14330 matches found
CVE-2026-43013
Technical details for CVE-2026-43013 are not publicly available in the provided connected documents. Monitor for updates from vendors/security trackers.
CVE-2026-43114
Summary: CVE-2026-43114 involves the Linux kernel netfilter nft_set_pipapo_avx2 path. The bug arises when AVX2 matching incorrectly masks and returns a non-matching entry on expiry after a flush, causing a clashing element report. Root-cause: too-early return in AVX2 match functions, leading to o...
CVE-2026-43116
The CVE-2026-43116 issue affects the Linux kernel’s netfilter ctnetlink master conntrack handling. The root cause is insufficient locking around the master conntrack object, which can become invalid while still referenced (exp->master). The fix extends the nf_conntrack_expect_lock and the spin...
CVE-2026-43329
CVE-2026-43329 concerns the Linux kernel netfilter flowtable where the maximum number of hardware offload actions for IPv6 was exceeded (17 used vs 16 allowed). The fixes update flow_action_entry_next() to enforce the limit and raise the per-flow action cap from 16 to 24, enabling IPv6 setups to ...
CVE-2026-46052
The CVE-2026-46052 issue concerns the Linux kernel Ceph filesystem where a negative dentry that is already hashed can be re-added to the dcache, corrupting the d_hash bucket and leading to an RCU stall or system hang. The root cause is that d_add() can rehash and reinstate a dentry that is alread...
CVE-2022-50090
CVE-2022-50090 relates to the Linux kernel/Btrfs: it replaces the hard-coded limit BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size. On zoned filesystems, data writes are limited by max_zone_append_size, and a large ordered extent can trigger more extents than expected, causing the estimato...
CVE-2023-53516
The CVE-2023-53516 entry corresponds to a Linux kernel macvlan netlink policy issue. A new attribute IFLA_MACVLAN_BC_CUTOFF was added, but the nla_policy in macvlan_policy (drivers/net/macvlan.c) was not described, allowing a 4-byte integer (NLA_S32) to be faked as empty and potentially cause an ...
CVE-2024-58240
CVE-2024-58240: In the Linux kernel TLS subsystem, the vulnerability concerns separation of no-async decryption request handling from async paths, which simplifies handling when not using async. The description states this change resolves an issue and references a prior fix that mitigated a race ...
CVE-2025-38235
CVE-2025-38235: Linux kernel fix for appletb_kbd backlight reference counting leak. backlight_device_get_by_name increments ref count for android backlight named "appletb_backlight" and it is not released, causing a reference leak. The fix decrements the reference count on removal via put_device ...
CVE-2025-38296
CVE-2025-38296 affects the Linux kernel platform_profile driver. On non-ACPI platforms, sysfs entries were initialized during module init, requiring acpi_kobj and triggering a warning. The fix is to check that ACPI is enabled before creating the sysfs entries (platform_profile_init) to prevent in...
CVE-2025-38405
In CVE-2025-38405, the Linux kernel nvmet subsystem was vulnerable to a memory leak in bio integrity (bio->bi_integrity) when commands carried metadata. The root cause was that after bio_init, some users (including nvmet inline bios) did not call bio_uninit, preventing proper deallocation. The...
CVE-2025-38537
CVE-2025-38537: Linux kernel vulnerability in net: phy: Don’t register LEDs for genphy. Root cause: when a PHY has no driver, the genphy driver is probed/removed via phy_attach/detach, and if the PHY node has a leds subnode, LEDs get (un)registered during genphy probe/remove, leading to a determi...
CVE-2025-38643
CVE-2025-38643 affects the Linux kernel wifi stack (cfg80211). The root cause is a missing lock in cfg80211_check_and_end_cac(), while callers of wdev_chandef() are expected to hold the wiphy mutex; however the worker cfg80211_propagate_cac_done_wk() does not acquire it. This can trigger a warnin...
CVE-2025-38725
CVE-2025-38725 affects the Linux kernel net: usb: asix_devices driver handling of ax88772 MDIO bus. Without a phy_mask, the driver could create up to 32 MDIO phy devices (addresses 0x00–0x1f). Only one main phy binds to the net phy driver, causing issues during suspend/resume where phy_polling_mo...
CVE-2025-38732
CVE-2025-38732 refers to a Linux kernel vulnerability in netfilter nf_reject where loopback packets could cause a dst refcount leak. The issue arises from a patch that added a WARN during skb dst entry replacement but forgot that loopback packets already have a dst_entry attached (even at PRE_ROU...
CVE-2025-39716
CVE-2025-39716 affects the Linux kernel (parisc) and describes a read-access checking issue in __get_user(). Because read access support was only triggered at privilege levels 2/3, the kernel ran at ring 0 and failed to raise a read-access fault (code 26). The fix probes read access rights at pri...
CVE-2025-39798
CVE-2025-39798 refers to a Linux kernel vulnerability where, during automount of a new NFS filesystem, capabilities could be inappropriately inherited. The underlying issue is that capabilities were not reset properly when crossing into a new filesystem, and must be reset to minimal defaults and ...
