CVE-2022-50017

CVE-2022-50017 affects the Linux kernel’s mips cavium-octeon implementation, specifically the octeon2_usb_clocks_start path. The root cause is a missing of_node_put() on the reference returned by of_get_parent(), which increments the devicetree reference count and leads to a refcount leak. The fi...

CVE-2022-50057

CVE-2022-50057 affects the Linux kernel ntfs3 file system. The vulnerability is a NULL dereference in ntfs_update_mftmirr where, if ntfs_fill_super() wasn’t called, sbi->sb could be NULL and dereferenced. The failure path is triggered by certain mount parameters (e.g., an invalid or unexpected...

CVE-2022-50174

The CVE-2022-50174 issue affects the Linux kernel net/hinic path when a hinic device is used as a bond slave and statistics are read from the master bond device. The root cause is in hinic_get_stats64(), which previously called down(&nic_dev->mgmt_lock) to protect a critical section, risking s...

CVE-2022-50356

CVE-2022-50356 affects the Linux kernel’s net: sched: sfb path. When the default qdisc is sfb and dev_queue initialization fails during mqprio_init(), the code calls sfb_reset() to free resources, but the qdisc pointer (q->qdisc) may be NULL, leading to a general protection fault (null pointer...

CVE-2023-53186

CVE-2023-53186 affects the Linux kernel’s skb handling: a race between coalescing and releasing SKBs can occur when merging fragments across page_pool and non-page_pool pages. The root cause is that skb_cloned(from) must remain true until coalescing finishes; if the other cloned SKB is released m...

CVE-2023-53194

CVE-2023-53194 is a Linux kernel vulnerability in fs/ntfs3 related to an insufficient length check in indx_get_root, which can lead to a use-after-free condition observed via KASAN during mounting operations. The provided reports describe a use-after-free read (size 2) on a page accessed by the m...

CVE-2023-53319

CVE-2023-53319 (Linux kernel, KVM arm64) : The issue arises from a race between finalize_pkvm() and kvm_arm_init() initcalls, where finalize_pkvm() proceeds even if kvm_arm_init() fails, causing warnings and a potential HYP panic. The connected Astra/SUSE OSV entries confirm this vulnerability in...

CVE-2023-53345

CVE-2023-53345 pertains to the Linux kernel, addressing a data race in rxrpc_wait_to_be_connected() where the loop accessed call->error before the call state was checked for completion. The fix ensures call->error is read only after the call is complete, preventing races between rxrpc_send_...

CVE-2025-38508

CVE-2025-38508 : In the Linux kernel, the fix for SEV-SNP timekeeping uses the firmware-provided TSC_FACTOR to compute the mean TSC frequency, addressing clock skew between the hypervisor and SEV-SNP guests that caused hrtimers to fire early. The change applies to x86/sev Secure TSC handling and ...

CVE-2025-38509

Summary of CVE-2025-38509 (Linux kernel, wifi/mac80211): A vulnerability in VHT mode notifications for sub-20 MHz channel widths (notably 5/10 MHz) could lead to invalid input reaching ieee80211_chan_width_to_rx_bw(), triggering a WARN_ON. The issue arises when VHT opmode_notif is used and unsupp...

CVE-2025-38517

CVE-2025-38517 is a Linux kernel issue in lib/alloc_tag where alloc_tag_top_users() may lock alloc_tag_cttype->mod_lock even when alloc_tag_cttype is NULL or invalid, leading to a crash on memory allocation failure. The root cause is that alloc_tag_cttype can be NULL or an error value in scena...

CVE-2025-38640

CVE-2025-38640: Linux kernel vulnerability in BPF/netfilter flow where nf_hook_run_bpf() could run migrations in xmit path, allowing non-migratable context assumptions to be violated. The fix disables migration by using bpf_prog_run_pin_on_cpu() in nf_hook_run_bpf() (commit references in the Linu...

