CVE-2025-39809

CVE-2025-39809 affects the Linux kernel’s Intel QuickI2C HID path (intel-thc-hid). The issue is that the ACPI _DSD methods for ICRS/ISUB return data with a trailing byte, making the actual length one byte longer than the structs define. This leads to a stack-out-of-bounds write and a kernel crash...

CVE-2025-39816

CVE-2025-39816 pertains to the Linux kernel’s io_uring/kbuf path. The issue stems from reading ring-provided buffer lengths without a stable read, risking changes between checks and commits since buffers come from userspace. The fix mandates using READ_ONCE() when reading these lengths and tighte...

CVE-2025-39826

CVE-2025-39826 : In the Linux kernel, the net/rose_neigh struct’s use field was a non-atomic reference counter, risking use-after-free if the rose_neigh is freed while still referenced. The fix converts the field from unsigned short to refcount_t and switches code paths to rose_neigh_hold() and r...

CVE-2025-39842

CVE-2025-39842 : In the Linux kernel, the ocfs2 path could dereference a NULL journal pointer when releasing an inode during journal shutdown. The root cause was calling jbd2_journal_release_jbd_inode() with osb->journal potentially NULL after ocfs2_journal_shutdown(). The fix is to add explic...

CVE-2025-39859

CVE-2025-39859 : In the Linux kernel, a race condition can cause a use-after-free when the timer watchdog used by ptp_ocp_watchdog is running during devlink deallocation. The flaw occurs because ptp_ocp_detach() only cancels the watchdog if it is pending; if the timer handler is active, timer_del...

CVE-2025-39876

CVE-2025-39876 is a Linux kernel vulnerability in the net: fec code (fec_enet_phy_reset_after_clk_enable). The issue arises when of_phy_find_device() may return NULL and the code dereferences it, enabling a possible null pointer dereference. Public advisories (e.g., Debian DLA-4404-1 and SUSE SUS...

CVE-2025-39885

CVE-2025-39885 affects the OCFS2 filesystem in Linux kernels. The vulnerability stems from a recursive semaphore deadlock during fiemap processing of a specially crafted mmap’ed file: ocfs2_fiemap() takes a read lock on ip_alloc_sem, then fiemap_fill_next_extent() accesses the extent list while a...

CVE-2025-39901

CVE-2025-39901 affects the Linux kernel i40e driver. The vulnerability arises from read access to two legacy debugfs files, a read interface for the i40e command and netdev_ops buffers. Both files share a static 256-byte buffer initialized to the empty string, with reads formatting output as “: ”...

CVE-2025-71239

CVE-2025-71239 affects the Linux kernel audit subsystem: fchmodat2() was not in the change-attributes class, allowing calls that change file attributes to bypass certain audit rules. The patch adds fchmodat2() to the change attributes class, addressing this bypass path. Public advisories document...

CVE-2026-23103

Technical details about CVE-2026-23103 are not provided in the supplied documents. The description mentions making addrs_lock per port and related fixes, but lacks explicit affected products, versions, or remediation steps. Monitor for updates.

CVE-2026-23198

CVE-2026-23198 relates to the Linux kernel KVM irqfd handling. The vulnerability arose when deassociating an IRQFD could clobber the irqfd’s copy of the IRQ’s routing entry, causing arch-specific code (e.g., kvm_arch_irq_bypass_del_producer on x86/arm64) to misinterpret routing as MSI. The fix ch...

CVE-2026-23211

CVE-2026-23211 concerns the Linux kernel memory management swap subsystem. The issue arises from a change that marked the swap address space as read-only, which could trigger a kernel panic if arch_prepare_to_swap() fails during heavy memory pressure. The documented root cause path includes pages...

CVE-2026-23222

CVE-2026-23222 has been resolved in the Linux kernel. The bug was due to omap_crypto_copy_sg_lists() allocating an array of scatterlist pointers instead of scatterlist objects, causing a 4x under-allocation. The fix uses sizeof(*new_sg) to allocate the correct object size, ensuring proper scatter...

CVE-2026-23269

CVE-2026-23269 is an AppArmor/Linux kernel vulnerability where untrusted data is used as DFA start-state indices during unpack_pdb, enabling an out-of-bounds read in aa_dfa_next (via dfa->tables[YYTD_ID_BASE][start]). The issue is tied to the AppArmor LSM component and the root cause is readin...

CVE-2026-31413

CVE-2026-31413 — Linux kernel BPF verifier flaw (CVE-joined info from multiple sources) The issue arises in maybe_fork_scalars() when handling ARSH plus AND/OR with a constant in the BPF verifier. The code forks the verifier state; the pushed path previously used env->insn_idx + 1, so it re-ex...

CVE-2026-31432

CVE-2026-31432 affects the Linux kernel ksmbd component. Affected handling of compound requests (e.g., READ + QUERY_INFO(Security)) could allow an out-of-bounds write when the first READ command consumes most of the response buffer and ksmbd builds a security descriptor. The root cause is that sm...