CVE-2025-39819
CVE-2025-39819 affects the Linux kernel (fs/smb). The issue is an inconsistent refcount update in smb2_compound_op that could leak resources; a fix adds an extra cleanup goto to ensure cfile is dropped on all paths, including ENOMEM paths. The problem is limited to the kernel SMB path and is miti...
CVE-2025-39835
In CVE-2025-39835, the Linux kernel XFS xattr code could leak ENODATA (ENOATTR) disk errors as a misleading “attribute not found,” potentially leading to an oops in xfs_attr_leaf_get() when a disk error returns ENODATA/ENOATTR with bp being NULL. The fix modifies lower IO error handling so disk e...
CVE-2025-39885
CVE-2025-39885 affects the OCFS2 filesystem in Linux kernels. The vulnerability stems from a recursive semaphore deadlock during fiemap processing of a specially crafted mmap’ed file: ocfs2_fiemap() takes a read lock on ip_alloc_sem, then fiemap_fill_next_extent() accesses the extent list while a...
CVE-2025-39955
The CVE-2025-39955 entry concerns the Linux kernel TCP Fast Open path. The root cause is that tcp_disconnect() failed to clear tcp_sk(sk)->fastopen_rsk, allowing the retransmit timer to trigger while a TFO socket is being reused, potentially delaying or missing a retransmission. The fix implem...
CVE-2026-22978
The CVE-2026-22978 issue lies in the Linux kernel wifi code where struct iw_point exposes a 32‑bit hole on 64‑bit arches, enabling kernel-infoleak to user space. The fix is to zero the iw_point structure before user-space access. This remediation is present in upstream kernel fixes (noted with ke...
CVE-2026-23066
CVE-2026-23066 concerns the Linux kernel RXRPC receive path. The issue arises in rxrpc_recvmsg() where, if MSG_DONTWAIT is requested and the front of the recvmsg queue has its mutex held, the call is unconditionally requeued, potentially corrupting the recvmsg queue and causing Use-After-Frees or...
CVE-2026-23213
CVE-2026-23213 affects the Linux kernel’s DRM/AMD/PM path. During an SMU Mode 1 reset, the ASIC goes through a reset cycle and becomes temporarily inaccessible via PCIe, risking uncompleted PCIe transactions that can trigger NMI panics or system hangs. The fix disables MMIO access during the offl...
CVE-2026-23466
The CVE-2026-23466 vulnerability affects the Linux kernel’s drm/xe component, where GGTT MMIO access was only protected by hotplug mechanics (drm_dev_enter). If a driver fails to load or during teardown when BOs may be freed asynchronously, drm_dev_unplug() may not be invoked and the MMIO region ...
CVE-2026-31622
Summary (CVE-2026-31622): In the Linux kernel NFC digital subsystem, the NFC‑A cascade depth handling in digital_in_recv_sdd_res() could allow a malicious peer to keep sending cascade responses, causing writes past the allocated nfc_target buffer (heap overflow) by exceeding the cascade depth. Th...
CVE-2026-31655
CVE-2026-31655 affects the Linux kernel’s pmdomain: imx8mp-blk-ctrl module, where the NOC_HDCP clock must be kept enabled. The underlying issue is an inconsistent clock state that can disrupt the NoC ADB400 port power‑down handshake, potentially causing a system hang. Reported impact is a DoS-lik...
CVE-2026-31717
In the Linux kernel ksmbd, a vulnerability allows an authenticated user to hijack an orphaned durable handle by reconnecting with a different security context. The issue stems from ksmbd not verifying that the requester’s SecurityContext matches the original opener when a durable handle is reconn...
CVE-2026-31786
The CVE-2026-31786 issue affects the Linux kernel in drivers/xen/sys-hypervisor.c, where HYPERVISOR_xen_version(XENVER_build_id) returned a build_id that is not NUL-terminated, causing a buffer overflow via sprintf in buildid_show. The root cause is that the build_id was not treated as a proper s...
CVE-2026-43163
Impact: Linux kernel md/bitmap component vulnerable to a use-after-free race during array resize, causing a General Protection Fault in write_page. Root cause: concurrent access to bitmap->storage.filemap between bitmap_daemon_work() and __bitmap_resize(), with md_bitmap_file_unmap() freeing s...
CVE-2026-45984
The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap->inline_data still references dibh->b_data, causing a use-after-free when i...
CVE-2026-46040
CVE-2026-46040: In the Linux kernel inotify path, when fsnotify_add_inode_mark_locked() fails during inotify_new_watch(), the error path did not call dec_inotify_watches(), leaking a watch count and potentially exhausting max_user_watches (-ENOSPC) even with no active watches. The fix introduces ...
CVE-2026-46082
CVE-2026-46082 is a Linux kernel KVM vulnerability (SVM) where INVLPGA generates a #UD if EFER.SVME is 0. The issue affects kernel code handling SVM, with local attack potential and high impact on availability, and was addressed by a patch adding a proper #UD injection when EFER.SVME=0. Public re...
