CVE-2025-39684

CVE-2025-39684 affects the Linux kernel Comedi subsystem. The vulnerability arises in do_insn_ioctl() and do_insnlist_ioctl() where a buffer of insn->n samples (unsigned int per sample) could copy back more data to userspace than was initialized, leaking kernel memory. Root cause: not all inst...

CVE-2025-39693

CVE-2025-39693: In the Linux kernel, the vuln affects the DRM AMD display path (drm/amd/display) where NULL pointers could be dereferenced via drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state(). The description states the root cause is that these functions can return NUL...

CVE-2025-39721

CVE-2025-39721 (Linux kernel, crypto: qat) : Repeated loading/unloading of a device-specific QAT driver (e.g., qat_4xxx) can trigger a use-after-free when a power-management interrupt fires just before the core intel_qat.ko remains loaded. The shared workqueue qat_misc_wq may still host a deferre...

CVE-2025-39731

CVE-2025-39731 concerns the Linux kernel, specifically the F2FS file system, where vm_unmap_ram() may be invoked from an invalid context. The connected documents confirm a patch that changes the in_task() check inside f2fs_read_end_io() to also verify that interrupts are disabled, ensuring pages ...

CVE-2025-39744

The CVE-2025-39744 issue affects the Linux kernel and describes a deadlock in rcu_read_unlock() when called during irq_exit() if an IPI is issued. The root cause is an incorrect handling of irq_work state inside rcu_read_unlock_special() triggered by irq_exit(), which can cause a system hang/lock...

CVE-2025-39756

CVE-2025-39756 is a Linux kernel issue where extremely high nr_open values (e.g., 1073741816) can trigger massive file descriptor table allocations that exceed INT_MAX, causing a kernel warning and impractical memory requests (>8GB) during operations near the FD limit. The root cause involves ...

CVE-2025-39787

CVE-2025-39787 (Linux kernel) affects the soc: qcom: mdt_loader in remoteproc usage. The root cause is reading beyond the ELF header during traversal; the fix validates the firmware buffer size and also validates e_phentsize and e_shentsize to ensure correct header traversal. Impact described as ...

CVE-2025-39822

The CVE-2025-39822 issue affects the Linux kernel io_uring/kbuf path. Root cause: buf->len is treated unsigned when importing buffers but is converted to signed int when committing, risking negative interpretation for large buffers. Mitigation: the min_t calculation is now unsigned. This is a ...

CVE-2025-39830

CVE-2025-39830 : In the Linux kernel’s net/mlx5 HWS subsystem, the hws_pool_buddy_init error-path cleanup fails to free the allocator structure, causing a memory leak. The published fix adds the missing kfree() to release all allocated memory. This is a memory-leak issue in the buddy allocator cl...

CVE-2025-39848

CVE-2025-39848 (Linux kernel) concerns ax25_kiss_rcv() potentially queuing/mangling input skbs when the skb is shared, leading to crashes in __netif_receive_skb_core() after a per-netns packet-chain change. The root cause is a lack of proper unsharing of skbs in ax25_kiss_rcv(), with a regression...

CVE-2025-39852

CVE-2025-39852: Linux kernel TCP stack IPv6 TCP-AO path leaks memory when tcp_v6_syn_recv_sock() exits on error due to missing error-handling cleanup. The linked Astra/OpenSUSE advisories confirm the fix adds inet_csk_prepare_forced_close() and tcp_done() (as in the IPv4 path) to ensure the new s...

CVE-2025-39859

CVE-2025-39859 : In the Linux kernel, a race condition can cause a use-after-free when the timer watchdog used by ptp_ocp_watchdog is running during devlink deallocation. The flaw occurs because ptp_ocp_detach() only cancels the watchdog if it is pending; if the timer handler is active, timer_del...

CVE-2025-39901

CVE-2025-39901 affects the Linux kernel i40e driver. The vulnerability arises from read access to two legacy debugfs files, a read interface for the i40e command and netdev_ops buffers. Both files share a static 256-byte buffer initialized to the empty string, with reads formatting output as “: ”...

CVE-2025-39925

CVE-2025-39925 affects the Linux kernel’s CAN J1939 implementation. The issue stems from the j1939 protocol not having a NETDEV_UNREGISTER notification handler, which meant that when a NETDEV_UNREGISTER event fires, the extra ref held by j1939_sk_bind() could prevent the net_device usage count fr...

CVE-2025-40040

CVE-2025-40040 is a Linux kernel vulnerability arising from the mm/ksm: fix flag-dropping behavior in ksm_madvise. The issue causes an UFFD inconsistency in userfaultfd Release paths when a VMA registered for UFFD in MINOR mode undergoes MADV_UNMEARGEABLE, inadvertently clearing the upper 32 bits...

