14330 matches found
CVE-2026-45936
The CVE-2026-45936 entry concerns a race in the Linux kernel power_supply_changed() handling for Goldfish power supplies. The issue arises when using devm_ allocations for IRQs before the power_supply handle is allocated/registered, creating a window where an interrupt fires after the power_suppl...
CVE-2026-46152
CVE-2026-46152 affects the Linux kernel’s wifi/mac80211 subsystem. The root cause is that ieee80211_invoke_fast_rx() uses a static per-invocation rx_result, causing concurrent callers to share a single instance and potentially overwrite results between ieee80211_rx_mesh_data() and the switch on r...
CVE-2026-46167
CVE-2026-46167 – Linux kernel usb/usblp heap leak : The vulnerability stems from an uninitialized status buffer (statusbuf) allocated at probe time for LPGETSTATUS. If a malicious printer returns zero bytes, a stale 8-byte heap region could be copied to userspace via LPGETSTATUS, causing a heap l...
CVE-2026-46211
CVE-2026-46211 affects the Linux kernel drm/msm/gem component. The flaw in msm_ioctl_gem_info_get_metadata() can cause a NULL pointer dereference due to unchecked allocation (kmemdup()) and always returning 0 on errors, making userspace believe success. The issue is fixed by adding a NULL check f...
CVE-2026-46212
CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...
CVE-2026-46233
CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...
CVE-2026-46273
The CVE-2026-46273 entry describes a Linux kernel vulnerability in the ibmveth driver affecting Power systems: GSO offload fails when MSS < 224 bytes, potentially freezing the network adapter and causing DoS until a manual reset. The fix adds an ndo_features_check to disable GSO for MSS 1; si...
CVE-2026-46304
MODE C: The CVE-2026-46304 entry centers on the Linux kernel nvmet subsystem. The vulnerability stems from nvmet_tcp_release_queue_work() running on the nvmet-wq and possibly dropping the final controller reference through nvmet_cq_put(), which can trigger nvmet_ctrl_free() and flush ctrl->asy...
CVE-2026-46312
CVE-2026-46312 is a Linux kernel vulnerability involving media: videobuf2 where vb2_dma_sg_mmap did not set the VMA flags, potentially triggering a WARN_ON in drm_gem_mmap_obj() during mmap() of an imported dma-buf. The fix adds proper VMA flag handling in vb2_dma_sg_mmap_mmap (consistent with vb...
CVE-2026-46313
CVE-2026-46313 concerns a Linux kernel vulnerability in the media/ipu6 path. The issue is an error-pointer dereference in ipu6_pci_probe() where isp->psys is an error pointer (not NULL) and is dereferenced, potentially leading to a crash. The fix sets isp->psys to NULL on the error path bef...
CVE-2026-52917
Summary (concrete details from provided sources): CVE-2026-52917 fixes a Linux kernel SCTP diagnostics flaw in the sock_diag lookup during the dump_one path. The issue occurs when an SCTP association has been freed but is still being reported, allowing the code to dereference an invalid associati...
CVE-2022-50361
Summary: CVE-2022-50361 concerns the Linux kernel wilc1000 module. In wilc_netdev_ifc_init(), an unregister_netdev() path is missing in the error handling path. The fault report shows a kernel BUG at net/core/dev.c with an invalid opcode when alloc_ordered_workqueue() fails. The root issue is tha...
CVE-2022-50400
The CVE-2022-50400 issue concerns the Linux kernel greybus: audio_helper code, where debugfs usage was removed due to incorrect handling that could leak memory and even erase all debugfs entries. The fix is to remove all debugfs logic from the audio_helper code; if needed later, a fix for the inc...
CVE-2022-50406
CVE-2022-50406 affects the Linux kernel iomap/writeback path. Connected advisories confirm a memory corruption fix during writeback error recording, described as: “iomap: iomap: fix memory corruption when recording errors during writeback.” The issue is associated with the kernel code path handli...
CVE-2023-53288
CVE-2023-53288 relates to a memory leak in the Linux kernel’s DRM subsystem. The issue occurs in drm/client: when a new mode is assigned to modeset->mode, the previously configured mode is not freed, leading to a kmemleak report chain (drm_mode_duplicate → drm_client_modeset_probe → __drm_fb_h...
CVE-2025-38076
CVE-2025-38076 concerns the Linux kernel vulnerability related to module unloading and allocation tags. The issue arises from a use-after-free risk when memory containing a module’s allocation tags remains alive after unloading, because percpu counters referenced by those tags could be freed by f...
CVE-2025-38121
The CVE-2025-38121 entry describes a Linux kernel issue in the wifi: iwlwifi: mld path. When an error occurs during init, in_hw_restart is set but never cleared, causing the code to retry init as if in a restart while not actually in one. This can lead to a NULL pointer dereference during cancell...
