14330 matches found
CVE-2026-46157
The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...
CVE-2026-46166
The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...
CVE-2026-46225
CVE-2026-46225 concerns the Linux kernel SPI host controller driver (rspi). The issue arises when deregistering the controller: resources such as DMA can be released before proper deregistration, potentially impacting availability. The root cause is captured as “spi: rspi: fix controller deregist...
CVE-2026-46296
The CVE-2026-46296 issue affects the Linux kernel driver for spi s3c64xx. Root cause: a DMA channel allocation was moved from probe() to s3c64xx_spi_prepare_transfer(), but the corresponding deallocation was not removed from the remove() path, leading to a NULL-pointer dereference on driver unbin...
CVE-2026-52906
CVE-2026-52906 (Linux kernel 9p/v9fs) : The issue arises from how 9p options are applied during mounts. After commit 1f3e4142, v9fs_apply_options() uses |= to combine new flags with those already set by v9fs_session_init(), which for 9P2000.L defaults to V9FS_ACCESS_CLIENT. When a user mounts wit...
CVE-2022-50193
CVE-2022-50193 concerns Linux kernel erofs: wake up all waiters after z_erofs_lzma_head is ready. The issue can cause the decompression thread to hang when mounting erofs a second time due to a sequence where Task A loads lzma config and fills z_erofs_lzma_head after Task B has already slept wait...
CVE-2025-38093
CVE-2025-38093 affects the Linux kernel (arm64) for the dts: qcom: x1e80100 entry. The issue arises because the GPU does not throttle under high load, risking hitting the 120°C hardware shutdown. The fix configures GPU throttling to occur at 95°C with polling every 200ms. Impact in the data shows...
CVE-2025-38308
CVE-2025-38308 affects the Linux kernel ASoC Intel AVS path during hardware initialization. The root cause is a potential null pointer dereference in avs_dai_find_path_template(); the fix drops the search since the template is already known when avs_hw_constraints_init() fires. Affected/impacted:...
CVE-2025-38381
The CVE-2025-38381 issue affects the Linux kernel codepath handling cs40l50 uploads. Specifically, in cs40l50_upload_owt(), memory allocated via kmalloc() is not checked for allocation failure, which can lead to a NULL pointer dereference. The fix adds a NULL check and returns -ENOMEM on allocati...
CVE-2025-38486
CVE-2025-38486 concerns a Linux kernel soundwire regression where revert of the qcom set_channel_map API (soundwire: qcom: Add set_channel_map api support) caused kernel instability on Dragonboard 845c (sdm845), including BRK/Fatal exception and a non‑summing trace. Connected reports document spe...
CVE-2025-38505
CVE-2025-38505 affects the Linux kernel mwifiex wireless driver in STA mode when concurrent STA/AP with host MLME is enabled. The issue caused the firmware to send disassociation frames to the STA interface, triggering kernel WARN_ONs during disconnect events. The fix adds validation in the STA r...
CVE-2025-38545
CVE-2025-38545 pertains to the Linux kernel, affecting the net/ethernet/ti am65-cpsw-nuss path. The vulnerability arises from allocating memory for skb_shared_info during the transition from netdev_alloc_ip_align() to build_skb(), where only the packet length was accounted for and not the skb_sha...
CVE-2025-38549
Technical details about CVE-2025-38549 (affected components, root cause, impact, and remediation) are not provided in the supplied documents; monitor for updates.
CVE-2025-38593
CVE-2025-38593: Linux kernel Bluetooth HCI double-free in hci_discovery_filter_clear() due to a race with start_service_discovery(); fix adds locking around kfree() and the NULL assignment of uuids. This mitigates a potential use-after-free / slab error and is reflected in multiple vendor advisor...
CVE-2025-38595
CVE-2025-38595 concerns a use-after-free in the Linux kernel’s Xen hypervisor path related to DMA buffer handling. The issue arises when a file descriptor for a dma_buf is inserted into a descriptor table and another thread closes it, with a race that can lead to dereferencing objects (e.g., the ...
CVE-2025-38634
The CVE-2025-38634 issue is in the Linux kernel’s CPCAP charger code. In cpcap_usb_detect(), power_supply_get_by_name() can return NULL instead of an error pointer, risking a NULL dereference. A null check was added to prevent this. Impact is described as local, with availability impact, and a ME...
CVE-2025-38676
CVE-2025-38676 affects the Linux kernel (iommu/amd) and fixes a stack buffer overflow when processing kernel cmdline acpiid length. The issue is local and can be triggered by crafted kernel command-line input; base score 7.8 (HIGH) with LOCAL/LOW complexity, no user interaction. The CVE is addres...
CVE-2025-38685
CVE-2025-38685 affects the Linux kernel fbdev path. The issue arises in vmalloc out-of-bounds write within fast_imageblit when a userspace ioctl (FBIOPUT_CON2FBMAP) maps a console to a framebuffer; if the console resize during mapping fails but the code continues, it can end up updating display s...
