Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/05/28 9:35 a.m.43 views

CVE-2026-46132

CVE-2026-46132 - Linux kernel on multiple distros : The flaw is a stack information leak in net/rtnetlink when reporting VF info via IFLA_VF_BROADCAST. A local unprivileged process can trigger RTM_GETLINK and copy a partially uninitialized 32-byte field (vf_broadcast) from the stack, leaking up t...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.43 views

CVE-2026-46145

The CVE-2026-46145 vulnerability affects the Linux kernel, specifically the RDMA/mana component. A user-supplied rx_hash_key_len value supplied via a uAPI structure is blindly passed to memcpy, enabling localized kernel memory corruption if bounds checks are not enforced. Reports from multiple so...

7.8CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.43 views

CVE-2026-46227

CVE-2026-46227 describes a race in the Linux kernel SCTP SENDALL path. The sctp_sendmsg() loop over ep->asocs caches the next entry in @tmp, then calls sctp_sendmsg_to_asoc() after dropping the socket lock, allowing a second thread to peel off the cached association and migrate it to a new end...

7.8CVSS5.8AI score0.00104EPSS
CVE
CVE
added 2026/06/19 2:0 p.m.43 views

CVE-2026-52908

CVE-2026-52908 affects the Linux kernel RDMA path: during rereg_mr, changing IB_MR_REREG_ACCESS from RO to RW requires re-evaluating the umem to ensure proper RW pinning. The fix introduces an ib_umem_check_rereg() hook that each driver must call before processing IB_MR_REREG_ACCESS; mlx4 retains...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.42 views

CVE-2014-9903

CVE-2014-9903 (Linux kernel) : Affects Linux kernel 3.14-rc1 to 3.14-rc3 (and earlier rc builds) where sched_read_attr in kernel/sched/core.c uses an incorrect size. This enables a local attacker to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call. The...

5.5CVSS5AI score0.00364EPSS
CVE
CVE
added 2025/06/18 11:4 a.m.42 views

CVE-2022-50232

CVE-2022-50232 affects the Linux kernel on arm64 with FEAT_EPAN: UXN was not set on swapper PTEs, causing idmap_kpti_install_ng_mappings to panic when accessing __idmap_kpti_flag. Upstream fix sets UXN on swapper page tables; originated from a boot-flow refactor (commit c3cee924bd85) and a simple...

5.5CVSS6.3AI score0.00173EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.42 views

CVE-2022-50373

The CVE-2022-50373 entry describes a race in the Linux kernel's DLM lowcomms path: in fs/dlm, between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The race can allow the final reference of a dlm_msg to be taken by queue_work(), causing msg->idx to contain garbage. A patch...

4.7CVSS6AI score0.00135EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.42 views

CVE-2025-38372

CVE-2025-38372 : The Linux kernel patch for RDMA/mlx5 implicit ODP handling fixes an unsafe xarray access by replacing __xa_store() and __xa_erase() (which were used without proper locking) with xa_store() and xa_erase(), which perform the necessary locking internally. This resolves a suspicious ...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.42 views

CVE-2025-38402

The CVE concerns the Linux kernel IDPF driver RSS handling. The vulnerability arises when RSS is not supported: the code returns a 0 RSS key size, while a -EOPNOTSUPP path may be cast to a 32-bit size, potentially producing an invalid allocation size. This can lead to an allocation failure on sys...

5.5CVSS6.4AI score0.00145EPSS
CVE
CVE
added 2025/07/25 1:20 p.m.42 views

CVE-2025-38407

CVE-2025-38407 (Linux kernel, RISC‑V) is addressed by replacing the dynamic percpu boot data area with a statically allocated array in the kernel image to fix boot on NUMA SMP configurations. The root cause was that, when percpu page allocation happens early with NUMA, percpu data could be placed...

5.5CVSS6AI score0.00154EPSS
CVE
CVE
added 2025/08/16 10:54 a.m.42 views

CVE-2025-38510

The CVE-2025-38510 issue in the Linux kernel is about the KASAN memory debugger. The fix removes kasan_find_vm_area() to avoid deadlocks during KASAN reporting when find_vm_area() would be called in an atomic_context. The vulnerability stemmed from a potential deadlock between kernel VM area repo...

