CVE-2026-43215

The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...

CVE-2026-46150

The CVE-2026-46150 issue affects the Linux kernel fanotify subsystem. It arises because fsnotify_get_mark_safe() may return false for a mark in an unrelated group, bypassing the permission check. The fix patches the logic to skip detached marks that are not in the current group, mitigating the by...

CVE-2026-46153

CVE-2026-46153 affects the Linux kernel 8021q VLAN code. The vulnerability arises because vlan_dev_set_egress_priority() kept cleared egress priority mappings as tombstones in a hash, allowing repeated set/clear cycles with different skb priorities to accumulate nodes and cause memory leakage. Th...

CVE-2026-46175

Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...

CVE-2022-49955

Summary of CVE-2022-49955 : This vulnerability concerns the Linux kernel’s powerpc/rtas code, where MSR[HV] handling for IBM Cell during RTAS entry could crash the system. The root cause, as described across sources, is a mismatch in how MSR[HV] is treated when RTAS is invoked (firmware/RTAS inte...

CVE-2022-50082

CVE-2022-50082 affects the Linux kernel ext4 subsystem. The issue arises in ext4_iomap_begin due to a race between bmap and write, which can trigger a WARN_ON_ONCE path during file writes, evidenced by a kernel warning trace through iomap_apply → iomap_bmap → ext4_bmap → bmap. The consequence is ...

CVE-2022-50363

Summary (CVE-2022-50363) The vulnerability affects the Linux kernel’s skmsg flow where alloc_sk_msg() could be invoked from a non-sleepable context. The call path shown in the provided trace goes through alloc_sk_msg() in net/core/skmsg.c to sk_psock_verdict_recv(), which uses rcu_read_lock(). Th...

CVE-2022-50369

In CVE-2022-50369, the Linux kernel’s drm/vkms driver is affected by a null pointer dereference in vkms_release() when destroying the workqueue: vkms->output.composer_workq is destroyed after an OOM path allocates it later in vkms_crtc_init. The issue arises because vkms_release() can call des...

CVE-2022-50407

The CVE-2022-50407 entry concerns the Linux kernel crypto: hisilicon/qm component, where the code path allocates a small local buffer for a QoS value and uses sscanf without validating destination length, enabling a stack overflow. Public documents in connected sources confirm the issue and descr...

CVE-2022-50412

CVE-2022-50412 affects the Linux kernel code paths for drm: bridge: adv7511 and CEC i2c device unregistration. The issue arises when cec_unregister_adapter() calls adapter ops that may become invalid during unregistration, which can invalidate the CEC address and trigger a kernel oops (example tr...

CVE-2023-53152

CVE-2023-53152 concerns the Linux kernel AMDGPU driver. The issue arises during removal of the amdgpu driver where BOs allocated for PSP are not freed, triggering a calltrace warning in amddrm_buddy_fini and related shutdown paths (amdgpu_exit, amdgpu_driver_release_kms). The provided trace shows...

CVE-2023-53181

Technical details for CVE-2023-53181 are not provided in the supplied documents. The visible text references a Linux kernel dma-buf leak fix but lacks specific product/version/subcomponent data. Monitor for updates.

CVE-2023-53209

CVE-2023-53209 : In the Linux kernel, the wifi mac80211_hwsim subsystem could dereference a NULL sta pointer in mac80211_hwsim_select_tx_link(), leading to a NULL pointer dereference. The vulnerability is fixed by explicitly checking that the sta pointer is not NULL before use. Affected component...

CVE-2023-53241

The CVE-2023-53241 entry describes a Linux kernel NFSD flaw where op_release was skipped for some replies, causing a potential memory leak in layoutget when an error occurs. The fix ensures op_release is called even if op_func returns an error and, on error, nfsd4_block_get_device_info_scsi must ...

CVE-2023-53249

CVE-2023-53249 affects Linux kernel clk-imx8mn clock driver. The vulnerability arises from a memory-leak in imx8mn_clocks_probe caused by using of_iomap() for an ioremap region and kzalloc() for allocations that aren’t automatically freed if error paths occur. The fix switches to devm_of_iomap() ...

CVE-2023-53285

CVE-2023-53285 : in the Linux kernel ext4, a bounds-check fix was added in get_max_inline_xattr_value_size() to prevent reading beyond allocated memory if the inode table is corrupted by block-device writes while mounted. This resolves a potential memory read issue in inline xattrs. Impact: HIGH ...

CVE-2023-53389

CVE-2023-53389 affects the Linux kernel’s MediaTek DisplayPort bridge (drm/mediatek) where HPD IRQs could fire before the bridge is attached to a DRM device. This could cause a NULL pointer dereference in drm_helper_hpd_irq_event() due to an invalid drm_device being passed. The published fix: ver...

