could ...

5.5CVSS6.5AI score0.00159EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.43 views

CVE-2025-38650

CVE-2025-38650 affects the Linux kernel hfsplus code path. The issue arises from a deadlock-prone interaction around the extents tree: the code previously invoked mutex_lock in a path leading to hfsplus_free_extents, and a commit (31651c607151) was applied to unlock the extents tree before hfsplu...

5.5CVSS6.6AI score0.00121EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.43 views

CVE-2025-38663

CVE-2025-38617 (nilfs2 issue) : In the Linux kernel, a vulnerability was fixed in the NILFS2 file system related to reading inodes from a block device. The root cause was a missing sanity check for the inode file type; if an inode with an invalid file type is encountered, the kernel now treats it...

5.5CVSS6.6AI score0.00159EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.43 views

CVE-2025-38727

Linux kernel vulnerability CVE-2025-38727 affects netlink in the Linux kernel. A bug in netlink_attachskb() may cause an infinite retry loop when memory checks for skb->truesize against sk_rcvbuf are inconclusive (rmem + skb->truesize > sk_rcvbuf), potentially triggering an rcu_sched sta...

5.5CVSS5.8AI score0.00154EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.43 views

CVE-2025-39682

CVE-2025-39682: Linux kernel TLS processing fix for zero-length TLS records in the rx_list. The patch changes recvmsg() to process either contiguous DATA records (any number) or one non-DATA record. If a future record type differs after decryption (possible with TLS 1.3 when type is undecided unt...

7.1CVSS5.7AI score0.00178EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.43 views

CVE-2025-39691

CVE-2025-39691 (Linux kernel) is a use-after-free in fs/buffer when bh_read() is used during ntfs3 mount, where a stack variable map_bh passed to ntfs_get_block_vbo() may be freed before end_buffer_read_sync(), risking stack overrun on put_bh. The issue is triggered in the I/O path for buffer hea...

7.8CVSS5.9AI score0.00162EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.43 views

CVE-2026-23004

The CVE-2026-23004 issue in the Linux kernel concerns races in the IPv6 dst cache path (rt6_uncached_list_del/rt_del_uncached_list) leading to use-after-free during list_head initialization in INIT_LIST_HEAD, as observed by KASAN in rt6_uncached_list_flush_dev and related paths. The root cause is...

7.8CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.43 views

CVE-2026-23194

CVE-2026-23194 relates to the Linux kernel rust_binder handling of FDA objects of length zero. The issue was a out-of-bounds write when an empty fd-array (FDA) with 0 fds was processed, caused by treating skip == 0 as a special “pointer fixup.” The fix replaces this zero-special-case pattern (ori...

7.8CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.43 views

CVE-2026-31488

The CVE-2026-31488 entry concerns a Linux kernel issue in the DRM/AMD display path where DSC (display stream compression) validation could drop the mode_changed flag for an unrelated mode change within the same KMS commit. This could cause new streams to be created for DSC-independent CRTCs, whil...

7.8CVSS5.6AI score0.00135EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.43 views

CVE-2026-31700

Summary (CVE-2026-31700): In the Linux kernel, a TOCTOU race in tpacket_snd() when PACKET_VNET_HDR is enabled allows a user-space race on vnet_hdr fields between validation and use, bypassing safety checks. The vulnerability affects the mmap’d TX ring buffer where vnet_hdr points into user-contro...

7.8CVSS5.9AI score0.00103EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.43 views

CVE-2026-43128

Summary: CVE-2026-43128 affects the Linux kernel RDMA/umem subsystem. In ib_umem_dmabuf_get_pinned_with_dma_device(), if ib_umem_dmabuf_map_pages() fails, the code previously unpinned the dmabuf immediately while the umem_dmabuf->pinned flag remained set, causing a potential double dma_buf_unp...

7.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.43 views

CVE-2026-45840

CVE-2026-45840 : The vulnerability in the Linux kernel openvswitch path allows a CAP_NET_ADMIN user to overflow the vport netlink reply buffer by providing a large upcall PID array, triggering a -EMSGSIZE and a kernel BUG. The root cause is ovs_vport_set_upcall_portids() accepting any non-zero mu...

5.5CVSS5.9AI score0.00117EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.43 views

CVE-2026-45970

CVE-2026-45970 affects the Linux kernel bonding driver (Active-Backup Load Balancing, ALB). The root cause is a Use-After-Free in rlb_arp_recv where RX path may access rx_hashtbl concurrently with bond teardown, allowing a race with rlb_deinitialize() to dereference freed memory and trigger a ker...

7.8CVSS5.7AI score0.00126EPSS
Total number of security vulnerabilities14330