CVE-2025-38383

CVE-2025-38383 describes a denial-of-service data-race in Linux kernel vmalloc/NUMA reporting (show_numa_info). The root cause is a read/write race on vmalloc metadata (m->private) accessed by concurrent readers/writers. The fix, as stated in the description, is to stop sharing the heap via pr...

CVE-2025-38573

CVE-2025-38573: Linux kernel SPI cs42l43 handling bug where the software node’s property entries were not guaranteed to be null-terminated due to missing count, allowing a downstream cs35l56 amplifier driver parse to walk past the array into unknown memory. Root cause: property-count not specifie...

CVE-2025-38615

CVE-2025-38615 affects the Linux kernel NTFS3 file system (fs/ntfs3). The vulnerability arises when renaming a file on an NTFS3 volume with a corrupted i_link, where make_bad_inode() is invoked on a live inode. This can lead to the inode being treated as bad while it remains in icache, and a race...

CVE-2025-38622

CVE-2025-38622 — Linux kernel UDP/GSO issue : The vulnerability occurs in the UDP receive path when a packet with virtio_net_hdr using SKB_GSO_UDP and a gso_size smaller than the UDP header can trigger a crash in skb_pull_rcsum, leading to a kernel BUG in net/core/skbuff.c and a local attacker ma...

CVE-2025-38659

CVE-2025-38659 (Linux kernel, gfs2): The issue occurs during a node withdrawal when the only mounted node would try to replay the local journal, which previously could dereference sdp->sd_jdesc->jd_inode due to a use-after-free in gfs2_recover_func(). The vulnerability is mitigated by remov...

CVE-2025-38704

CVE-2025-38704: In the Linux kernel, a bug in rcu/nocb could access an invalid nocb_cb_kthread pointer during CPU online/offline cycles. The fix changes the safety check to use rdp->nocb_gp_kthread instead of rdp_gp->nocb_gp_kthread. Public advisories from SUSE (SUSE-SU-2026:20220-1, openSU...

CVE-2025-38728

CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...

CVE-2025-38732

CVE-2025-38732 refers to a Linux kernel vulnerability in netfilter nf_reject where loopback packets could cause a dst refcount leak. The issue arises from a patch that added a WARN during skb dst entry replacement but forgot that loopback packets already have a dst_entry attached (even at PRE_ROU...

CVE-2025-38734

CVE-2025-38734 is a Linux kernel vulnerability in net/smc causing a use-after-free when smc_listen_out_connected releases smcsk and leaves newclcsock->sk possibly NULL. The root cause is a race where, after accept() and immediate close, the socket’s sk is NULL, leading to a NULL dereference. T...

CVE-2025-39682

CVE-2025-39682: Linux kernel TLS processing fix for zero-length TLS records in the rx_list. The patch changes recvmsg() to process either contiguous DATA records (any number) or one non-DATA record. If a future record type differs after decryption (possible with TLS 1.3 when type is undecided unt...

CVE-2025-39702

CVE-2025-39702 affects the Linux kernel IPv6 source routing path (ipv6 sr) where MAC comparison was not constant-time, exposing potential timing attacks. The vulnerability is confirmed resolved in the kernel and is documented across multiple advisories (e.g., Debian LTS, Amazon Linux ALAS/* advis...

CVE-2026-23455

TL;DR : CVE-2026-23455 is a Linux kernel vulnerability in netfilter nf_conntrack_h323, fixed by adding a check so the decoded length remains positive after subtracting the protocol discriminator. Affected component : Linux kernel, nf_conntrack_h323 DecodeQ931() UserUserIE path. Root cause : The d...

CVE-2026-43341

The CVE-2026-43341 details Linux kernel IOAM6 trace filling vulnerability. In ioam6_fill_trace_data(), the schema length is accumulated in an 8-bit unsigned variable (sclen). With the largest schema payload and bit 22 set, sclen wraps from 256 to 0 (1 + 1020/4), bypassing the remaining-space chec...

CVE-2026-46230

CVE-2026-46230 affects the Linux kernel’s drm/amdgpu/vcn3 component. The vulnerability is an Out-of-Bounds read during decoder message parsing, due to missing bounds checks; the fix adds checks against the end of the BO before msg access. Impact is described as high severity (CVSSv3.1: Local, Low...

CVE-2024-58240

CVE-2024-58240: In the Linux kernel TLS subsystem, the vulnerability concerns separation of no-async decryption request handling from async paths, which simplifies handling when not using async. The description states this change resolves an issue and references a prior fix that mitigated a race ...

CVE-2025-38133

CVE-2025-38133 affects the Linux kernel’s IIO ADC driver (ad4851/ad4858). The root cause was pointer arithmetic: ad4851_parse_channels_common() advances the channel pointer, and ad4858_parse_channels() advanced it again when setting ext_scan_type, causing indio_dev->channels to point past the ...

CVE-2025-38549

Technical details about CVE-2025-38549 (affected components, root cause, impact, and remediation) are not provided in the supplied documents; monitor for updates.

