Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/09/05 5:21 p.m.39 views

CVE-2025-39694

CVE-2025-39694 concerns the Linux kernel on s390:sclp where a NULL SCCB address check after address translation could fail if identity mapping does not start at 0, potentially allowing access to the first page of identity mapping. The fix adds a NULL-case handler prior to address translation to e...

5.5CVSS5.8AI score0.00147EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.39 views

CVE-2025-39760

CVE-2025-39760 concerns the Linux kernel USB subsystem: usb_parse_ss_endpoint_companion() previously read descriptor fields without ensuring the descriptor length, enabling an out-of-bounds read in SS endpoint companion parsing. The fixed code now checks the size before accessing descriptor field...

7.1CVSS6.3AI score0.00164EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.39 views

CVE-2025-39783

CVE-2025-39783: Linux kernel PCI endpoint. The configfs group handling in pci_epf_remove_cfs() incorrectly called list_del() on epf_group, which is a list head, causing a slab-use-after-free (KASAN) when tearing down endpoint function drivers with a configfs attribute group. The connected Astra L...

7.8CVSS6.1AI score0.00152EPSS
CVE
CVE
added 2026/05/08 1:15 p.m.39 views

CVE-2025-71300

CVE-2025-71300 affects the Linux kernel where U-Boot’s OP-TEE logic injects a reserved-memory node into the kernel device tree. A manually defined OP-TEE node in zynqmp.dtsi interferes with this process, causing memory access violations at runtime. The issue is described as resolved by reverting ...

5.5CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.39 views

CVE-2026-23221

CVE-2026-23221 – Linux kernel (bus/fsl-mc driver) : The vulnerability arises from reading the driver_override string in driver_override_show() without holding the device_lock while driver_override_store() uses driver_set_override() to modify/free the string while the lock is held. This can cause ...

7.8CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2026/04/13 1:21 p.m.39 views

CVE-2026-31418

CVE-2026-31418 is a Linux kernel vulnerability in netfilter/ipset mtype_del where drop of empty buckets is not performed correctly, leaving buckets with only deleted entries when n->pos points past them. The fix changes how a bucket is treated as empty: release the bucket directly when all pos...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.39 views

CVE-2026-31448

CVE-2026-31448 concerns the Linux kernel ext4 filesystem. The issue arises on mkdir/mknod when an extent insertion fails and ext4_ext_map_blocks() reclaims blocks without removing corresponding data from the extent tree, allowing the same physical block to be referenced by both directory and xatt...

9.4CVSS5.7AI score0.00433EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.39 views

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

9.8CVSS5.8AI score0.00502EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.39 views

CVE-2026-45936

The CVE-2026-45936 entry concerns a race in the Linux kernel power_supply_changed() handling for Goldfish power supplies. The issue arises when using devm_ allocations for IRQs before the power_supply handle is allocated/registered, creating a window where an interrupt fires after the power_suppl...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.39 views

CVE-2026-46015

The CVE-2026-46015 issue affects the Linux kernel TCP path when migrating an established child socket between listeners in the same SO_REUSEPORT group. After inet_csk_listen_stop() migrates, the target listener can obtain a new accept-queue entry via inet_csk_reqsk_queue_add(), but the path does ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.39 views

CVE-2026-46149

Summary: CVE-2026-46149 affects the Linux kernel SCSI target subsystem, specifically the configfs path in tg_pt_gp_members_show(). The function formats LUN paths with snprintf() into a 256-byte stack buffer and then copies cur_len bytes via memcpy(), but snprintf() may return a length that exceed...

7.1CVSS5.7AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.39 views

CVE-2026-46150

The CVE-2026-46150 issue affects the Linux kernel fanotify subsystem. It arises because fsnotify_get_mark_safe() may return false for a mark in an unrelated group, bypassing the permission check. The fix patches the logic to skip detached marks that are not in the current group, mitigating the by...

7.1CVSS5.8AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.39 views

CVE-2026-46180

CVE-2026-46180 concerns a use-after-free in wifi brcmfmac when stopping the watchdog task in the Linux kernel. The vulnerability is addressed by increasing the watchdog task reference count before send_sig() and then dropping it with kthread_stop_put(). Connected OSV entries show patches in Root:...

7.8CVSS5.8AI score0.00135EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.39 views

CVE-2026-46189

CVE-2026-46189 affects the Linux kernel RDMA pvrdma component (pvrdma_alloc_ucontext). The issue is a double free: pvrdma_uar_free() is invoked in pvrdma_dealloc_ucontext() and is erroneously called before, creating a double free condition. Concrete fixes exist in OSV entries for multiple distrib...