CVE-2023-53441

CVE-2023-53441: Linux kernel bpf cpumap memory leak fix. The vulnerability concerns cpu_map_update_elem leaking memory in the BPF map update path (cpu_map_entry_alloc path) as observed by Syzkaller. The fix is in the kernel, referenced by commits such as a957ac8e0b5ffb5797382a6adbafd005a5f72851 a...

CVE-2025-38243

The CVE-2025-38243 issue affects the Linux kernel’s Btrfs log replay path. In several locations that call read_one_inode(), a NULL inode pointer could be dereferenced (e.g., iput(&inode->vfs_inode) in __add_inode_ref()), causing an invalid memory access and a crash. The available connected doc...

CVE-2025-38247

CVE-2025-38247 concerns the Linux kernel: a leak of user namespaces and possibly mnt_idmap in open_tree_attr(2) due to not releasing ->mnt_userns after a positive result from want_mount_setattr(). The root cause is that finish_mount_kattr() must release the namespace, and if do_mount_setattr()...

CVE-2025-38266

CVE-2025-38266 affects the Linux kernel pinctrl/mediatek EINT path. The root cause was an invalid dereference: a function (mtk_eint_do_init) could be called with a version of struct mtk_pinctrl that lacks the required soc field when using v1 drivers, leading to a potential crash on certain boards...

CVE-2025-38367

CVE-2025-38367 concerns the Linux kernel LoongArch KVM subsystem. The issue arises from a logic error where a modified index is reused as an array index when updating the EIOINTC_ENABLE register, creating an array index overflow condition. The vulnerability affects the kernel, with the descriptio...

CVE-2025-38394

The CVE-2025-38394 issue is in the Linux kernel HID path (appletkd/b appletb-kbd) where an input handler is registered to input core and then, if probe fails, freed memory remains in input_handler_list. This creates a use‑after‑free condition (UAF) in input_attach_handler during subsequent device...

CVE-2025-38518

CVE-2025-38518 concerns the Linux kernel: on Zen2-class AMD CPUs, the INVLPGB flag is disabled in the kernel to prevent system oopses/panics during TLB flush. The root cause is a misreported CPUID INVLPGB bit by AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h). The mitigation across connec...

CVE-2025-38580

The CVE-2025-38580 entry concerns a Linux kernel ext4 use-after-free in ext4_end_io_rsv_work(). The fix adds a check in ext4_io_end_defer_completion() to ensure io_end->list_vec is empty before adding to i_rsv_conversion_list, preventing starting an unnecessary worker. It also adds ext4_emerge...

CVE-2025-38627

CVE-2025-38627 affects the f2fs component of the Linux kernel. The root cause is a use-after-free of f2fs_inode_info in f2fs_free_dic when decompress_io_ctx is released asynchronously after I/O completion, potentially evicting the inode before dic is used. The exploit scenario involves concurrent...

CVE-2025-38651

Summary: CVE-2025-38651 concerns the Linux kernel landlock component. A bug in get_id_range() could receive a non-positive value because get_random_u8() may return 0, triggering an unsafe first argument. The fix clamps the value to ensure positivity. The vulnerability was discussed in kernel-land...

CVE-2025-38669

CVE-2025-38669 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable across a GEM object’s lifetime, becoming NULL after the final GEM handle is released, leading to a NULL-pointer dereference. The vulnerability arose after a change to use dma_buf from the G...

CVE-2025-38693

CVE-2025-38693 is a Linux kernel vulnerability affecting media: dvb-frontends, specifically w7090p tuner code. The issue is a NULL pointer dereference in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar when user-controlled msg[0].buf is null and msg[0].len is zero, allowing a crash if msg[...

CVE-2025-38701

CVE-2025-38701 relates to ext4 in the Linux kernel where a syzbot-triggered BUG_ON could occur when INLINE_DATA_FL is set but the system.data xattr is missing. The fix replaces BUG_ON with EXT4_ERROR_INODE() in ext4_create_inline_data() and ext4_inline_data_truncate(), and documents reporting a c...

CVE-2025-38713

CVE-2025-38713 concerns a slab-out-of-bounds read in the Linux kernel’s hfsplus handling. The issue occurs in hfsplus_uni2asc(), which can be triggered via hfsplus_readdir() and may crash the kernel (KASAN slab-out-of-bounds). The connected documents confirm a fix in the kernel source to address ...

CVE-2025-38723

CVE-2025-38723 concerns the Linux kernel, specifically LoongArch BPF tailcall handling. The issue arises in the tailcall jump offset calculation when bpf_int_jit_compile() fails to initialize the JIT context, leaving out_offset = -1. Consequently, the computed jmp_offset = (out_offset - cur_offse...

CVE-2025-39673

Summary (CVE-2025-39673) : The issue is in the Linux kernel’s ppp_fill_forward_path() where two race conditions could occur in the ppp channels handling. The patch uses a lockless RCU approach: test and access the first channel with list_first_or_null_rcu(); modify channel list with RCU-variants ...

