14330 matches found
CVE-2022-50013
Summary: CVE-2022-50013 relates to the f2fs (Flash-Friendly File System) code in the Linux kernel. The issue arises from a NAT/NAT bitmap inconsistency that can cause a BUG_ON() in f2fs_new_node_page() when a NAT entry’s blkaddr is not NULL_ADDR while its NAT bitmap marks it free. The vulnerabili...
CVE-2022-50174
The CVE-2022-50174 issue affects the Linux kernel net/hinic path when a hinic device is used as a bond slave and statistics are read from the master bond device. The root cause is in hinic_get_stats64(), which previously called down(&nic_dev->mgmt_lock) to protect a critical section, risking s...
CVE-2022-50233
CVE-2022-50233 (bluetooth: device name can cause reading kernel memory by not supplying terminal \0) affects SUSE Linux Enterprise Server 15 SP4 kernels (live patch stream). The SUSE advisories indicate this issue was fixed in multiple kernel live patches (e.g., SUSE-SU-2026:0163-1, 0166-1, 0168-...
CVE-2022-50356
CVE-2022-50356 affects the Linux kernel’s net: sched: sfb path. When the default qdisc is sfb and dev_queue initialization fails during mqprio_init(), the code calls sfb_reset() to free resources, but the qdisc pointer (q->qdisc) may be NULL, leading to a general protection fault (null pointer...
CVE-2023-53194
CVE-2023-53194 is a Linux kernel vulnerability in fs/ntfs3 related to an insufficient length check in indx_get_root, which can lead to a use-after-free condition observed via KASAN during mounting operations. The provided reports describe a use-after-free read (size 2) on a page accessed by the m...
CVE-2023-53249
CVE-2023-53249 affects Linux kernel clk-imx8mn clock driver. The vulnerability arises from a memory-leak in imx8mn_clocks_probe caused by using of_iomap() for an ioremap region and kzalloc() for allocations that aren’t automatically freed if error paths occur. The fix switches to devm_of_iomap() ...
CVE-2023-53250
The CVE-2023-53250 entry concerns a null-pointer dereference in Linux kernel firmware handling (dmi-sysfs). The issue occurs in dmi_sysfs_register_handle during initialization, triggered by a kobject/dmi_sysfs lifecycle sequence where list_add_tail is followed by an error path, leading to an unin...
CVE-2023-53513
The CVE-2023-53513 issue is a Linux kernel vulnerability where incomplete validation of the nbd ioctl arg can trigger an i_size overflow when the arg is coerced to int (arg cast in nbd_ioctl /nbd_add_socket). The root cause is insufficient validation of large ioctl arguments, allowing an overflow...
CVE-2025-38241
CVE-2025-38241 affects the Linux kernel in mm/shmem and swap paths, causing a soft lockup with mTHP swapin due to a conflict between readahead-ordered folios in swap cache and the swapin folio allocation. The issue occurs when a 10G swap device (e.g., zram) is used with THP and cgroup memory limi...
CVE-2025-38557
CVE-2025-38557 : In the Linux kernel HID subsystem, a vulnerability affects the apple_backlight feature. A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer dereference when toggling the power feature-report if the HID descriptor declares only one field for the powe...
CVE-2025-38632
CVE-2025-38632 affects the Linux kernel pinctrl/pinmux logic. The issue is a race where updates to mux_usecount and mux_owner were not performed atomically under the same lock, allowing a state where mux_usecount > 0 but mux_owner is NULL, potentially causing a NULL pointer on subsequent pin r...
CVE-2025-39683
CVE-2025-39683 (Linux kernel tracing vulnerability) The issue occurs when processing long strings in ftrace filters: trace_get_user may fail, but parser->buffer end is not zeroed, leading to a slab-out-of-bounds read in strsep/ftrace_process_regex and related release paths. The result is a loc...
CVE-2025-39685
Summary (CVE-2025-39685) : In the Linux kernel, the comedi pcl726 driver could trigger an out-of-bounds when an excessively large IRQ number was passed (example 0x80008000). The fix adds an interrupt number check to prevent passing an IRQ number that is too large. It notes that if it->options[...
CVE-2025-39730
CVE-2025-39730 is a Linux kernel issue affecting NFS filehandle handling. The connected Astra/Amazon Linux livepatch advisories (ALAS2023LIVEPATCH-2025-108 and related entries) confirm a fix for NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() by ensuring the minimal filehandle length is...
CVE-2025-39757
CVE-2025-39757 is a Linux kernel/ALSA USB-audio issue where UAC3 cluster segment descriptors were not validated for sizes against declared lengths or allocated buffers, enabling potential out-of-bounds (OOB) access. Connected advisories (Astra Linux and kernel security bulletins) confirm the vuln...
CVE-2025-39767
CVE-2025-39767 describes a Linux kernel issue on LoongArch where enabling CONFIG_KASAN, CONFIG_PREEMPT_VOLUNTARY_BUILD, and CONFIG_PREEMPT_VOLUNTARY together can trigger a soft deadlock due to slow module load times. The root cause involves module_frob_arch_sections() evaluating PLT/GOT counts; a...