CVE-2026-31574

CVE-2026-31574 concerns the Linux kernel clockevents subsystem. The issue arises from missing resets of the next_event_forced flag in several code paths, including during clock event state changes, when arming a non-forced event, and in the suspend wakeup handler. This can leave the flag stale ac...

CVE-2026-43099

The CVE-2026-43099 issue affects the Linux kernel, specifically the IPv4/ICMP path and the IPv6 stub handling. When the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT); passing that to dev_hold() can cause a null pointer dereference and a...

CVE-2026-45988

The CVE-2026-45988 issue affects the Linux kernel rxrpc subsystem: a RESPONSE packet that experiences a temporary failure could end up partially decrypted and be retried, risking communication disruption or resource exhaustion. The published fix discards the problematic packet and triggers a new ...

CVE-2026-46211

CVE-2026-46211 affects the Linux kernel drm/msm/gem component. The flaw in msm_ioctl_gem_info_get_metadata() can cause a NULL pointer dereference due to unchecked allocation (kmemdup()) and always returning 0 on errors, making userspace believe success. The issue is fixed by adding a NULL check f...

CVE-2022-50075

The CVE-2022-50075 entry concerns Linux kernel tracing/eprobes. A NULL pointer dereference can occur when a symbol "@" is used with an event probe, because eprobes previously did not handle data sources beyond main registers (e.g., immediate addresses, symbols, current task name). The issue is mi...

CVE-2022-50205

The CVE-2022-50205 entry corresponds to a Linux kernel vulnerability in ext2 that adds validity checks for inode counts. The root cause is that inodes stored in the superblock must match the computed value from inodes-per-group, and there must be at least one block worth of inodes per group; thes...

CVE-2022-50210

CVE-2022-50210 concerns the Linux kernel on MIPS where a warning is produced in /proc/cpuinfo due to cpu_max_bits_warn() iterating CPUs with NR_CPUS when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled. The root cause is using NR_CPUS as the iteration limit; the fix switches to ...

CVE-2022-50317

CVE-2022-50317 affects the Linux kernel, specifically the DRM bridge driver for Megachips (stdp2690 and stdp4028). The issue is a null-pointer dereference that occurs when removing the module because the two bridges are not probed concurrently, causing ge_b850v3_register() not to be called for in...

CVE-2022-50342

CVE-2022-50342 affects the Linux kernel floppy subsystem: memory leak in do_floppy_init() when floppy_alloc_disk() fails, leaking set->tag in the error path. The issue is resolved by freeing the current drive’s set->tag before returning. Connected advisories (SUSE OSV and Astra Linux) corro...

CVE-2022-50357

CVE-2022-50357 concerns the Linux kernel’s USB dwc3 core. The vulnerability arises in the dwc3_get_properties() path where the code does: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); and, on error, there is insufficient cleanup on those paths, allowing leaks. Several connected adviso...

CVE-2022-50416

CVE-2022-50416 concerns the Linux kernel’s irqchip/wpcm450 module. The vulnerability is a memory leak in wpcm450_aic_of_init(): if of_iomap() fails, the allocated memory for 'aic' must be freed before return. The issue is resolved in the provided documents; the root cause is the missing free path...

CVE-2023-53198

CVE-2023-53198 affects the Linux kernel raw socket handling (net/ipv4/raw.c). The vulnerability is a NULL dereference in raw_get_next(), triggered by races where a socket in one netns is freed while another thread iterates SOCK_RAW sockets. The root cause involves using RCU-based iteration with h...

CVE-2023-53206

CVE-2023-53206 : In the Linux kernel, a NULL pointer dereference in hwmon: (pmbus_core) was fixed by removing the assumption that a regulator device is passed. The fix involves passing the i2c_client to _pmbus_is_enabled to avoid dereferencing a NULL regulator during _pmbus_get_flags, addressing ...

CVE-2023-53226

CVE-2023-53226 affects the Linux kernel wireless driver mwifiex (wifi): the issue is an OOB and integer underflow when RX packets are processed, potentially allowing out-of-bounds skb->data access. Connected advisories (Unity/Linux, Red Hat SUSE, MiracleLinux) confirm remediation via kernel up...

CVE-2023-53266

The CVE-2023-53266 issue affects the Linux kernel (arm64) ACPI path involving ffh_ctxt allocation. The vulnerability arises when SMCCC version and conduit checks fail and a -EOPNOTSUPP return occurs without freeing the allocated ffh_ctxt memory, creating a memory leak. The documented fix moves th...

CVE-2023-53343

CVE-2023-53343: Linux kernel vulnerability where icmp6_dev() dereferences ip6_null_entry->rt6i_idev, potentially enabling NULL pointer dereference when processing IPv6 Extension Headers (RPL/SRv6). Impact is local (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) with available mitigation by upgrading to ...

CVE-2023-53351

CVE-2023-53351 concerns the Linux kernel drm/sched subsystem. The vulnerability arises from using the scheduler’s ready flag to decide whether to call drm_sched_fault, which could lead to GPU reset or a fault depending on timing between IRQ handling and gfx engine startup. The root cause is that ...