CVE-2025-38379
CVE-2025-38379 affects the Linux kernel SMB/CIFS client during channel reconnect in smb2_reconnect_server(). A dummy tcon passed to smb2_reconnect() had an uninitialized ->query_interface, causing queue_delayed_work() to be invoked on an incorrect tcon and triggering a kernel warning (seen in ...
CVE-2025-38519
The CVE-2025-38519 entry pertains to the Linux kernel (mm/damon) and is supported by multiple sources in the connected documents. The root cause is a divide-by-zero crash in damon_get_intervals_score() when region size is zero. The current patch fixes the bug without disallowing zero-size regions...
CVE-2025-38559
CVE-2025-38559 (Linux kernel) affects the Intel PMT subsystem on x86 platforms. The issue is a NULL pointer dereference in intel_pmt_read() when an ep (endpoint) is missing, leading to kernel oops in crashlog handling. The fix, as described, augments intel_pmt_entry with a pointer to the pcidev t...
CVE-2025-38573
CVE-2025-38573: Linux kernel SPI cs42l43 handling bug where the software node’s property entries were not guaranteed to be null-terminated due to missing count, allowing a downstream cs35l56 amplifier driver parse to walk past the array into unknown memory. Root cause: property-count not specifie...
CVE-2025-38605
CVE-2025-38605 affects the Linux kernel’s wifi/ath12k driver. In ath12k_dp_tx_get_encap_type(), arvif may be NULL during vdev delete, risking a kernel panic. The fix passes the valid ab pointer directly from the caller to avoid dereferencing arvif. Affected reference points to ath12k_dp_tx and re...
CVE-2025-38704
CVE-2025-38704: In the Linux kernel, a bug in rcu/nocb could access an invalid nocb_cb_kthread pointer during CPU online/offline cycles. The fix changes the safety check to use rdp->nocb_gp_kthread instead of rdp_gp->nocb_gp_kthread. Public advisories from SUSE (SUSE-SU-2026:20220-1, openSU...
CVE-2025-38707
CVE-2025-38707 is a Linux-kernel NTFS3 file-name sanity-check vulnerability. The issue arises from a too-long file name not being validated against the directory-entry size, potentially enabling local escalation when processing NTFS names. The CVE entry in the initial doc shows a HIGH impact with...
CVE-2025-39686
CVE-2025-39686: In the Linux kernel comedi subsystem, insn_rw_emulate_bits() incorrectly emulated INSN_READ/WRITE for subdevices that support INSN_BITS, handling only a single sample instead of insn->n samples. The fix is to make the function process all n samples or return an error to conform...
CVE-2025-39817
CVE-2025-39817 — Linux kernel efivarfs_d_compare may trigger a slab-out-of-bounds in memcmp when dentry->d_name.len
CVE-2025-39824
The CVE CVE-2025-39824 affects the Linux kernel HID subsystem. A crafted HID descriptor can trigger a use-after-free in hid_input handling during hidinput_connect() after hid_hw_start(), notably via ASUS HID devices (e.g., ASUS ROG N-Key keyboard). The root cause is that capability bitmaps may no...
CVE-2025-39850
CVE-2025-39850 affects the Linux kernel vxlan implementation. When the VXLAN device runs with the proxy option enabled, ARP/IPv6 Neighbor Solicitation can be spuriously suppressed if the remote host’s MAC is not behind the any remote. The root cause is dereferencing an FDB nexthop entry that may ...
CVE-2025-40040
CVE-2025-40040 is a Linux kernel vulnerability arising from the mm/ksm: fix flag-dropping behavior in ksm_madvise. The issue causes an UFFD inconsistency in userfaultfd Release paths when a VMA registered for UFFD in MINOR mode undergoes MADV_UNMEARGEABLE, inadvertently clearing the upper 32 bits...
CVE-2025-71089
CVE-2025-71089 affects the Linux kernel via IOMMU Shared Virtual Addressing (SVA). In SVA, the IOMMU can cache kernel page-table entries, so freeing a kernel page-table page and reusing it could leave stale IOMMU entries, enabling use-after-free or write-after-free scenarios that could allow loca...
CVE-2025-71304
CVE-2025-71304 — Linux kernel Smack DOI handling : The issue arises when writing to /smack/doi with a value previously used, which can disable networking for non-ambient labels. This can lead to privilege escalation, DoS, or information leaks. Debian/RootOS OSV notes indicate patches exist (e.g.,...
CVE-2026-23074
CVE-2026-23074 is a Linux kernel vulnerability in net/sched teql where the teql queuing discipline may be used outside its intended root qdisc, allowing a crafted packet sequence to create a use-after-free scenario in the qfq/qos path due to queue length (qlen) handling. The root cause is that te...