CVE-2026-22996

CVE-2026-22996 affects the Linux kernel mlx5e subsystems. The issue arises from storing the unstable mlx5e_priv in mlx5e_dev devlink priv, which could lead to a kernel NULL dereference during profile changes and an oops in mlx5e_remove. The fix stores netdev directly into mlx5e_dev and derives md...

CVE-2026-23011

CVE-2026-23011: In the Linux kernel, ip_gre: make ipgre_header() robust to prevent skb under_panic when a device (e.g., bonding/team) changes dev->needed_headroom or dev->hard_header_len. The crash described involves mld_newpack/mld_sendpack path with an skb that had insufficient headroom, ...

CVE-2026-23094

CVE-2026-23094 : In the Linux kernel, the uacce subsystem’s device isolation feature creates sysfs files when either isolate_err_threshold_read or isolate_err_threshold_write callbacks exist. The issue was that accessing a non-existent callback could crash the system. The resolution implements a ...

CVE-2026-23103

Technical details about CVE-2026-23103 are not provided in the supplied documents. The description mentions making addrs_lock per port and related fixes, but lacks explicit affected products, versions, or remediation steps. Monitor for updates.

CVE-2026-23201

CVE-2026-23201: Linux kernel fix for ceph oops due to invalid pointer in kfree() within parse_longname(). Root cause was advancing the pointer to skip the initial '_' in ceph snapshot names, causing kfree() to receive an invalid pointer when listing .snap directories. The patch eliminates the poi...

CVE-2026-31754

The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...

CVE-2026-43013

Technical details for CVE-2026-43013 are not publicly available in the provided connected documents. Monitor for updates from vendors/security trackers.

CVE-2026-43128

Summary: CVE-2026-43128 affects the Linux kernel RDMA/umem subsystem. In ib_umem_dmabuf_get_pinned_with_dma_device(), if ib_umem_dmabuf_map_pages() fails, the code previously unpinned the dmabuf immediately while the umem_dmabuf->pinned flag remained set, causing a potential double dma_buf_unp...

CVE-2026-43305

CVE-2026-43305 details a Linux kernel DRM AMD display issue where the DMUB HW lock unlock path in the HWSS fast path could hang due to a mismatch between evaluating the need for the lock and unlocking. The fix introduces a flag to track whether the lock should be used and applies that flag to gov...

CVE-2026-45959

The CVE-2026-45959 issue affects the Linux kernel crypto: CCP driver. A local pointer annotated with __cleanup(kfree) could cause kfree to receive the local stack address instead of the allocated memory, leading to a crash. The underlying cause is incorrect cleanup usage; the repository indicates...

CVE-2026-46206

The CVE-2026-46206 issue affects the Linux kernel’s batman-adv implementation, where the tp_meter component could start new sender or receiver sessions after mesh_state had exited BATADV_MESH_ACTIVE during teardown. The vulnerability stems from improper state management in batman-adv/tp_meter, po...

CVE-2026-46226

CVE-2026-46226 affects the Linux kernel SPI FSL driver, where deregistration of the controller was not ensured before releasing DMA resources during driver unbind. The issue is fixed in updated kernels across multiple OS packages (e.g., Root:Debian-11/12, Ubuntu 22.04+, Debian/Ubuntu roots with r...

CVE-2022-50106

The CVE-2022-50106 issue affects the Linux kernel, specifically powerpc/cell/axon_msi: a refcount leak in setup_msi_msg_address caused by of_get_next_parent() returning a node pointer with an incremented refcount. The root cause is missing of_node_put() in the error path, leading to leaking refer...

CVE-2022-50273

CVE-2022-50273 concerns Linux kernel f2fs recovery logic. The vuln is fixed by a patch that adds a DATA_GENERIC_ENHANCE_UPDATE flag to the data block recovery flow, enabling validation of destination blkaddr in SIT during recovery and skipping f2fs_replace_block() to prevent inconsistent SIT/inod...

CVE-2022-50287

The CVE-2022-50287 entry pertains to the Linux kernel DRM/I915 path, where a memory leak/undefined behavior can occur in generate_lfp_data_ptrs. Specifically, ptrs is freed via kfree() when (size != 0 || ptrs->lvds_entries != 3) but ptrs was not allocated with kzmalloc(); it was obtained by po...

CVE-2022-50380

Affected software: Linux kernel. Vulnerable component: mm: /proc/pid/smaps_rollup (show_smaps_rollup). Root cause: a null-deref when there are no VMAs in the task, introduced by commit 258f669e7e88 that converted to a single value seq_file. Impact stated: availability impact is HIGH in CVSS metri...