CVE-2023-53363

Conclusive details show CVE-2023-53363 is a Linux kernel PCI subsystem use-after-free in pci_bus_release_domain_nr() caused by the sequence in bus removal: pci_remove_root_bus()/pci_remove_bus frees the pci_bus struct, then pci_bus_release_domain_nr() dereferences it. Root cause: after Commit c14...

CVE-2023-53368

CVE-2023-53368 – Linux kernel tracing race : A race between writing to the per-CPU tracing buffer and swapping the buffer via per_cpu/cpu0/snapshot can cause a false “committing” state in rb_end_commit(), leading to a WARN and potential commit inconsistencies. The issue manifests in the tracing r...

CVE-2023-53404

CVE-2023-53404 relates to the Linux kernel USBFotg210 driver where a memory leak can occur when using debugfs_lookup() without releasing the result. The memory must be released with dput(), but the patch replaces this with debugfs_lookup_and_remove(), which handles the lookup and cleanup in one s...

CVE-2023-53422

Technical details about CVE-2023-53422 (affected product, root cause, impact, remediation) are not publicly provided in the supplied documents. The description mentions a memory-leak fix in wifi: iwlwifi: fw: debugfs, but contains no vendor/version/patch specifics. Monitor for updates.

CVE-2023-53439

CVE-2023-53439 concerns the Linux kernel fix for skb_partial_csum_set() where skb->transport_header used the sentinel value 0xFFFF to indicate the transport header status. The description indicates the vulnerability arose from callers potentially setting skb->transport_header to 0xFFFF, and...

CVE-2023-53468

Summary of CVE-2023-53468 : In the Linux kernel, the ubifs memory leak is fixed in the alloc_wbufs() path. The issue was triggered when ubifs_wbuf_init() returns an error inside the loop, causing wbuf->buf and wbuf->inodes that were already allocated to remain unfreed. The fix adds an error...

CVE-2023-53513

The CVE-2023-53513 issue is a Linux kernel vulnerability where incomplete validation of the nbd ioctl arg can trigger an i_size overflow when the arg is coerced to int (arg cast in nbd_ioctl /nbd_add_socket). The root cause is insufficient validation of large ioctl arguments, allowing an overflow...

CVE-2023-53531

Technical details for CVE-2023-53531 are not publicly available in the provided connected documents. The materials reference Linux kernel patch notes but do not disclose product/version, exploit vectors, impact, or remediation specifics.

CVE-2025-38144

CVE-2025-38144 concerns the Linux kernel watchdog code for Lenovo SE30 hardware. The vulnerability stems from a NULL pointer dereference in lenovo_se30_wdt_probe() when devm_ioremap() returns NULL on error, and the code fails to check this condition. A fix was implemented to add a NULL check afte...

CVE-2025-38150

The CVE-2025-38150 entries describe a Linux kernel fix for af_packet where the notifier call path (packet_dev_mc) was moved out of an RCU critical section. The root cause involved a sleeping function being called from an invalid context in a chain of net/packet/af_packet.c and related code paths ...

CVE-2025-38171

CVE-2025-38171 concerns a Linux kernel issue in the power: supply: max77705 path. The vulnerability arises because create_singlethread_workqueue() can return NULL instead of an error pointer, with missing or inadequate cleanup on error paths during probe. The remediation implemented fixes the wor...

CVE-2025-38276

CVE-2025-38276 concerns the Linux kernel fix for fs/dax: don’t skip locked entries when scanning. The root cause was a new function, wait_entry_unlocked_exclusive(), and its interaction with xas_pause() that could advance the XArray state and cause the currently waited-for entry to be skipped, tr...

CVE-2025-38442

The CVE-2025-38442 entry concerns the Linux kernel and a fix for large folio support when THP (Transparent Huge Pages) is disabled. The vulnerability could trigger a NULL pointer dereference during boot if a block device with logical block size larger than the page size is present while THP is of...

CVE-2025-38534

CVE-2025-38534 affects the Linux kernel netfs copy-to-cache path used by Ceph with local caching. The issue: a write-to-cache request could hang after the backing filesystem completes the async DIO write because NETFS_RREQ_OFFLOAD_COLLECTION wasn’t set, causing an app to miss the collection notif...

CVE-2025-38606

The CVE-2025-38606 entry describes a Linux kernel wireless issue in the ath12k driver where beacon miss handling dereferences arvif->deflink->ar before a vdev has been created, leaving arvif->ar uninitialized for some P2P/vif scenarios. The identified root cause is that arvif is only lin...

CVE-2025-38613

CVE-2025-38613 affects the Linux kernel (staging gpib). The issue is that a padding field in the gpib_board_info_ioctl struct was copied back to userspace uninitialized, risking leakage of stack data. The fix initializes the entire struct to zero before copying back to userspace. Affected compone...

CVE-2025-38636

CVE-2025-38636 : Linux kernel vulnerability in DA monitor tracepoints where tracing printed strings could read 32 bytes from a literal __array instead of __string, causing a global-out-of-bounds access to automaton_snep (harmless during print, but unsafe). The fix replaces reading 32 bytes with _...