CVE-2025-38645

CVE-2025-38645 affects the Linux kernel (net/mlx5). Root cause: a NULL device memory pointer (dev->dm) can be dereferenced in mlx5_init_once() if allocation fails. Fix: add a NULL check before accessing device memory to prevent a crash. Impact in docs: LOCAL attacker could crash the system; re...

CVE-2025-38679

CVE-2025-38679 – Linux kernel media venus OOB read : The vulnerability is in media: venus where event_seq_changed() processes a firmware property count without validating the payload length, enabling out-of-bounds memory access. Impact: kernel crashes and potential information disclosure if firmw...

CVE-2025-38683

CVE-2025-38683 affects hv_netvsc in the Linux kernel. The issue arises during namespace deletion when a VF NIC is moved to a new namespace and then back, causing netdev list handling to dereference NULL and trigger a kernel panic. The supplied references describe the root cause as a race in defau...

CVE-2025-38735

The CVE-2025-38735 entry concerns the Linux kernel gve driver. A crash could occur if an ethtool operation is issued after shutdown() has begun, because shutdown() tears down internal data structures and ethtool IOCTLs could dereference freed/NULL pointers, triggering a kernel panic. The document...

CVE-2025-39678

CVE-2025-39678 affects the Linux kernel, specifically the x86/amd/hsmp code path. The vulnerability arises when sock->metric_tbl_addr is NULL, which can cause a NULL pointer dereference when accessing metrics_bin. The provided connected SUSE advisory confirms the fix: a NULL check was added to...

CVE-2025-39683

CVE-2025-39683 (Linux kernel tracing vulnerability) The issue occurs when processing long strings in ftrace filters: trace_get_user may fail, but parser->buffer end is not zeroed, leading to a slab-out-of-bounds read in strsep/ftrace_process_regex and related release paths. The result is a loc...

CVE-2025-39730

CVE-2025-39730 is a Linux kernel issue affecting NFS filehandle handling. The connected Astra/Amazon Linux livepatch advisories (ALAS2023LIVEPATCH-2025-108 and related entries) confirm a fix for NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() by ensuring the minimal filehandle length is...

CVE-2025-39746

CVE-2025-39746 affects the Linux kernel device driver stack for wifi/ath10k on PCIe. When the hardware becomes unreliable, ath10k can lose PCIe connectivity, causing WMI command timeouts and a restart loop that may trigger a watchdog timeout and a system crash on suspend. The advisory describes a...

CVE-2025-39782

CVE-2025-39782 concerns the Linux kernel, specifically the JBD2 journal path. The issue arises because jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() contend for j_list_lock, potentially causing long wait times that can trigger softlockups if sleeping calls do not occur. The a...

CVE-2025-39883

CVE-2025-39883 affects the Linux kernel memory-management path mm/memory-failure, where unpoisoning memory can trigger VM_BUG_ON_PAGE(PagePoisoned(page)) due to checking PG_HWPoison flags on an uninitialized page. The root cause described in the initial and connected advisories is the uninitializ...

CVE-2025-71160

CVE-2025-71160 relates to the Linux kernel netfilter nf_tables chain validation. The vulnerability arises from the validator traversing the entire chain graph (base chains and chain jumps), which can trigger CPU soft lockups in nft_chain_validate under certain input paths. The change described ai...

CVE-2026-23060

The CVE-2026-23060 issue in the Linux kernel crypto: authencesn module arises when assoclen

CVE-2026-23213

CVE-2026-23213 affects the Linux kernel’s DRM/AMD/PM path. During an SMU Mode 1 reset, the ASIC goes through a reset cycle and becomes temporarily inaccessible via PCIe, risking uncompleted PCIe transactions that can trigger NMI panics or system hangs. The fix disables MMIO access during the offl...

CVE-2026-23274

CVE-2026-23274 : In the Linux kernel, a bug in netfilter xt_IDLETIMER allows rev0 rules to reuse timers labeled as ALARM if a prior timer exists. This can cause mod_timer() to run on an uninitialized timer_list, triggering debug warnings and potentially a panic when panic_on_warn=1. The fix rejec...