CVE-2025-38557

CVE-2025-38557 : In the Linux kernel HID subsystem, a vulnerability affects the apple_backlight feature. A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer dereference when toggling the power feature-report if the HID descriptor declares only one field for the powe...

CVE-2025-38559

CVE-2025-38559 (Linux kernel) affects the Intel PMT subsystem on x86 platforms. The issue is a NULL pointer dereference in intel_pmt_read() when an ep (endpoint) is missing, leading to kernel oops in crashlog handling. The fix, as described, augments intel_pmt_entry with a pointer to the pcidev t...

CVE-2025-38593

CVE-2025-38593: Linux kernel Bluetooth HCI double-free in hci_discovery_filter_clear() due to a race with start_service_discovery(); fix adds locking around kfree() and the NULL assignment of uuids. This mitigates a potential use-after-free / slab error and is reflected in multiple vendor advisor...

CVE-2025-38632

CVE-2025-38632 affects the Linux kernel pinctrl/pinmux logic. The issue is a race where updates to mux_usecount and mux_owner were not performed atomically under the same lock, allowing a state where mux_usecount > 0 but mux_owner is NULL, potentially causing a NULL pointer on subsequent pin r...

CVE-2025-38652

CVE-2025-38652: In the Linux kernel, a f2fs path handling bug can cause out-of-bounds access when constructing devs.path for a device, due to sbi->devs.path[] not leaving space for the trailing null terminator. Root cause: device path storage (path[MAX_PATH_LEN]) can be fully filled, causing p...

CVE-2025-38656

CVE-2025-38656 affects the Linux kernel’s wifi iwlwifi path (iwl_op_mode_dvm_start). The vulnerability stems from preserving the error code when iwl_setup_deferred_work() fails; the code previously returned ERR_PTR(0) (NULL), which could cause a use-after-free involving debugfs. A patch has been ...

CVE-2025-38681

CVE-2025-38681 affects the Linux kernel mm/ptdump code. The issue arises when memory hotplug modifications race with ptdump_walk_pgd() and intermediate page-table frees, causing the ptdump code to dereference freed memory and potentially crash or corrupt data. The fix moves the memory hotplug loc...

CVE-2025-39691

CVE-2025-39691 (Linux kernel) is a use-after-free in fs/buffer when bh_read() is used during ntfs3 mount, where a stack variable map_bh passed to ntfs_get_block_vbo() may be freed before end_buffer_read_sync(), risking stack overrun on put_bh. The issue is triggered in the I/O path for buffer hea...

CVE-2025-39694

CVE-2025-39694 concerns the Linux kernel on s390:sclp where a NULL SCCB address check after address translation could fail if identity mapping does not start at 0, potentially allowing access to the first page of identity mapping. The fix adds a NULL-case handler prior to address translation to e...

CVE-2025-39783

CVE-2025-39783: Linux kernel PCI endpoint. The configfs group handling in pci_epf_remove_cfs() incorrectly called list_del() on epf_group, which is a list head, causing a slab-use-after-free (KASAN) when tearing down endpoint function drivers with a configfs attribute group. The connected Astra L...

CVE-2025-39819

CVE-2025-39819 affects the Linux kernel (fs/smb). The issue is an inconsistent refcount update in smb2_compound_op that could leak resources; a fix adds an extra cleanup goto to ensure cfile is dropped on all paths, including ENOMEM paths. The problem is limited to the kernel SMB path and is miti...

CVE-2025-39835

In CVE-2025-39835, the Linux kernel XFS xattr code could leak ENODATA (ENOATTR) disk errors as a misleading “attribute not found,” potentially leading to an oops in xfs_attr_leaf_get() when a disk error returns ENODATA/ENOATTR with bp being NULL. The fix modifies lower IO error handling so disk e...

CVE-2025-39849

CVE-2025-39849 refers to a Linux kernel vulnerability in the wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() path. The issue allows memory corruption if ssid->datalen exceeds IEEE80211_MAX_SSID_LEN (32) due to missing bounds checks. The connected documents confirm this CVE ...

CVE-2026-23004

The CVE-2026-23004 issue in the Linux kernel concerns races in the IPv6 dst cache path (rt6_uncached_list_del/rt_del_uncached_list) leading to use-after-free during list_head initialization in INIT_LIST_HEAD, as observed by KASAN in rt6_uncached_list_flush_dev and related paths. The root cause is...

CVE-2026-23231

CVE-2026-23231 affects the Linux kernel nf_tables code. The root cause is a use-after-free in nf_tables_addchain(), where a new chain is published to a table via list_add_tail_rcu() before hooks are registered; on failure the error path frees the chain without an RCU grace period, creating use-af...

CVE-2026-31419

Summary of CVE-2026-31419 : A use-after-free in the Linux kernel bonding driver is caused by a race in bond_xmit_broadcast() where the last slave determination can change during RCUs, leading to double-free of the original skb and a potential crash. The fix replaces the racy bond_is_last_slave() ...

CVE-2026-31655

CVE-2026-31655 affects the Linux kernel’s pmdomain: imx8mp-blk-ctrl module, where the NOC_HDCP clock must be kept enabled. The underlying issue is an inconsistent clock state that can disrupt the NoC ADB400 port power‑down handshake, potentially causing a system hang. Reported impact is a DoS-lik...