5.5CVSS6.5AI score0.00137EPSS
CVE
CVE
added 2025/08/16 11:12 a.m.42 views

CVE-2025-38523

The CVE-2025-38523 issue affects the Linux kernel CIFS client/server path (smbd_recv/smbd_readv) where data copied from the smbd_response slab via copy_to_iter() could trigger kernel memory exposure when CONFIG_HARDENED_USERCOPY is enabled. The root cause is that the smbd_response slab’s packet f...

5.5CVSS6.8AI score0.00143EPSS
CVE
CVE
added 2025/08/16 11:12 a.m.42 views

CVE-2025-38530

CVE-2025-38530 relates to the Linux kernel’s Comedi pcl812 code. The vulnerability arises from a test that shifts a constant with a user-supplied option: (1 <options[1]) & board->irq_bits. Since it->options[1] is unchecked from userspace, the shift amount can be negative or out of bounds...

7.1CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.42 views

CVE-2025-38583

CVE-2025-38583 affects the Linux kernel clk xilinx vcu clock provider. The issue occurs when registration of pll_post fails and the code attempts to unregister it, which can lead to a NULL pointer dereference during clk_hw_unregister calls. The fix is to unregister pll_post only if it was registe...

5.5CVSS7.1AI score0.00146EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.42 views

CVE-2025-38615

CVE-2025-38615 affects the Linux kernel NTFS3 file system (fs/ntfs3). The vulnerability arises when renaming a file on an NTFS3 volume with a corrupted i_link, where make_bad_inode() is invoked on a live inode. This can lead to the inode being treated as bad while it remains in icache, and a race...

5.5CVSS7.1AI score0.00145EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.42 views

CVE-2025-38621

The CVE-2025-38621 issue affects the Linux kernel md subsystem, where md_spares_need_change could call rdev_addable() while under RCU, potentially dereferencing an rdev.mddev that is NULL after release, causing a NULL pointer dereference and a panic. The published description notes the fix is to ...

5.5CVSS6.2AI score0.00128EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.42 views

CVE-2025-38664

The CVE-2025-38664 entry is a Linux kernel issue affecting the ice driver: a null pointer dereference in ice_copy_and_init_pkg() could occur if devm_kmemdup() returns NULL. The advisory notes a fix by adding a NULL check for the return value of devm_kmemdup() to prevent the dereference, with the ...

5.5CVSS6.5AI score0.00159EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.42 views

CVE-2025-38724

CVE-2025-38724: Linux kernel NFS server (nfsd) had a race in nfsd4_setclientid_confirm() where it did not check get_client_locked() return, risking reference loss and a potential use-after-free. A fix obtains a reference early when a confirmed client exists, and handles failure as if no confirmed...

7.8CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.42 views

CVE-2025-38734

CVE-2025-38734 is a Linux kernel vulnerability in net/smc causing a use-after-free when smc_listen_out_connected releases smcsk and leaves newclcsock->sk possibly NULL. The root cause is a race where, after accept() and immediate close, the socket’s sk is NULL, leading to a NULL dereference. T...

7.8CVSS5.9AI score0.00161EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.42 views

CVE-2025-39697

CVE-2025-39697 affects the Linux kernel’s NFS write path. The vulnerability arises from a race where, after nfs_lock_and_join_requests() tests if a request remains attached to the mapping, a call to nfs_inode_remove_request() can still succeed before the page group is locked. The root cause is th...

4.7CVSS5.7AI score0.00132EPSS
CVE
CVE
added 2025/09/12 3:59 p.m.42 views

CVE-2025-39795

CVE-2025-39795 involves a kernel block layer (blk_stack_limits) overflow where chunk_sectors could exceed an unsigned int when interpreted in bytes. The concrete fix, documented in multiple advisories (e.g., Ubuntu USN entries and Oracle/Linux ELSA/DLA), changes the validation to operate on secto...

5.5CVSS6.3AI score0.00149EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.42 views

CVE-2025-39828

Summary (CVE-2025-39828) : In the Linux kernel’s ATM subsystem, the atmtcp_recv_control path allowed an in-kernel pointer (kptr) in a control message to be overwritten via an unvalidated sendmsg path. This enables an arbitrary-write condition through a crafted atmtcp_control message, exploitable ...

7.8CVSS6.2AI score0.00157EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.42 views

CVE-2026-23060

The CVE-2026-23060 issue in the Linux kernel crypto: authencesn module arises when assoclen

5.5CVSS5.2AI score0.00123EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.42 views

CVE-2026-23191

CVE-2026-23191 (Linux kernel — ALSA aloop) resolves a race in the aloop PCM trigger path that could cause a use-after-free when repeatedly opening/closing the tied stream. The vulnerability occurs because the trigger callback checks the PCM state and stops the tied substream outside the cable loc...