CVE-2025-38703
CVE-2025-38703 affects the Linux kernel’s drm/xe path, specifically making dma-fences compliant with safe access rules. The issue arises when Xe frees data pointed to by dma-fences it exports (e.g., a timeline name) after a userspace submit queue is closed, which could lead to a use-after-free if...
CVE-2025-38718
CVE-2025-38718 affects the Linux kernel SCTP implementation. The issue arises when cloning head skbs with fraglists, causing use-after-likes from sharing frag skbs and leading to uninitialized-value bugs (KMSAN) in sctp_inq_pop and related code paths. The fix patches sctp_rcv() to linearize clone...
CVE-2025-39706
Summary: CVE-2025-39706 affects the Linux kernel's DRM/AMDKFD path. The issue arises when destroying KFD debugfs before kfd_process_destroy_wq, causing a NULL pointer hang due to an attempted remove of /sys/kernel/debug/kfd/proc/ after /sys/kernel/debug/kfd was destroyed. Root cause: proc content...
CVE-2025-39713
The CVE-2025-39713 entry concerns the Linux kernel media: rainshadow-cec driver, where rain_interrupt() performed a buffer-full check on rain->buf_len before acquiring rain->buf_lock. This TOCTOU race could allow concurrent interrupts to overflow the buffer (DATA_SIZE) by writing beyond cap...
CVE-2025-39764
The CVE-2025-39764 entry concerns a Linux kernel netfilter issue: ctnetlink path dumpers initially kept an expectation object alive via refcounting, risking a refcounting bug (double-increment) when exp == last, leading to a memory leak. The patch removes refcounting for the expectation object an...
CVE-2025-39818
CVE-2025-39818: Linux kernel vulnerability in intel-thc-hid (Intel THC) where improper pointer arithmetic in I2C regs save could cause a slab-out-of-bounds read/write (KASAN). The fix replaces the secondary pointer usage with direct array indexing (&dev->i2c_subip_regs[i]) to ensure safe memor...
CVE-2025-39902
CVE-2025-39902 is a Linux kernel vulnerability where mm/slub could crash if object metadata is accessed when the object pointer is NULL or invalid. The root cause is that object_err() attempts to report object details (freelist pointer, redzone, etc.) even when the pointer is not pointing to a va...
CVE-2025-71160
CVE-2025-71160 relates to the Linux kernel netfilter nf_tables chain validation. The vulnerability arises from the validator traversing the entire chain graph (base chains and chain jumps), which can trigger CPU soft lockups in nft_chain_validate under certain input paths. The change described ai...
CVE-2026-23132
CVE-2026-23132 : Linux kernel vulnerability in the dw-dp bridge (drm/bridge: synopsys: dw-dp) resolved. The issue concerned error handling in dw_dp_bind(), with three problems: (1) Missing return after drm_bridge_attach() failure, causing continued execution; (2) Resource leak where drm_dp_aux_un...
CVE-2026-31478
The CVE-2026-31478 issue affects ksmbd in the Linux kernel. The root cause is an incorrect calculation of the response buffer length in smb2_calc_max_out_buf_len(), where a hardcoded hdr2_len was used instead of the correct offset to the Buffer field. The security advisories describe that after a...
CVE-2026-31554
The CVE-2026-31554 entry concerns a Linux kernel futex requeue issue: using sys_futex_requeue() with different flags could enable a use-after-free/UaF condition. To fix, the code now requires identical flags for sys_futex_requeue() (matching the behavior of old-style sys_futex() requeue). The vul...
CVE-2026-31608
CVE-2026-31608 affects the Linux kernel SMB server. The issue is a double-free in smb_direct_free_sendmsg when invoked after smb_direct_flush_send_list(); smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so a second call after post_sendmsg() is incorrect. The fix moves the ca...
CVE-2026-31613
The CVE-2026-31613 issue affects the Linux kernel SMB client. A crafted symlink error response from a remote SMB server can trigger an out-of-bounds read during symlink parsing, allowing UTF-16 data to be read via readlink(2). Root cause: smb2_check_message() accepts a CREATE status without valid...
CVE-2026-31657
CVE-2026-31657 affects the Linux kernel batman-adv component. The flaw arises when batman-adv’s batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway’s final reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_g...
CVE-2026-43047
The CVE-2026-43047 issue concerns the Linux kernel HID multitouch subsystem. A malicious or misconfigured HID device could answer a feature request with a different report ID than requested, causing the HID core to misinterpret data and potentially trigger out-of-bounds writes. The bug is fixed b...
CVE-2026-43336
CVE-2026-43336 – linux kernel ChaCha secret handling : The vulnerability arises in lib/crypto: chacha where the permuted_state is not zeroized before leaving scope, allowing the original state (and thus the key) to be inferred after the permutation. The documented fix is to explicitly zeroize per...