CVE-2025-39676

CVE-2025-39676 affects the Linux kernel in the SCSI qla4xxx path. The issue arises because qla4xxx_ep_connect() can return error pointers, while qla4xxx_get_ep_fwdb() is expected to return NULL on error; propagating error pointers leads to an Oops in the caller. The fix changes error pointers to ...

CVE-2025-39679

CVE-2025-39679: In the Linux kernel driver drm/nouveau/nvif, fixing a memory leak in nvif_vmm_ctor() when nvif_vmm_type is invalid. The patch returns -EINVAL and frees resources; connected advisories reference this CVE but provide no additional exploit details.

CVE-2025-39689

CVE-2025-39689 affects the Linux kernel’s ftrace filter handling. The issue arose because readers (set_ftrace_filter/set_ftrace_notrace) kept a pointer to the global tracer hash, unlike writers who copy the hash. The pointer could remain static across calls that release locks and update the globa...

CVE-2025-39692

CVE-2025-39692 is a Linux kernel vulnerability related to the SMB ksmbd path where ksmbd_rdma_stop_listening() must be called before stop_sessions() to avoid using the smb_direct_wq pointer after destroy. The issue arises when the order is not respected, allowing existing connections to reference...

CVE-2025-39703

CVE-2025-39703 affects the Linux kernel net/hsr path. When an HSR frame arrives with insufficient space for the HSR tag, the skb cannot accommodate headers, leading to a panicked skb_push() in br_dev_queue_push_xmit() and a kernel crash. The issue stems from corrupted HSR frames being processed b...

CVE-2025-39704

CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...

CVE-2025-39715

CVE-2025-39715 affects the Linux kernel on Parisc where a read-access check was not triggered for certain user-access memory references, allowing a local attacker to execute a LWS compare-and-swap at an address that is read-protected at PRIV_USER. The issue is fixed by probing read access rights ...

CVE-2025-39726

Technical details about CVE-2025-39726 are not publicly provided in the connected documents. The entries reference the CVE but do not describe affected products, versions, root cause, exploits, or fixes here. Monitor for updates.

CVE-2025-39737

CVE-2025-39737 corresponds to a Linux kernel kmemleak issue where soft lockups occurred during cleanup of a large kmemleak object set (e.g., ~40k objects). The provided Astra Linux bulletin notes the fix: in kmemleak_do_cleanup(), periodically call cond_resched() inside the cleanup loop to avoid ...

CVE-2025-39747

Technical details about CVE-2025-39747 are not publicly provided in the supplied documents. Monitoring for updates from OSV/Root feeds is advised; no concrete affected products, root cause, or patch details are present here.

CVE-2025-39752

CVE-2025-39752: In the Linux kernel (ARM/rockchip), the SMP initialization hang bug was fixed by moving SRAM initialization to after all secondary CPUs are powered down. The root cause involved the trampoline code being written to SRAM while secondary CPUs were powered on, causing potential kerne...

CVE-2025-39757

CVE-2025-39757 is a Linux kernel/ALSA USB-audio issue where UAC3 cluster segment descriptors were not validated for sizes against declared lengths or allocated buffers, enabling potential out-of-bounds (OOB) access. Connected advisories (Astra Linux and kernel security bulletins) confirm the vuln...

CVE-2025-39773

CVE-2025-39773 refers to a Linux kernel issue in the bridge/net subsystem where setting multicast_query_interval to a large value can cause a local time overflow in br_multicast_send_query(), making the timer expire immediately and re-arm in a loop, potentially triggering a soft lockup (as shown ...

CVE-2025-39787

CVE-2025-39787 (Linux kernel) affects the soc: qcom: mdt_loader in remoteproc usage. The root cause is reading beyond the ELF header during traversal; the fix validates the firmware buffer size and also validates e_phentsize and e_shentsize to ensure correct header traversal. Impact described as ...

CVE-2025-39806

CVE-2025-39806 refers to a slab-out-of-bounds access in the Linux kernel HID multitouch path, specifically in mt_report_fixup(). An attacker could trigger this when a HID report descriptor is smaller than 607 bytes; mt_report_fixup() patches at offset 607 without validating descriptor length, lea...

CVE-2025-39809

CVE-2025-39809 affects the Linux kernel’s Intel QuickI2C HID path (intel-thc-hid). The issue is that the ACPI _DSD methods for ICRS/ISUB return data with a trailing byte, making the actual length one byte longer than the structs define. This leads to a stack-out-of-bounds write and a kernel crash...

CVE-2025-39816

CVE-2025-39816 pertains to the Linux kernel’s io_uring/kbuf path. The issue stems from reading ring-provided buffer lengths without a stable read, risking changes between checks and commits since buffers come from userspace. The fix mandates using READ_ONCE() when reading these lengths and tighte...