7.8CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2026/06/09 12:25 p.m.39 views

CVE-2026-46330

The CVE-2026-46330 entry concerns the Linux kernel TCP ULP support for SMC. The vulnerability arises when an active TCP socket is converted into an SMC socket by in-place modifications to core VFS structures (struct file, dentry, inode), violating VFS invariants that expect these structures to be...

7.8CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2025/06/18 11:0 a.m.38 views

CVE-2022-49975

CVE-2022-49975 affects the Linux kernel’s BPF path, where a redirect of packets with invalid pkt_len could occur. The root cause is described as a BPF program test/run path (bpf_prog_test_run_skb) redirecting empty skbs, leading to a potential flow handling issue in fq_codel_drop(). The vulnerabi...

7.8CVSS6.5AI score0.00221EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.38 views

CVE-2022-50163

CVE-2022-50163 concerns a Linux kernel fix for ax25: fix incorrect dev_tracker usage. The root cause was that an ax25_dev could be used by one or more ax25_cb structures, requiring separate dev_tracker per ax25_cb. The patch introduces per-structure tracking to prevent reference tracker mismanage...

7.8CVSS6.5AI score0.00211EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.38 views

CVE-2022-50432

CVE-2022-50432 : The Linux kernel kernfs use-after-free is caused by a race where the root node is freed during kernfs_drain(), allowing concurrent kernfs_remove_by_name_ns() calls to dereference freed memory. The fix adds an extra reference to the root of the tree before calling __kernfs_remove(...

7.8CVSS6AI score0.0015EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.38 views

CVE-2023-53186

CVE-2023-53186 affects the Linux kernel’s skb handling: a race between coalescing and releasing SKBs can occur when merging fragments across page_pool and non-page_pool pages. The root cause is that skb_cloned(from) must remain true until coalescing finishes; if the other cloned SKB is released m...

4.7CVSS6AI score0.00101EPSS
CVE
CVE
added 2025/09/15 2:6 p.m.38 views

CVE-2023-53197

CVE-2023-53197: Linux kernel USB UHCI memory leak when using debugfs_lookup() (dput() on result required). The fix is to replace with debugfs_lookup_and_remove(), which handles the logic and prevents leaks. Affected: Linux kernel USB UHCI code path; Impact states local, with availability impact a...

5.5CVSS6.2AI score0.00151EPSS
CVE
CVE
added 2025/09/15 2:46 p.m.38 views

CVE-2023-53245

CVE-2023-53245 refers to the Linux kernel Hyper-V StorVSC integration for virtual Fibre Channel timeouts. The issue arises from a faulty integration where the FC transport timeout handler (fc_eh_timed_out()) could dereference a NULL rport, causing a kernel panic. The published fix removes the cal...

5.5CVSS5.8AI score0.00137EPSS
CVE
CVE
added 2025/09/15 2:46 p.m.38 views

CVE-2023-53258

CVE-2023-53258 (Linux kernel) relates to drm/amd/display underflow when using displays with large vblank regions at low refresh rates. The issue was fixed by simplifying the vblank_nom calculation and increasing VBlankNomDefaultUS to 800µs. Public advisories indicate patches were applied in Linux...

5.5CVSS6.1AI score0.00134EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.38 views

CVE-2023-53345

CVE-2023-53345 pertains to the Linux kernel, addressing a data race in rxrpc_wait_to_be_connected() where the loop accessed call->error before the call state was checked for completion. The fix ensures call->error is read only after the call is complete, preventing races between rxrpc_send_...

4.7CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.38 views

CVE-2025-38133

CVE-2025-38133 affects the Linux kernel’s IIO ADC driver (ad4851/ad4858). The root cause was pointer arithmetic: ad4851_parse_channels_common() advances the channel pointer, and ad4858_parse_channels() advanced it again when setting ext_scan_type, causing indio_dev->channels to point past the ...

7.8CVSS7.4AI score0.00155EPSS
CVE
CVE
added 2025/07/09 10:42 a.m.38 views

CVE-2025-38254

The CVE-2025-38254 issue is in the Linux kernel (drm/amd/display) where drm_edid_raw() could return NULL or oversized EDID bytes, risking an Oops or memory corruption. The fix adds sanity checks for drm_edid_raw() and returns EDID_BAD_INPUT in those corner cases. It is related to EDID handling wh...