CVE-2026-43414
CVE-2026-43414 affects the Linux kernel SCSI driver qla2xxx (fcport handling). The issue is a double-free of a Fibre Channel port object in qla24xx_els_dcmd_iocb() via qla2x00_els_dcmd_sp_free() after kref_put(), leading to potential memory corruption and system instability or DoS as described by...
CVE-2026-45866
The CVE-2026-45866 case concerns a use-after-free in the Linux kernel caif_serial ldisc path. A race between ldisc_close() and packet transmission can cause handle_tx() to access ser->tty after the tty is freed, due to tty_kref_put() being invoked in ldisc_close() while the network device may ...
CVE-2026-45882
The CVE-2026-45882 issue affects the Linux kernel power supply subsystem, specifically the pm8916_bms_vm driver. A race condition arises from using devm_ variants for IRQ requests before the power_supply handle is registered, causing the handle to be deallocated/unregistered before the IRQ handle...
CVE-2026-45957
CVE-2026-45957 documents a Linux kernel RCU bug: missing recursion protection in rcu_read_unlock() can cause a deadloop when softirq handling runs under ftrace, as shown in the call stack involving raise_softirq_irqoff() and rcu_read_unlock_special(). The issue was fixed by commits that adjust ir...
CVE-2026-46089
CVE-2026-46089: The Linux kernel zram discard path fails to endio for partial discard requests, causing blkdiscard to hang indefinitely. Fixes jump to end_bio and call bio_endio; CVSS v3.1 base 5.5 (Local, Low complexity). Public disclosures in NVD/NASL entries reference kernel commits addressing...
CVE-2026-46092
CVE-2026-46092 relates to the Linux kernel's wifi rtw88 driver (8821CE) where pci_upstream_bridge() returns NULL for devices on a root bus, risking a crash during probe on certain PCI topologies. The fix is to explicitly check for the PCI upstream bridge before applying the workaround. A patch wa...
CVE-2026-46114
CVE-2026-46114 affects the Linux kernel RDMA/rxe driver. A remote attacker could exploit zero- or non-8-byte ATOMIC_WRITE payloads by triggering atomic_write_reply() to dereference 8 bytes past the packet boundary, leaking up to 4 bytes of kernel tailroom per probe (plus trailing ICRC). The issue...
CVE-2026-46178
The CVE-2026-46178 entry concerns the Linux kernel RDMA/mlx4 component. A resource leak could occur during error handling in mlx4_ib_create_srq(), because mlx4_srq_alloc() was not undone during error unwinding. The fix adds a call to mlx4_srq_free() to properly release the resource when an error ...
CVE-2026-46182
The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...
CVE-2026-46191
CVE-2026-46191 concerns the Linux kernel fbcon component: when console rotation fails during fbcon_rotate_font(), the font buffer may overflow due to an OOB access. The fix clears the font buffer if the reallocation during console rotation fails and ensures the rotated buffer does not overflow. D...
CVE-2026-46196
CVE-2026-46196 describes a Linux kernel tracepoint regression: during a 0→1 transition, tracepoint_add_func() calls ext->regfunc() before installing a probe, and if func_add() fails (e.g., -ENOMEM), it previously did not call ext->unregfunc(), leaving behind side effects. The fix mirrors th...
CVE-2026-46214
CVE-2026-46214 relates to the Linux kernel vsock/virtio transport: a backlog count leak occurs when vsock_assign_transport() fails or switches transport, because sk_acceptq_added() is called before transport validation and not removed on error. This can cause sk_acceptq_is_full() to reject new co...
CVE-2026-46276
CVE-2026-46276 concerns the Linux kernel AMDGPU driver on RDNA4 (GFX 12). The issue: amdgpu_ttm_init_on_chip() is called for GDS, GWS and OA resources regardless of whether they exist; when a resource size is zero, drm_mm_init(0,0) triggers DRM_MM_BUG_ON and can crash the kernel during modprobe o...
CVE-2026-46299
CVE-2026-46299 (Linux kernel) affects the hfsplus filesystem during mount. hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, which grabs tree->tree_lock. If hfsplus_cat_build_key() fails, control jumps to out_put_root without releasing the lock, causing a later clean...
CVE-2026-46302
CVE-2026-46302 concerns the Linux kernel SELinux policy handling. The vulnerability arises because multiple processes could concurrently open /sys/fs/selinux/policy, whereas previously only one open was allowed. The root cause is a retained policy_opened flag and a too-large critical section arou...
CVE-2026-46328
The CVE-2026-46328 entry concerns the Linux kernel AppArmor policy: fix rlimit for posix CPU timers. The issue arose because Posix CPU timers required an additional step beyond setting the rlimit, and the patch refactors the code to make clear which code sets the limit and to conditionally update...