CVE-2026-46262

CVE-2026-46262 concerns the Linux kernel ASoC fsl_xcvr module. The issue stems from a deadlock: a read lock is acquired while a write lock is already held in the same thread within fsl_xcvr_mode_put(), which is invoked by the upper ALSA core via snd_ctl_elem_write(). This caused a hung task. The ...

CVE-2022-50071

The CVE-2022-50071 issue affects the Linux kernel’s MPTCP implementation. The vulnerability arises when socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, causing leakage of subflows because cleanup was not invoked in that code path. The fix moves subflow cleanup into the mptcp_...

CVE-2022-50400

The CVE-2022-50400 issue concerns the Linux kernel greybus: audio_helper code, where debugfs usage was removed due to incorrect handling that could leak memory and even erase all debugfs entries. The fix is to remove all debugfs logic from the audio_helper code; if needed later, a fix for the inc...

CVE-2023-53258

CVE-2023-53258 (Linux kernel) relates to drm/amd/display underflow when using displays with large vblank regions at low refresh rates. The issue was fixed by simplifying the vblank_nom calculation and increasing VBlankNomDefaultUS to 800µs. Public advisories indicate patches were applied in Linux...

CVE-2025-38076

CVE-2025-38076 concerns the Linux kernel vulnerability related to module unloading and allocation tags. The issue arises from a use-after-free risk when memory containing a module’s allocation tags remains alive after unloading, because percpu counters referenced by those tags could be freed by f...

CVE-2025-38093

CVE-2025-38093 affects the Linux kernel (arm64) for the dts: qcom: x1e80100 entry. The issue arises because the GPU does not throttle under high load, risking hitting the 120°C hardware shutdown. The fix configures GPU throttling to occur at 95°C with polling every 200ms. Impact in the data shows...

CVE-2025-38381

The CVE-2025-38381 issue affects the Linux kernel codepath handling cs40l50 uploads. Specifically, in cs40l50_upload_owt(), memory allocated via kmalloc() is not checked for allocation failure, which can lead to a NULL pointer dereference. The fix adds a NULL check and returns -ENOMEM on allocati...

CVE-2025-38435

CVE-2025-38435 affects the Linux kernel RISCV vector context handling. The issue: incorrect saving/restoring of vector registers v8–v31 during context save/restore with xtheadvector, risking userspace breakage. Affected component: riscv vector code in the kernel; root cause is the improper preser...

CVE-2025-38595

CVE-2025-38595 concerns a use-after-free in the Linux kernel’s Xen hypervisor path related to DMA buffer handling. The issue arises when a file descriptor for a dma_buf is inserted into a descriptor table and another thread closes it, with a race that can lead to dereferencing objects (e.g., the ...

CVE-2025-38634

The CVE-2025-38634 issue is in the Linux kernel’s CPCAP charger code. In cpcap_usb_detect(), power_supply_get_by_name() can return NULL instead of an error pointer, risking a NULL dereference. A null check was added to prevent this. Impact is described as local, with availability impact, and a ME...

CVE-2025-38635

The CVE-2025-38635 issue concerns the Linux kernel clk: davinci: davinci_lpsc_clk_register() path. The root cause is a missing NULL check after devm_kasprintf(), which can return NULL on memory allocation failure and lead to a NULL pointer dereference. The fix adds a NULL check after the devm_kas...

CVE-2025-38692

CVE-2025-38692 refers to a Linux kernel exFAT fix validating cluster chains to prevent infinite loops during directory operations. The patch adds loop-break checks for conditions in exfat_count_dir_entries, exfat_create_upcase_table, exfat_load_bitmap, exfat_find_dir_entry, and exfat_check_dir_em...

CVE-2025-38725

CVE-2025-38725 affects the Linux kernel net: usb: asix_devices driver handling of ax88772 MDIO bus. Without a phy_mask, the driver could create up to 32 MDIO phy devices (addresses 0x00–0x1f). Only one main phy binds to the net phy driver, causing issues during suspend/resume where phy_polling_mo...

CVE-2025-39685

Summary (CVE-2025-39685) : In the Linux kernel, the comedi pcl726 driver could trigger an out-of-bounds when an excessively large IRQ number was passed (example 0x80008000). The fix adds an interrupt number check to prevent passing an IRQ number that is too large. It notes that if it->options[...

CVE-2025-39798

CVE-2025-39798 refers to a Linux kernel vulnerability where, during automount of a new NFS filesystem, capabilities could be inappropriately inherited. The underlying issue is that capabilities were not reset properly when crossing into a new filesystem, and must be reset to minimal defaults and ...

CVE-2025-39818

CVE-2025-39818: Linux kernel vulnerability in intel-thc-hid (Intel THC) where improper pointer arithmetic in I2C regs save could cause a slab-out-of-bounds read/write (KASAN). The fix replaces the secondary pointer usage with direct array indexing (&dev->i2c_subip_regs[i]) to ensure safe memor...