CVE-2026-46181

Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...

CVE-2023-53377

Technical details for CVE-2023-53377 are not publicly provided in the supplied Connected documents. The materials only show the vulnerability description without explicit affected products/versions or remediation specifics. Monitor for official disclosures.

CVE-2025-38196

CVE-2025-38196 affects the Linux kernel io_uring resource (io_uring/rsrc) cloning path. The bug arises when registering clone buffers where the sum of offset and count exceeds the available range, causing an allocation via kmalloc to be too large and potentially triggering a WARN_ON in kmalloc (m...

CVE-2025-38241

CVE-2025-38241 affects the Linux kernel in mm/shmem and swap paths, causing a soft lockup with mTHP swapin due to a conflict between readahead-ordered folios in swap cache and the swapin folio allocation. The issue occurs when a 10G swap device (e.g., zram) is used with THP and cgroup memory limi...

CVE-2025-38545

CVE-2025-38545 pertains to the Linux kernel, affecting the net/ethernet/ti am65-cpsw-nuss path. The vulnerability arises from allocating memory for skb_shared_info during the transition from netdev_alloc_ip_align() to build_skb(), where only the packet length was accounted for and not the skb_sha...

CVE-2025-38621

The CVE-2025-38621 issue affects the Linux kernel md subsystem, where md_spares_need_change could call rdev_addable() while under RCU, potentially dereferencing an rdev.mddev that is NULL after release, causing a NULL pointer dereference and a panic. The published description notes the fix is to ...

CVE-2025-38660

CVE-2025-38660 affects the Linux kernel code path used when handling Ceph-related long names. The issue stems from parse_longname() using strrchr() without a guaranteed NUL-terminated string, which motivated building a NUL-terminated copy via kmemdup_nul() to prepare input for kstrtou64(). The pr...

CVE-2025-38662

CVE-2025-38662 in the Linux kernel affects the ASoC Mediatek mt8365 PCM/DAI code. The issue arises in mt8365_dai_set_priv where priv_size is allocated for the destination, but the code passes afe_priv (the size of struct mt8365_afe_private) instead of the correct priv structure (mt8365_i2s_priv[i...

CVE-2025-38676

CVE-2025-38676 affects the Linux kernel (iommu/amd) and fixes a stack buffer overflow when processing kernel cmdline acpiid length. The issue is local and can be triggered by crafted kernel command-line input; base score 7.8 (HIGH) with LOCAL/LOW complexity, no user interaction. The CVE is addres...

CVE-2025-38703

CVE-2025-38703 affects the Linux kernel’s drm/xe path, specifically making dma-fences compliant with safe access rules. The issue arises when Xe frees data pointed to by dma-fences it exports (e.g., a timeline name) after a userspace submit queue is closed, which could lead to a use-after-free if...

CVE-2025-39686

CVE-2025-39686: In the Linux kernel comedi subsystem, insn_rw_emulate_bits() incorrectly emulated INSN_READ/WRITE for subdevices that support INSN_BITS, handling only a single sample instead of insn->n samples. The fix is to make the function process all n samples or return an error to conform...

CVE-2025-39767

CVE-2025-39767 describes a Linux kernel issue on LoongArch where enabling CONFIG_KASAN, CONFIG_PREEMPT_VOLUNTARY_BUILD, and CONFIG_PREEMPT_VOLUNTARY together can trigger a soft deadlock due to slow module load times. The root cause involves module_frob_arch_sections() evaluating PLT/GOT counts; a...

CVE-2025-39815

The CVE-2025-39815 entry concerns the Linux kernel (RISC-V KVM) where a stack overrun could occur when loading vlenb. The issue arises because userspace can place up to 2048 bits into an xlen-sized stack buffer; the fix adds a pre-check to ensure only xlen bits are used. The vulnerability is desc...

CVE-2025-39817

CVE-2025-39817 — Linux kernel efivarfs_d_compare may trigger a slab-out-of-bounds in memcmp when dentry->d_name.len

CVE-2025-39818

CVE-2025-39818: Linux kernel vulnerability in intel-thc-hid (Intel THC) where improper pointer arithmetic in I2C regs save could cause a slab-out-of-bounds read/write (KASAN). The fix replaces the secondary pointer usage with direct array indexing (&dev->i2c_subip_regs[i]) to ensure safe memor...

CVE-2025-39825

CVE-2025-39825 is described in the connected IBM security bulletin as a Linux kernel vulnerability: the smb client race with concurrent opens in rename(2). The root cause is a race during the rename operation where, besides sending the rename request, the kernel also closes deferred closes, await...

CVE-2025-39841

CVE-2025-39841 affects the Linux kernel’s SCSI lpfc code, specifically the deferred receive path. The vulnerability arises from an incorrect buffer release order: the RQ buffer was freed before clearing the context pointer under the lock, allowing concurrent paths (e.g., ABTS and the repost path)...