5.5CVSS6.5AI score0.0012EPSS
CVE
CVE
added 2025/08/16 11:34 a.m.38 views

CVE-2025-38551

Technical details about CVE-2025-38551 are not publicly provided in the supplied connected documents. Monitor for updates.

5.5CVSS6.6AI score0.00106EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.38 views

CVE-2025-38622

CVE-2025-38622 — Linux kernel UDP/GSO issue : The vulnerability occurs in the UDP receive path when a packet with virtio_net_hdr using SKB_GSO_UDP and a gso_size smaller than the UDP header can trigger a crash in skb_pull_rcsum, leading to a kernel BUG in net/core/skbuff.c and a local attacker ma...

5.5CVSS6.1AI score0.0016EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.38 views

CVE-2025-38652

CVE-2025-38652: In the Linux kernel, a f2fs path handling bug can cause out-of-bounds access when constructing devs.path for a device, due to sbi->devs.path[] not leaving space for the trailing null terminator. Root cause: device path storage (path[MAX_PATH_LEN]) can be fully filled, causing p...

7.1CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/08/22 4:1 p.m.38 views

CVE-2025-38659

CVE-2025-38659 (Linux kernel, gfs2): The issue occurs during a node withdrawal when the only mounted node would try to replay the local journal, which previously could dereference sdp->sd_jdesc->jd_inode due to a use-after-free in gfs2_recover_func(). The vulnerability is mitigated by remov...

5.5CVSS6.5AI score0.00143EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.38 views

CVE-2025-38679

CVE-2025-38679 – Linux kernel media venus OOB read : The vulnerability is in media: venus where event_seq_changed() processes a firmware property count without validating the payload length, enabling out-of-bounds memory access. Impact: kernel crashes and potential information disclosure if firmw...

7.1CVSS5.7AI score0.00149EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.38 views

CVE-2025-38692

CVE-2025-38692 refers to a Linux kernel exFAT fix validating cluster chains to prevent infinite loops during directory operations. The patch adds loop-break checks for conditions in exfat_count_dir_entries, exfat_create_upcase_table, exfat_load_bitmap, exfat_find_dir_entry, and exfat_check_dir_em...

5.5CVSS6AI score0.00145EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.38 views

CVE-2025-38710

CVE-2025-38710 (gfs2 depth validation) : Linux kernel fix for exhash directories in GFS2. A fuzzer caused a depth of 0 in dir_e_read(), triggering an undefined shift by 32 in index = hash >> (32 - dip->i_depth). The minimum exhash depth is ilog2(sdp->sd_hash_ptrs) and 0 is invalid sin...

5.5CVSS5.9AI score0.00136EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.38 views

CVE-2025-39698

CVE-2025-39698 concerns the Linux kernel io_uring/futex cleanup: io_futex_data is allocated upfront and wired into io_kiocb.async_data, but the request flag REQ_F_ASYNC_DATA may not be set at that time. On failure, the futex handler frees the data but may not clear async_data, so the data and fla...

8.8CVSS5.9AI score0.00179EPSS
CVE
CVE
added 2025/09/05 5:27 p.m.38 views

CVE-2025-39726

Technical details about CVE-2025-39726 are not publicly provided in the connected documents. The entries reference the CVE but do not describe affected products, versions, root cause, exploits, or fixes here. Monitor for updates.

4.7CVSS6.3AI score0.00102EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.38 views

CVE-2025-39782

CVE-2025-39782 concerns the Linux kernel, specifically the JBD2 journal path. The issue arises because jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() contend for j_list_lock, potentially causing long wait times that can trigger softlockups if sleeping calls do not occur. The a...

5.5CVSS5.9AI score0.00117EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.38 views

CVE-2025-39808

CVE-2025-39808 – Linux kernel HID-ntrig null-deref fix . Affects HID-ntrig in the Linux kernel. In ntrig_report_version(), a hdev structure copied from hid_probe() could lead to a page fault when a descriptor was sent to /dev/uhid if hdev->dev.parent->parent was NULL. The fix adds a null-ch...

5.5CVSS6.1AI score0.0016EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.38 views

CVE-2025-39841

CVE-2025-39841 affects the Linux kernel’s SCSI lpfc code, specifically the deferred receive path. The vulnerability arises from an incorrect buffer release order: the RQ buffer was freed before clearing the context pointer under the lock, allowing concurrent paths (e.g., ABTS and the repost path)...