CVE-2026-23466

The CVE-2026-23466 vulnerability affects the Linux kernel’s drm/xe component, where GGTT MMIO access was only protected by hotplug mechanics (drm_dev_enter). If a driver fails to load or during teardown when BOs may be freed asynchronously, drm_dev_unplug() may not be invoked and the MMIO region ...

CVE-2026-31414

CVE-2026-31414 (Linux kernel netfilter nf_conntrack_expect) The vulnerability arises from using nfct_help() without holding a reference to the master conntrack, leading to unsafe references when the helper is dumped via ctnetlink and /proc. The fix switches to using exp->master->helper in t...

CVE-2026-31786

The CVE-2026-31786 issue affects the Linux kernel in drivers/xen/sys-hypervisor.c, where HYPERVISOR_xen_version(XENVER_build_id) returned a build_id that is not NUL-terminated, causing a buffer overflow via sprintf in buildid_show. The root cause is that the build_id was not treated as a proper s...

CVE-2022-50105

The CVE-2022-50105 issue affects the Linux kernel (powerpc/spufs) where of_find_node_by_path() could leak a refcount. The fix, as documented, is to call of_node_put() on the remotely referenced device node when done, preventing a refcount leak in spufs_init_isolated_loader. Connected advisories (...

CVE-2022-50233

CVE-2022-50233 (bluetooth: device name can cause reading kernel memory by not supplying terminal \0) affects SUSE Linux Enterprise Server 15 SP4 kernels (live patch stream). The SUSE advisories indicate this issue was fixed in multiple kernel live patches (e.g., SUSE-SU-2026:0163-1, 0166-1, 0168-...

CVE-2022-50406

CVE-2022-50406 affects the Linux kernel iomap/writeback path. Connected advisories confirm a memory corruption fix during writeback error recording, described as: “iomap: iomap: fix memory corruption when recording errors during writeback.” The issue is associated with the kernel code path handli...

CVE-2023-53245

CVE-2023-53245 refers to the Linux kernel Hyper-V StorVSC integration for virtual Fibre Channel timeouts. The issue arises from a faulty integration where the FC transport timeout handler (fc_eh_timed_out()) could dereference a NULL rport, causing a kernel panic. The published fix removes the cal...

CVE-2023-53287

CVE-2023-53287 : Linux kernel USB cdns3 driver fix—move the set_active() call outside the spin lock to avoid sleeping in atomic context during resume, preventing a WARN during resume (pm_runtime_resume path). The change protects the cdns data structure and removes the ‘sleeping function called fr...

CVE-2023-53354

CVE-2023-53354 concerns the Linux kernel skb_segment path used for zero-copy of SKBs. The bug occurs when skb_orphan_frags() updates nr_frags, leaving the local nrfrags stale and causing a panic while iterating frags during GSO/zero-copy processing. The fix moves the call to zero-copy functions b...

CVE-2023-53373

CVE-2023-53373 in the Linux kernel affects the crypto/seqiv path. The vulnerability arises because seqiv only handles EINPROGRESS and does not account for EBUSY, risking a use-after-free for backlogged requests. The fix is to treat EBUSY the same as EINPROGRESS, preventing premature data free on ...

CVE-2025-38558

In CVE-2025-38558, the Linux kernel USB gadget VAR: uvc frame-based format previously crashed when color_matching descriptor was missing, due to a NULL pointer dereference. The fix initializes the color matching descriptor for frame-based formats, mirroring the handling already present for uncomp...

CVE-2025-38626

CVE-2025-38626 affects the Linux kernel with the F2FS file system in foreground log-structured (lfs) mode. The issue arises in f2fs_map_blocks() where allocations can trigger block allocations aggressively under parallel aio/dio/bufio workloads, potentially exhausting space and causing a system p...