CVE-2025-39850

CVE-2025-39850 affects the Linux kernel vxlan implementation. When the VXLAN device runs with the proxy option enabled, ARP/IPv6 Neighbor Solicitation can be spuriously suppressed if the remote host’s MAC is not behind the any remote. The root cause is dereferencing an FDB nexthop entry that may ...

CVE-2026-22978

The CVE-2026-22978 issue lies in the Linux kernel wifi code where struct iw_point exposes a 32‑bit hole on 64‑bit arches, enabling kernel-infoleak to user space. The fix is to zero the iw_point structure before user-space access. This remediation is present in upstream kernel fixes (noted with ke...

CVE-2026-23066

CVE-2026-23066 concerns the Linux kernel RXRPC receive path. The issue arises in rxrpc_recvmsg() where, if MSG_DONTWAIT is requested and the front of the recvmsg queue has its mutex held, the call is unconditionally requeued, potentially corrupting the recvmsg queue and causing Use-After-Frees or...

CVE-2026-23069

CVE-2026-23069 (Linux kernel) : In vsock/virtio, the credit calculation in virtio_transport_get_credit() can underflow when the peer’s advertised buffer (peer_buf_alloc) shrinks while data is in flight, potentially allowing more data to be queued than the peer can handle. The issue arises from un...

CVE-2026-23152

Technical details for CVE-2026-23152 are not publicly provided in the supplied connected docs. The materials only note patching/release status in OSV/SUSE advisories; no specifics on affected components, exploitability, or fixes are included here.

CVE-2026-23210

In CVE-2026-23210, the Linux kernel ice driver experiences a NULL pointer dereference during VSI rebuild when PTP periodic work runs concurrently with VSI rebuild. The root cause is a race where ice_ptp_prepare_for_reset() cancels PTP work, ice_ptp_rebuild() queues it, and VSI rebuild occurs afte...

CVE-2026-23410

CVE-2026-23410 – Linux kernel (AppArmor) race condition has a documented use-after-free in rawdata handling. The issue occurs when rawdata inodes aren’t refcounted, allowing an attacker to open a rawdata file while the last reference is removed (e.g., via profile removal), freeing the aa_loaddata...

CVE-2022-49975

CVE-2022-49975 affects the Linux kernel’s BPF path, where a redirect of packets with invalid pkt_len could occur. The root cause is described as a BPF program test/run path (bpf_prog_test_run_skb) redirecting empty skbs, leading to a potential flow handling issue in fq_codel_drop(). The vulnerabi...

CVE-2023-53197

CVE-2023-53197: Linux kernel USB UHCI memory leak when using debugfs_lookup() (dput() on result required). The fix is to replace with debugfs_lookup_and_remove(), which handles the logic and prevents leaks. Affected: Linux kernel USB UHCI code path; Impact states local, with availability impact a...

CVE-2023-53250

The CVE-2023-53250 entry concerns a null-pointer dereference in Linux kernel firmware handling (dmi-sysfs). The issue occurs in dmi_sysfs_register_handle during initialization, triggered by a kobject/dmi_sysfs lifecycle sequence where list_add_tail is followed by an error path, leading to an unin...

CVE-2025-38224

CVE-2025-38224 concerns the Linux kernel’s can: kvaser_pciefd driver where echo_skb_max was defined as 17 (KVASER_PCIEFD_CAN_TX_MAX_COUNT) but later rounded to the next power of two (32). This caused potential slab-out-of-bounds in kvaser_pciefd_handle_ack_packet() when computing tx/rx indices, l...

CVE-2025-38447

CVE-2025-38447: Linux kernel mm/rmap batched unmap could read past PTE table end. Root cause: batched unmap in try_to_unmap_one() could read beyond PTE table when a folio’s mappings span >1 page. Fix: refactor into folio_unmap_pte_batch(), compute a safe batch size capped by VMA and PMD bounda...

CVE-2025-38486

CVE-2025-38486 concerns a Linux kernel soundwire regression where revert of the qcom set_channel_map API (soundwire: qcom: Add set_channel_map api support) caused kernel instability on Dragonboard 845c (sdm845), including BRK/Fatal exception and a non‑summing trace. Connected reports document spe...

CVE-2025-38505

CVE-2025-38505 affects the Linux kernel mwifiex wireless driver in STA mode when concurrent STA/AP with host MLME is enabled. The issue caused the firmware to send disassociation frames to the STA interface, triggering kernel WARN_ONs during disconnect events. The fix adds validation in the STA r...

CVE-2025-38685

CVE-2025-38685 affects the Linux kernel fbdev path. The issue arises in vmalloc out-of-bounds write within fast_imageblit when a userspace ioctl (FBIOPUT_CON2FBMAP) maps a console to a framebuffer; if the console resize during mapping fails but the code continues, it can end up updating display s...