7.8CVSS6.5AI score0.00167EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.38 views

CVE-2025-39844

CVE-2025-39844 relates to a Linux kernel memory-management bug where page-table synchronization was not consistently performed when vmemmap spans multiple PGD entries. The issue caused intermittent boot failures and a kernel panic (notably on 4-level paging with large persistent memory) due to a ...

5.5CVSS6.2AI score0.00137EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.38 views

CVE-2025-39851

CVE-2025-39851 affects the Linux kernel vxlan implementation. When learning is enabled, a packet may refresh an FDB entry that points to an FDB nexthop group but has no remote, causing a NULL pointer dereference (NPD). The fix drops such packets earlier (before dereferencing a remote) and removes...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.38 views

CVE-2025-39865

CVE-2025-39865 affects the Linux kernel tee subsystem. The issue is a potential NULL pointer dereference in tee_shm_put when reg_pair_to_ptr may return NULL, leading to a crash in shutdown flow (optee/shm cache path). The documented fix is to add a NULL check in tee_shm_put to prevent dereferenci...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.38 views

CVE-2025-39883

CVE-2025-39883 affects the Linux kernel memory-management path mm/memory-failure, where unpoisoning memory can trigger VM_BUG_ON_PAGE(PagePoisoned(page)) due to checking PG_HWPoison flags on an uninitialized page. The root cause described in the initial and connected advisories is the uninitializ...

7.1CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/13 1:48 p.m.38 views

CVE-2025-39964

CVE-2025-39964 affects the Linux kernel crypto: af_alg where two concurrent writes to the same af_alg socket could interleave data and corrupt internal socket state. The fix adds a dedicated exclusive ownership indicator (ctx->write) to prevent concurrent writes and ensure serialized access. I...

3.3CVSS6.1AI score0.00232EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.38 views

CVE-2025-71097

Technical details for CVE-2025-71097 are not provided in the connected documents. The sources confirm the CVE exists and is tracked in various advisories, but no further product/version/impact/fix specifics are included here. Monitor vendor advisories for updates.

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.38 views

CVE-2026-23097

CVE-2026-23097: Linux kernel migrate path deadlock due to incorrect lock ordering between hugetlb folio_lock and i_mmap_rwsem. Specifically migrate_pages -> migrate_hugetlbs -> unmap_and_move_huge_page -> remove_migration_ptes -> __rmap_walk_file() acquires i_mmap_lock_read while anot...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/03/25 10:33 a.m.38 views

CVE-2026-23394

CVE-2026-23394 – af_unix GC race with MSG_PEEK (Linux kernel) : A race between MSG_PEEK and garbage collection can cause the GC to incorrectly GC dead sockets, since MSG_PEEK silently bumps a file refcount. The issue originates from a change in the current GC algorithm and the removal of the lock...

4.7CVSS5.7AI score0.00089EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.38 views

CVE-2026-31525

CVE-2026-31525 concerns the Linux kernel BPF interpreter’s signed 32-bit division/modulo (sdiv32/smod32). The issue arises from using abs() on s32 operands, which is undefined for S32_MIN, causing incorrect results that can mismatch verifier behavior and enable out-of-bounds map access. A fix int...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.38 views

CVE-2026-31649

The CVE-2026-31649 issue affects the Linux kernel’s stmmac driver, where jumbo_frm() can underflow when processing fragmented packets. If nopaged_len is small but skb->len is large, len = nopaged_len - buf_len (with buf_len clamped to min(nopaged_len, bmax)) can still yield a large unsigned va...

9.8CVSS6AI score0.00406EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.38 views

CVE-2026-31677

The CVE-2026-31677 issue affects the Linux kernel af_alg path. The root cause is that af_alg_get_rsgl() could extract RX scatterlist data beyond the remaining receive budget, allowing a local attacker to trigger a DoS via recvmsg when there isn’t enough RX space for a chunk. The fix tightens budg...

5.5CVSS5.6AI score0.00114EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.38 views

CVE-2026-43077

CVE-2026-43077 concerns the Linux kernel crypto/algif_aead path. The vuln arises from a miscalculation of the minimum receive buffer size during decryption because the tag size was not considered in the size check. The fix adds the required extra length to account for the authentication tag, prev...

5.5CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.38 views

CVE-2026-43407

The CVE-2026-43407 issue affects the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY with a large payload_len could trigger an integer overflow and out-of-bounds read. The root cause is storing payload_len and related lengths in int, allowing negative values to underflow pointers. The...

9.1CVSS5.8AI score0.00537EPSS
Total number of security vulnerabilities14330