7.8CVSS5.3AI score0.00113EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.42 views

CVE-2026-23209

CVE-2026-23209 is a Linux kernel macvlan bug. The issue occurs in macvlan when creating a new link with MACVLAN_MODE_SOURCE and MACVLAN_MACADDR_ADD/SET and the lower device already has a macvlan port, causing a use-after-free after a failed register_netdevice() in the create path. Upstream kernel...

7.8CVSS5.2AI score0.00119EPSS
CVE
CVE
added 2026/04/30 10:31 a.m.42 views

CVE-2026-31787

CVE-2026-31787 affects the Linux kernel, specifically the xen/privcmd mapping flow. The root cause is a double-free in the VMA splitting path when userspace performs partial munmap() on a privcmd mapping. Because privcmd_vm_ops defines .close but not .may_split or .open, the kernel may_split() pe...

7.8CVSS5.3AI score0.00183EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.42 views

CVE-2026-43011

The CVE-2026-43011 issue concerns the Linux kernel net/x25 path where a skb may be freed twice due to a double-free path: if alloc_skb fails in x25_queue_rx_frame, kfree_skb(skb) is called, and later x25_backlog_rcv may free the same skb again, causing a crash/DoS. Public advisories confirm this ...

9.8CVSS5.8AI score0.00514EPSS
CVE
CVE
added 2026/05/15 5:15 a.m.42 views

CVE-2026-43490

The CVE-2026-43490 entry concerns the Linux kernel ksmbd SMB server. The flaw arises in smb_inherit_dacl() where the code validates a fixed SID header but not the variable-length SID described by sid.num_subauth, allowing a malformed inheritable ACE to advertise more subauthorities than present. ...

8.8CVSS6AI score0.00408EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.42 views

CVE-2026-45843

CVE-2026-45843 affects the Linux kernel’s SLIP/VJ-compressed TCP header handling (slip and slhc_uncompress). The vulnerability stems from decode() and pull16() not enforcing bounds against the packet end, and decode() masking its return value to 0xFFFF, causing potential over-reads when a compres...

8.2CVSS5.8AI score0.00278EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.42 views

CVE-2026-46020

CVE-2026-46020 affects the Linux kernel DAMON subsystem. The issue arises from unvalidated damos_quota_goal->nid for node_mem_{used,free}_bp, which is used by si_meminfo_node() and NODE_DATA(), potentially enabling out-of-bounds memory access via DAMON_SYSFS. The provided patch series mm/damon...

7.1CVSS5.9AI score0.00124EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.42 views

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.42 views

CVE-2026-46159

The CVE-2026-46159 issue affects the Linux kernel’s Btrfs code, specifically btrfs_ioctl_space_info(). A TOCTOU race occurs between two passes over block group RAID type lists: the first pass counts entries for allocation, the second fills the buffer and releases the groups_sem lock. If entries s...

4.7CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.42 views

CVE-2026-46175

Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...

7.1CVSS5.8AI score0.00124EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.42 views

CVE-2026-46226

CVE-2026-46226 affects the Linux kernel SPI FSL driver, where deregistration of the controller was not ensured before releasing DMA resources during driver unbind. The issue is fixed in updated kernels across multiple OS packages (e.g., Root:Debian-11/12, Ubuntu 22.04+, Debian/Ubuntu roots with r...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/05/28 9:41 a.m.42 views

CVE-2026-46238

CVE-2026-46238 affects the Linux kernel’s BAT IV implementation via the batman-adv subsystem. The issue stems from caching an auxiliary originator pointer derived from a temporary lookup in neigh_node state, where the pointer can be freed or become stale after purge handling. The documented fix i...

8.8CVSS5.7AI score0.00262EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.41 views

CVE-2022-50147

CVE-2022-50147 refers to a Linux kernel memory policy bug: mm/mempolicy get_nodes can access the nmask array out of bounds when a user specifies more nodes than supported. The issue is resolved in the Linux kernel (patches referenced), with CVSSv3.1 base score 7.1 (HIGH), local access, low privil...

7.1CVSS6.6AI score0.00163EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.41 views

CVE-2025-38032

The CVE pertains to the Linux kernel (CVE-2025-38032) where a splat was reported in the ipmr netns cleanup path due to ipmr_can_free_table() checks in net/ipv4/ipmr.c. The issue was addressed by consolidating the relevant sanity check in a single helper and reusing it for both IPv4 and IPv6 code ...