CVE-2026-46093
CVE-2026-46093 affects the Linux kernel mm/vmalloc subsystem. The issue arises because decay_va_pool_node() can be invoked concurrently from two paths—the purge path and the shrinker path via vmap_node_shrink_scan—without proper serialization. This leads to races and potential memory leaks. The d...
CVE-2026-46303
The CVE-2026-46303 vulnerability affects the Linux kernel isofs Rock Ridge CE handling. rock_continue() could use rs->cont_extent without validating the block number, allowing potential reads of data from an adjacent filesystem via sb_bread() on crafted ISO mounts. The issue was addressed by p...
CVE-2026-46312
CVE-2026-46312 is a Linux kernel vulnerability involving media: videobuf2 where vb2_dma_sg_mmap did not set the VMA flags, potentially triggering a WARN_ON in drm_gem_mmap_obj() during mmap() of an imported dma-buf. The fix adds proper VMA flag handling in vb2_dma_sg_mmap_mmap (consistent with vb...
CVE-2026-46315
CVE-2026-46315 affects the Linux kernel’s io_uring waitid path. The issue arises because IORING_OP_WAITID stores results in io_waitid::info and may copy stale data to userspace if the wait completes without a child event. The fix is to clear the result storage during prep so the kernel’s path mir...
CVE-2022-50009
CVE-2022-50009 corresponds to a Linux kernel vulnerability in f2fs → fixed null-ptr-deref in f2fs_get_dnode_of_data during atomic write. The provided data describe a scenario where f2fs_do_write_data_page writes a cow_inode (for atomic writes) and ends up dereferencing a NULL cow_inode, triggerin...
CVE-2022-50071
The CVE-2022-50071 issue affects the Linux kernel’s MPTCP implementation. The vulnerability arises when socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, causing leakage of subflows because cleanup was not invoked in that code path. The fix moves subflow cleanup into the mptcp_...
CVE-2024-14027
CVE-2024-14027 in the Linux kernel: the fremovexattr() path leaks a file reference when strncpy_from_user() fails, due to missing fdput() after fdget(). This can allow an unprivileged local user to cause kernel memory exhaustion in multi-threaded contexts. The issue was inadvertently fixed by com...
CVE-2024-57983
The CVE-2024-57983 issue concerns the Linux kernel mailbox support (th1520) for ICU0. The vulnerability arose from an incorrectly sized array used to save and restore interrupt mask registers, leading to memory corruption when accessing all four registers during suspend and resume. The connected ...
CVE-2025-38325
The CVE-2025-38325 entry covers a Linux kernel issue in the ksmbd subsystem. The vulnerability arises because the free_transport function for a TCP connection could be invoked via the smbdirect path, potentially triggering a kernel oops. The published patch adds free_transport ops to the ksmbd co...
CVE-2025-38383
CVE-2025-38383 describes a denial-of-service data-race in Linux kernel vmalloc/NUMA reporting (show_numa_info). The root cause is a read/write race on vmalloc metadata (m->private) accessed by concurrent readers/writers. The fix, as stated in the description, is to stop sharing the heap via pr...
CVE-2025-38434
Technical details for CVE-2025-38434 are not publicly provided in the connected documents. The sources do not specify affected products/versions, root cause, impact, or remediation; monitor for updates.
CVE-2025-38435
CVE-2025-38435 affects the Linux kernel RISCV vector context handling. The issue: incorrect saving/restoring of vector registers v8–v31 during context save/restore with xtheadvector, risking userspace breakage. Affected component: riscv vector code in the kernel; root cause is the improper preser...
CVE-2025-38450
CVE-2025-38450: Linux kernel fix for MT7925 decap offload NULL pointer dereference. A NULL check for msta->vif (and readiness of wcid.sta) prevents dereferencing before station init completes, avoiding kernel panic in AP mode. Affects MT7925 wireless path in Linux kernel; remediation is the up...
CVE-2025-38521
CVE-2025-38521 affects the Linux kernel DRM/imagination driver. The vulnerability stems from using pm_runtime_force_suspend() followed by pm_runtime_force_resume() during GPU hard reset, which can fail to resume the device if internal runtime PM state is not as expected, leaving GPU clocks disabl...
CVE-2025-38624
CVE-2025-38624 : In the Linux kernel, the pnv_php PCI driver leaked IRQ resources for child bridges during hot unplug of a nested PCIe bridge root, causing a kernel panic. The fix walks all child buses to deallocate IRQ resources before removing devices, and extends the workqueue lifetime to stay...
CVE-2025-38635
The CVE-2025-38635 issue concerns the Linux kernel clk: davinci: davinci_lpsc_clk_register() path. The root cause is a missing NULL check after devm_kasprintf(), which can return NULL on memory allocation failure and lead to a NULL pointer dereference. The fix adds a NULL check after the devm_kas...
CVE-2025-38656
CVE-2025-38656 affects the Linux kernel’s wifi iwlwifi path (iwl_op_mode_dvm_start). The vulnerability stems from preserving the error code when iwl_setup_deferred_work() fails; the code previously returned ERR_PTR(0) (NULL), which could cause a use-after-free involving debugfs. A patch has been ...