CVE-2026-23201
CVE-2026-23201: Linux kernel fix for ceph oops due to invalid pointer in kfree() within parse_longname(). Root cause was advancing the pointer to skip the initial '_' in ceph snapshot names, causing kfree() to receive an invalid pointer when listing .snap directories. The patch eliminates the poi...
CVE-2026-23210
In CVE-2026-23210, the Linux kernel ice driver experiences a NULL pointer dereference during VSI rebuild when PTP periodic work runs concurrently with VSI rebuild. The root cause is a race where ice_ptp_prepare_for_reset() cancels PTP work, ice_ptp_rebuild() queues it, and VSI rebuild occurs afte...
CVE-2026-31432
CVE-2026-31432 affects the Linux kernel ksmbd component. Affected handling of compound requests (e.g., READ + QUERY_INFO(Security)) could allow an out-of-bounds write when the first READ command consumes most of the response buffer and ksmbd builds a security descriptor. The root cause is that sm...
CVE-2026-31508
The CVE-2026-31508 issue affects the Linux kernel in the Open vSwitch teardown path. The root cause is that after a patch, the teardown code for OVS ports no longer unconditionally takes the RTNL, allowing netdev_destroy() to finish and free the netdev before unregistration completes if the IFF_O...
CVE-2026-31589
The CVE-2026-31589 issue affects the Linux kernel memory management in the mm path related to folio_unmap_invalidate. The vulnerability arises when the system calls free_folio() directly, instead of loading the free_folio function pointer after obtaining a mapping reference or lock, potentially l...
CVE-2026-43074
CVE-2026-43074 affects the Linux kernel eventpoll code. The vulnerability arises from ep_free() freeing the eventpoll structure while still in use by another thread, creating a use-after-free (UAF). The fix defers kfree() of the epi->ep struct to an RCU grace period to prevent UAF; multiple so...
CVE-2026-43120
In the Linux kernel RDMA/irdma driver, CVE-2026-43120 describes a double-free during rereg_user_mr when IB_MR_REREG_TRANS is set. If the trans reg path fails after allocating a new umem, the code releases it but fails to NULL the iwmr->region, causing ib_umem_release to be invoked again during...
CVE-2026-43303
The CVE-2026-43303 issue affects the Linux kernel’s memory management in mm/page_alloc. Subsystems such as slub, shmem, and ttm expose page->private and fail to clear it before freeing pages. If freed pages are later allocated as high-order pages and split, tail pages may retain stale page->...
CVE-2026-45838
CVE-2026-45838 – Linux kernel : The vulnerability arises in BPF handling for cgroup_storage_get_next_key, where list_next_entry() can wrap to the list head and a subsequent NULL check becomes dead code, causing get_next_key() to read storage->key from a bogus pointer and copy it to userspace. ...
CVE-2026-45842
CVE-2026-45842 concerns the Linux kernel slip module. When rslots are configured to 0 (no receive compression), the code may allocate a NULL rstate and set rslot_limit to 0. The receive path does not guard against this, causing slhc_uncompress() to dereference comp->rstate[x] if the VJ header ...
CVE-2026-45898
The CVE-2026-45898 issue affects the Linux kernel’s RDMA/iwcm component, where flawed work submission logic could cause queue_work() to queue items that are still live, enabling a work item to be processed and freed while still on the workqueue and triggering list corruption. The root cause is th...
CVE-2026-45899
CVE-2026-45899 is a Linux kernel/ext4 issue where, if a split extent operation fails, stale extent entries may remain in the extent status tree. The fix requires dropping all of the potentially stale extents when the split fails to prevent inconsistent metadata. Exploitation details are not provi...
CVE-2026-45917
The CVE-2026-45917 issue affects the Linux kernel IP Virtual Server (IPVS) component, where a race between the netdev notifier and the destination cache for a closing device could leak a device reference until the destination is removed. Root cause: the code caches dest_dst with a device that is ...
CVE-2026-46083
CVE-2026-46083 concerns the Linux kernel SPI subsystem. The description indicates a fix for resource leaks that occur when a device is being set up and spi_setup() fails during registration, requiring a call to controller cleanup() to avoid leaking resources allocated by setup(). OpenSUSE/SUSE ad...
CVE-2026-46094
CVE-2026-46094 affects the Linux kernel ext4 code. The vulnerability arises from a bounds check in check_xattrs() for the next xattr entry, where the code compared (void*)next >= end. This could allow next to point within sizeof(u32) bytes of end, and on the subsequent loop iteration IS_LAST_E...
CVE-2026-46110
CVE-2026-46110 affects the Linux kernel stmmac driver. When RX memory is exhausted, stmmac_rx() could misinterpret descriptors (full vs dirty), risking a NULL pointer dereference and potential kernel panic. The fix adds an explicit check to bail out when the next RX descriptor is dirty before adv...
CVE-2026-46157
The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...
CVE-2026-46166
The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...