5.5CVSS6.3AI score0.0014EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.41 views

CVE-2025-38374

CVE-2025-38374 – Linux kernel (OP-TEE FF-A): The issue arises because OP-TEE’s notif_callback() for FF-A notifications was executed in an atomic context, leading to a sleep and a kernel warning. The fix is to move notification processing to a non-atomic context by using a work queue. Affected des...

5.5CVSS6.3AI score0.00145EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.41 views

CVE-2025-38390

CVE-2025-38390 relates to the Linux kernel firmware/arm_ffa notifier callbacks. The issue arises from allocating and inserting a notifier callback node into a hashtable during registration, but during unregistration the code only removes the node from the hashtable without freeing the allocated m...

5.5CVSS6.5AI score0.00154EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.41 views

CVE-2025-38484

Technical details about CVE-2025-38484 are not provided in the supplied connected documents. The references list the CVE but do not describe affected components, impact, or fixes. Monitor vendor advisories for public details and remediation.

7.8CVSS6.6AI score0.00153EPSS
CVE
CVE
added 2025/08/16 10:54 a.m.41 views

CVE-2025-38511

CVE-2025-38511 concerns a Linux kernel vulnerability in drm/xe/pf where LMEM (LMEM buffer objects) were not cleared by default on allocation, creating a risk that unused LMTT PTEs could point to other VF or PF pages. The patch clears all new LMTT pages on allocation to prevent a malicious VF from...

5.5CVSS6.8AI score0.00135EPSS
CVE
CVE
added 2025/08/16 11:22 a.m.41 views

CVE-2025-38541

Summary: In the Linux kernel, the mt7925 driver (mt76 family) had a NULL pointer dereference in mt7925_thermal_init() caused when devm_kasprintf() returns NULL. The fix adds a NULL check after devm_kasprintf() to prevent the crash, addressing an issue with thermal initialization in mt7925. Affect...

5.5CVSS6.5AI score0.00135EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.41 views

CVE-2025-38646

CVE-2025-38646 exploits a NULL pointer dereference in the Linux kernel’s wifi driver rtW89 during RX processing for packets on an unsupported 6 GHz band. The vulnerability occurs when a problematic RX report makes software think a packet arrived on 6 GHz even though the chip does not support it, ...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.41 views

CVE-2025-38681

CVE-2025-38681 affects the Linux kernel mm/ptdump code. The issue arises when memory hotplug modifications race with ptdump_walk_pgd() and intermediate page-table frees, causing the ptdump code to dereference freed memory and potentially crash or corrupt data. The fix moves the memory hotplug loc...

4.7CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.41 views

CVE-2025-38728

CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...

7.1CVSS5.8AI score0.0014EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.41 views

CVE-2025-39849

CVE-2025-39849 refers to a Linux kernel vulnerability in the wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() path. The issue allows memory corruption if ssid->datalen exceeds IEEE80211_MAX_SSID_LEN (32) due to missing bounds checks. The connected documents confirm this CVE ...

7.8CVSS6.2AI score0.00144EPSS
CVE
CVE
added 2026/01/21 6:57 a.m.41 views

CVE-2026-22976

CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...

5.5CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.41 views

CVE-2026-22984

CVE-2026-22984 affects the Linux kernel libceph path (handle_auth_done) and is resolved by an explicit bounds check on payload_len to prevent out-of-bounds reads. Upstream patch exists and has been incorporated in newer kernel releases (e.g., 6.6.130 per Mageia advisory); vendors: update to a ker...

9.8CVSS5.2AI score0.00351EPSS
CVE
CVE
added 2026/05/01 1:53 p.m.41 views

CVE-2026-31694

Summary: CVE-2026-31694 fixes a Linux kernel FUSE directory-entry handling flaw. A malicious FUSE server could cause a 24-byte overflow by returning a dirent whose serialized size (based on namelen) exceeds a single PAGE_SIZE. The bug arises in fuse_add_dirent_to_cache(), which previously only ch...

7.8CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.41 views

CVE-2026-31716

The CVE-2026-31716 entry covers a Linux kernel NTFS3 flaw in journal replay. Description from multiple sources states that check_file_record() validates rec->total against the record size but not rec->used. The journal-replay handlers read rec->used from disk and use it to compute memmov...

7.8CVSS5.8AI score0.00128EPSS
Total number of security vulnerabilities14330