CVE-2025-38648

CVE-2025-38648 refers to a Linux kernel issue in the stm32 SPI driver. The stm32_spi_probe now validates that the pointer returned by of_device_get_match_data (cfg) is non-NULL before accessing cfg->has_device_mode, preventing a potential NULL pointer dereference and possible system crash. If ...

CVE-2025-38680

The CVE CVE-2025-38680 affects the Linux kernel media: uvcvideo component, where a 1-byte out-of-bounds read can occur in uvc_parse_format(). The root cause is a buffer length check that only guaranteed buf > 2, while the code accesses buffer[3], requiring at least 4 bytes. The vulnerability’s...

CVE-2025-38697

The CVE relates to the Linux kernel JFS: an upper bound check in dbAllocAG when computing the tree index could go out of bounds if filesystem metadata is corrupted. This could enable a local attacker to trigger out-of-bounds conditions in JFS data structures. The vulnerability is resolved in the ...

CVE-2025-38711

CVE-2025-38711 : Linux kernel vulnerability fixed in smb/server deadlock scenario when linking with ReplaceIfExists. If smb2_create_link() is called with ReplaceIfExists and the target name exists, ksmbd_vfs_kern_path_locked() locks the parent, then ksmbd_vfs_remove_file() deletes the file, and k...

CVE-2025-38718

CVE-2025-38718 affects the Linux kernel SCTP implementation. The issue arises when cloning head skbs with fraglists, causing use-after-likes from sharing frag skbs and leading to uninitialized-value bugs (KMSAN) in sctp_inq_pop and related code paths. The fix patches sctp_rcv() to linearize clone...

CVE-2025-38721

CVE-2025-38721 affects the Linux kernel netfilter ctnetlink table dump path. A reference count leak in ctnetlink_dump_table() can occur if res ct_general) only when ct != last, and a cookie-based workaround is mentioned as an alternative. The Astra Linux bulletin confirms the same vulnerability i...

CVE-2025-38729

CVE-2025-38729 relates to the Linux kernel ALSA USB-audio driver and a validation issue with UAC3 power domain descriptors. The root cause is insufficient verification of the descriptor length (bLength), which could allow out-of-bounds accesses via malicious firmware. The vulnerability affects th...

CVE-2025-39681

CVE-2025-39681 relates to the Linux kernel on x86 with Hygon CPUs. The root cause was a missing resctrl_cpu_detect() call in the Hygon BSP init path after resctrl_cpu_detect() was moved to vendor-specific init code. This caused a division-by-zero in get_rdt_mon_resources() during early boot due t...

CVE-2025-39760

CVE-2025-39760 concerns the Linux kernel USB subsystem: usb_parse_ss_endpoint_companion() previously read descriptor fields without ensuring the descriptor length, enabling an out-of-bounds read in SS endpoint companion parsing. The fixed code now checks the size before accessing descriptor field...

CVE-2025-39772

CVE-2025-39772 affects the Linux kernel HibMC driver for Hisilicon GPUs (drm/hisilicon/hibmc). Description: when hibmc loading fails, the driver attempted to free resources via hibmc_unload, but mode.config mutexes were uninitialized, risking a NULL-pointer dereference. The fix replaces a goto cl...

CVE-2025-39808

CVE-2025-39808 – Linux kernel HID-ntrig null-deref fix . Affects HID-ntrig in the Linux kernel. In ntrig_report_version(), a hdev structure copied from hid_probe() could lead to a page fault when a descriptor was sent to /dev/uhid if hdev->dev.parent->parent was NULL. The fix adds a null-ch...

CVE-2025-39812

CVE-2025-39812: In the Linux kernel SCTP implementation, the vulnerability stems from not initializing sin6_scope_id in sctp_v6_from_sk(), which can cause undefined behavior. The fix clears sin6_scope_id and sin6_flowinfo to prevent use of uninitialized data in the IPv6 SCTP path. Affected contex...