CVE-2025-38702

The CVE-2025-38702 entry concerns the Linux kernel fbdev subsystem. The issue is a potential buffer overflow in do_register_framebuffer() when unregistration creates NULL gaps in registered_fb[], when all slots become occupied despite num_registered_fb

CVE-2025-38708

CVE-2025-38708 is addressed in the Linux kernel via a fix in DRBD: a missing kref_get in handle_write_conflicts when two-primaries are enabled could cause a use-after-free and kernel crash. The issue occurs during detection of concurrent writes to the same sector across nodes, where premature drb...

CVE-2025-38710

CVE-2025-38710 (gfs2 depth validation) : Linux kernel fix for exhash directories in GFS2. A fuzzer caused a depth of 0 in dir_e_read(), triggering an undefined shift by 32 in index = hash >> (32 - dip->i_depth). The minimum exhash depth is ilog2(sdp->sd_hash_ptrs) and 0 is invalid sin...

CVE-2025-38717

CVE-2025-38717 – net/kcm race condition (Linux kernel) : Syzbot observed a race between kcm_unattach(psock) and kcm_release(kcm). The bug stems from a missing check of the flag kcm->tx_stopped before queue_work(), which can allow requeuing kcm->tx_work between cancel_work_sync() and unreser...

CVE-2025-39677

Summary: CVE-2025-39677 affects the Linux kernel net/sched backlog accounting in qdisc_dequeue_internal for hhf, fq, fq_codel, and fq_pie. The issue occurs when adjusting to a new backlog limit; dequeue paths drop packets from gso_skb without increasing qstats backlog, causing backlog underflow i...

CVE-2025-39697

CVE-2025-39697 affects the Linux kernel’s NFS write path. The vulnerability arises from a race where, after nfs_lock_and_join_requests() tests if a request remains attached to the mapping, a call to nfs_inode_remove_request() can still succeed before the page group is locked. The root cause is th...

CVE-2025-39698

CVE-2025-39698 concerns the Linux kernel io_uring/futex cleanup: io_futex_data is allocated upfront and wired into io_kiocb.async_data, but the request flag REQ_F_ASYNC_DATA may not be set at that time. On failure, the futex handler frees the data but may not clear async_data, so the data and fla...

CVE-2025-39706

Summary: CVE-2025-39706 affects the Linux kernel's DRM/AMDKFD path. The issue arises when destroying KFD debugfs before kfd_process_destroy_wq, causing a NULL pointer hang due to an attempted remove of /sys/kernel/debug/kfd/proc/ after /sys/kernel/debug/kfd was destroyed. Root cause: proc content...

CVE-2025-39844

CVE-2025-39844 relates to a Linux kernel memory-management bug where page-table synchronization was not consistently performed when vmemmap spans multiple PGD entries. The issue caused intermittent boot failures and a kernel panic (notably on 4-level paging with large persistent memory) due to a ...

CVE-2025-39865

CVE-2025-39865 affects the Linux kernel tee subsystem. The issue is a potential NULL pointer dereference in tee_shm_put when reg_pair_to_ptr may return NULL, leading to a crash in shutdown flow (optee/shm cache path). The documented fix is to add a NULL check in tee_shm_put to prevent dereferenci...

CVE-2025-71300

CVE-2025-71300 affects the Linux kernel where U-Boot’s OP-TEE logic injects a reserved-memory node into the kernel device tree. A manually defined OP-TEE node in zynqmp.dtsi interferes with this process, causing memory access violations at runtime. The issue is described as resolved by reverting ...

CVE-2026-23240

In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...

CVE-2026-23270

CVE-2026-23270 pertains to the Linux kernel net/sched subsystem. The fix restricts the use of TC action act_ct to only bind to clsact/ingress qdiscs and shared blocks, preventing its use on the egress path. The change addresses a scenario where classify could return TC_ACT_CONSUMED while the skb ...

CVE-2026-23392

The CVE-2026-23392 vulnerability affects the Linux kernel nf_tables flowtable handling. Root cause: during error paths, a hook may still reference a flowtable, exposing it to the packet path and nfnetlink control plane. The fix inserts synchronize_rcu() after unregistering hooks (rcu grace period...

CVE-2026-46043

The CVE-2026-46043 detail shows a Linux kernel RDMA/rxe issue in rxe_rcv() where payload_size() could underflow due to attacker-controlled BTH pad and RXE_ICRC_SIZE not being accounted for in the initial length check. The fix requires validating paylen against the full minimum length: header_size...

CVE-2026-46056

The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...

CVE-2022-49997

CVE-2022-49997 concerns the Linux kernel component net/lantiq_xrx200. In memory-allocation failure scenarios, an invalid buffer address is stored; when the descriptor is used again, the system panics in build_skb() when accessing memory. The vulnerability is described as resolved in the provided ...

CVE-2022-50013

Summary: CVE-2022-50013 relates to the f2fs (Flash-Friendly File System) code in the Linux kernel. The issue arises from a NAT/NAT bitmap inconsistency that can cause a BUG_ON() in f2fs_new_node_page() when a NAT entry’s blkaddr is not NULL_ADDR while its NAT bitmap marks it free. The vulnerabili...