CVE-2025-39770
CVE-2025-39770 affects the Linux kernel’s GSO/TSO handling for IPv6. When performing GSO on IPv6 packets with extension headers, the kernel may request checksum offload even though the egress device only advertises NETIF_F_IPV6_CSUM, which explicitly does not support offloading for packets with e...
CVE-2025-39815
The CVE-2025-39815 entry concerns the Linux kernel (RISC-V KVM) where a stack overrun could occur when loading vlenb. The issue arises because userspace can place up to 2048 bits into an xlen-sized stack buffer; the fix adds a pre-check to ensure only xlen bits are used. The vulnerability is desc...
CVE-2025-39825
CVE-2025-39825 is described in the connected IBM security bulletin as a Linux kernel vulnerability: the smb client race with concurrent opens in rename(2). The root cause is a race during the rename operation where, besides sending the rename request, the kernel also closes deferred closes, await...
CVE-2025-39838
CVE-2025-39838 (Linux kernel CIFS UTF16 conversion) Description context: A NULL pointer dereference can occur during UTF16 conversion in the CIFS code path of the Linux kernel. Specifically, a NULL value can be passed to __cifs_sfu_make_node, which then propagates to cifs_strndup_to_utf16 and eve...
CVE-2025-39886
CVE-2025-39886 in the Linux kernel relates to a locking issue triggered when bpf_map_kmalloc_node() is called from __bpf_async_init(), potentially affecting memcg accounting and causing MEMCG_MAX events. The documented fix changes the bpf_timer_init() path to use allow_spinning=false and, per ups...
CVE-2025-71131
The CVE-2025-71131 in the Linux kernel is resolved. The issue was in crypto: seqiv where a request’s iv could be dereferenced after async completion of crypto_aead_encrypt, because the underlying request may be freed. The fix creates a new variable unaligned_info and uses it for the iv check, pre...
CVE-2026-22981
CVE-2026-22981 pertains to the Linux kernel driver for IDPF (Intel Ethernet 800/900-series? context in the doc refers to idpf) where, during reset handling, netdev interfaces are detached/closed to protect the reset path. The vulnerability description states that if reset handling succeeds, netde...
CVE-2026-23001
CVE-2026-23001 – Linux kernel macvlan UAF fix Multiple connected advisories reference this CVE as a fix in the macvlan subsystem. The vulnerability is described as a use-after-free (UAF) in macvlan_forward_source(), with the fix adding RC (read-copy-update) protection on (struct macvlan_source_en...
CVE-2026-23105
CVE-2026-23105 (Linux kernel) : A fix in the net/sched/qfq code changes the activation check of a class from relying on the child qdisc’s qlen to using cl_is_active in qfq_rm_from_ag. This patch makes activation determination more consistent and aims to prevent exploits that could manipulate chil...
CVE-2026-23204
CVE-2026-23204 affects the Linux kernel net/sched cls_u32. The root cause is that skb_header_pointer() does not fully validate negative @offset values, enabling a slab-out-of-bounds condition in u32_classify() (reported as BUG: KASAN). The fix replaces skb_header_pointer() with skb_header_pointer...
CVE-2026-23220
CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...
CVE-2026-23229
CVE-2026-23229 is a Linux kernel vulnerability in virtio-crypto where missing spinlock protection around virtqueue done notifications can cause hangs (e.g., openssl speed benchmark with multi-process workloads). Root cause: data virtqueue handling without spinlock protection in virtcrypto_done_ta...
CVE-2026-23233
CVE-2026-23233 covers a Linux kernel f2fs bug where swapfile mapping can go wrong when the first extent is unaligned and the swapfile is small (
CVE-2026-23242
CVE-2026-23242 affects the Linux kernel RDMA/siw header processing: siw_tcp_rx_data may dereference a NULL qp->rx_fpdu if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(). The fix adds a NULL check for rx_fpdu before accessing more_ddp_segs, preventing the NULL pointer dereference. P...
CVE-2026-43121
CVE-2026-43121 involves the Linux kernel io_uring/zcrx race between scrub and refill paths. The non-atomic read-then-decrement of the user_refs can race with io_zcrx_scrub() using atomic_xchg, causing a double-free of a niov and an out-of-bounds write past the freelist array. The fix replaces the...
CVE-2026-43125
CVE-2026-43125 affects the Linux kernel dlm module. The vulnerability stems from unvalidated length in dlm_dump_rsb_name() coming from network messages, allowing an out-of-bounds write in dlm_search_rsb_tree() when the length exceeds DLM_RESNAME_MAXLEN. This could enable denial of service and, in...
CVE-2026-43190
The CVE-2026-43190 issue affects the Linux kernel netfilter xt_tcpmss TCP option parser. The root cause is reading op[i+1] without validating the remaining option length, which can cause an out-of-bounds read when i+1 == optlen. This could access memory past the option boundary (stack buffer _opt...
CVE-2026-43467
CVE-2026-43467 affects the Linux kernel mlx5_core/mlx5_eswitch stack. Root cause: when moving a device to switchdev mode on a system that does not support IPsec, the code erroneously cleans up IPsec resources, triggering a local crash/DoS. With concrete details from multiple vendors (Red Hat, SUS...
CVE-2026-43493
CVE-2026-43493 affects the Linux kernel crypto/pcrypt code and concerns MAY_BACKLOG handling. MAY_BACKLOG requests could return EBUSY; the fix adds a check for EBUSY and filters out EINPROGRESS notifications, addressing potential processing instability. The vulnerability is resolved in the Linux ...
CVE-2026-45959
The CVE-2026-45959 issue affects the Linux kernel crypto: CCP driver. A local pointer annotated with __cleanup(kfree) could cause kfree to receive the local stack address instead of the allocated memory, leading to a crash. The underlying cause is incorrect cleanup usage; the repository indicates...
CVE-2026-45997
CVE-2026-45997 concerns the Linux kernel SCSI disk driver (sd). The issue arises when device_add(&sdkp->disk_dev) fails during sd_probe; as a result, put_device() calls lead to scsi_disk_release() freeing the scsi_disk but leaving the gendisk referenced. The fix adds a missing put_disk(gd) in ...
CVE-2026-46033
The CVE-2026-46033 issue in the Linux kernel crypto/authencesn was fixed: authenc ESN paths require either a zero authsize or an authsize of at least 4 bytes, but a later path could copy digestsize into inst->alg.maxauthsize without validation, allowing ahash digests of 1–3 bytes (e.g., cbcmac...
CVE-2026-46059
CVE-2026-46059 : In the Linux kernel, KVM/nSVM handling of NRIPS and NextRIP after the first L2 VMRUN could miscompute NextRIP if NRIPS is disabled and a soft interrupt is injected, leading to a correctness issue after save/restore. The vulnerability arises because L1 may provide an incorrect Nex...
CVE-2026-46072
CVE-2026-46072 describes a vulnerability in ntfs3 within the Linux kernel where run_unpack() can perform an out-of-bounds read. Specifically, after checking run_buf
CVE-2026-46098
CVE-2026-46098 affects the Linux kernel caif driver. The vulnerability arises when, after remote shutdown, caif_connect() tears down a client by calling caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer but leaves adap_layer->dn dangli...
CVE-2026-46112
CVE-2026-46112 relates to the Linux kernel RDMA/hns driver. The vulnerability arises from an unlocked call to hns_roce_qp_remove() during error unwinding in hns_roce_create_qp_common(), where the caller did not hold the required locks, risking memory corruption. The fixes synchronize by grabbing ...
CVE-2026-46153
CVE-2026-46153 affects the Linux kernel 8021q VLAN code. The vulnerability arises because vlan_dev_set_egress_priority() kept cleared egress priority mappings as tombstones in a hash, allowing repeated set/clear cycles with different skb priorities to accumulate nodes and cause memory leakage. Th...
CVE-2026-46205
Summary (grounded from provided sources): CVE-2026-46205 affects the Linux kernel atomisp driver (staging: media). The root cause is unsafe handling of private IOCTLs; the change disallows all private IOCTLs and returns early when cmd is non-zero to satisfy static checkers. This vulnerability is ...
CVE-2026-46234
CVE-2026-46234 affects the Linux kernel vsock code, specifically the vsock_update_buffer_size path. The bug arises from clamping the buffer size: it first enforces the maximum, then the minimum, which allows vsk->buffer_size to exceed vsk->buffer_max_size when a larger minimum is configured...
CVE-2026-46310
CVE-2026-46310 affects the Linux kernel component media: renesas: vsp1. The vulnerability is a NULL pointer dereference during module unload on Gen 4, caused by cleanup calling vsp1_drm_cleanup() instead of vsp1_vspx_cleanup(). The fix implements an IP version check to call the appropriate DRM or...
CVE-2026-46320
The CVE-2026-46320 vulnerability affects the Linux kernel tap driver where memory pages allocated for frames in vhost_net_xdp() are not freed on error paths. Specifically, tap_get_user_xdp() may reject frames shorter than ETH_HLEN (-EINVAL) or fail build_skb() (-ENOMEM), but both error paths jump...
CVE-2022-50017
CVE-2022-50017 affects the Linux kernel’s mips cavium-octeon implementation, specifically the octeon2_usb_clocks_start path. The root cause is a missing of_node_put() on the reference returned by of_get_parent(), which increments the devicetree reference count and leads to a refcount leak. The fi...
CVE-2022-50057
CVE-2022-50057 affects the Linux kernel ntfs3 file system. The vulnerability is a NULL dereference in ntfs_update_mftmirr where, if ntfs_fill_super() wasn’t called, sbi->sb could be NULL and dereferenced. The failure path is triggered by certain mount parameters (e.g., an invalid or unexpected...
CVE-2023-53331
Summary (CVE-2023-53331) : In the Linux kernel, the pstore/ram path could treat an empty prz as valid during init, allowing a start value equal to zero to bypass bounds checks and trigger out-of-bounds writes, potentially causing panics in multiple code paths (e.g., sysdump_panic_event, panic, do...