CVE-2022-50381

CVE-2022-50381 targets the Linux kernel mempool_free crash observed during mdend/mempool usage in environments such as EulerOS and Unity Linux. The root cause is a race between wake-up of pending_writes and the subsequent free of bios (bio) in mempool_free, where bio_put could race with other act...

CVE-2022-50399

CVE-2022-50399 affects the Linux kernel media/atomisp component, where user-supplied height/width can cause overflow in height*width in sh_css_set_black_frame(). The issue has been fixed in kernel patches (publicly noted in multiple advisories), with distributors (e.g., Root, SUSE) applying fixes...

CVE-2022-50414

CVE-2022-50414 concerns the Linux kernel: during SCSI over FCoE, fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport). If fcoe_if_init() fails, the transport is not detached, leaving a freed fcoe_sw_transport on the fcoe_transports list. This causes a kernel panic when the module is reinse...

CVE-2022-50415

CVE-2022-50415 affects the Linux kernel on the parisc architecture, where start_task() calls create_singlethread_workqueue() without validating its return value. If the call returns NULL, a null pointer dereference can occur later in queue_delayed_work/on and __queue_work, accessing wq->flags....

CVE-2022-50417

The CVE-2022-50417 issue affects the Linux kernel (drm/panfrost) where panfrost_gem_create_with_handle() could return a BO whose only reference came from the handle, enabling a potential use-after-free if the handle was released by user space. Additionally, if panfrost_gem_mapping_get() in panfro...

CVE-2023-53202

CVE-2023-53202 concerns the Linux kernel memory-leak issue from using debugfs_lookup() without releasing the acquired object. The mitigation implemented across connected advisories is to use debugfs_lookup_and_remove() (which handles the look-up and cleanup in one step) or to ensure dput() is cal...

CVE-2023-53213

The CVE-2023-53213 issue affects the Linux kernel brcmfmac driver, causing a slab-out-of-bounds read in kmemdup called from brcmf_get_assoc_ies when assoc_info->req_len (from a USB URB) exceeds WL_EXTRA_BUF_MAX. The advisory states this was fixed by adding a size check for req_len/resp_len in ...

CVE-2023-53232

CVE-2023-53232 affects the Linux kernel MT7921/MT76 stack. The vulnerability arises from a kernel panic due to accessing unallocated eeprom.data, leading to a NULL dereference in mt7921_mcu_parse_response. A fix is present: the MT7921 driver no longer uses eeprom.data, and the code referencing it...

CVE-2023-53266

The CVE-2023-53266 issue affects the Linux kernel (arm64) ACPI path involving ffh_ctxt allocation. The vulnerability arises when SMCCC version and conduit checks fail and a -EOPNOTSUPP return occurs without freeing the allocated ffh_ctxt memory, creating a memory leak. The documented fix moves th...

CVE-2023-53279

CVE-2023-53279 concerns a Linux kernel issue in the misc: vmw_balloon path where calling debugfs_lookup() left the result undereferenced (no dput), causing a memory leak over time. The published fixes replace the single-lookup path with debugfs_lookup_and_remove(), which performs the necessary cl...

CVE-2023-53290

CVE-2023-53290 affects the Linux kernel in the samples/bpf path, where fout was opened with fopen but not closed, leading to a leak in hbm's run_bpf_prog. The issue is resolved by a patch that ensures fout is closed (fclose’d) before scope exit. The provided sources confirm the fixed state and li...

CVE-2023-53299

CVE-2023-53299 affects the Linux kernel's md/raid10 recovery path. The issue leaks the field r10bio->remaining when a read I/O fails and recovery_request_write() exits early, causing end_sync_request() to run only once and an I/O hang. The documented fix reduces or decrements 'remaining' depen...

CVE-2023-53335

CVE-2023-53335 is a Linux kernel vulnerability in the RDMA/cxgb4 path. The issue is a potential NULL pointer dereference in pass_establish() when get_ep_from_tid() fails to yield a non-NULL ep, leading to dereference of ep. A patch introduced a sanity check to prevent this NULL dereference. The d...

CVE-2023-53357

CVE-2023-53357 affects the Linux kernel md/raid10 code. The slab-out-of-bounds occurs in md_bitmap_get_counter when a large value is written to md/bitmap_set_bits, causing -EINVAL if page >= bitmap->pages and the result isn’t checked promptly. The fix moves the page-boundary check into md_b...

CVE-2023-53399

CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...

CVE-2023-53411

CVE-2023-53411 affects the Linux kernel. The issue is a memory leak when using debugfs_lookup(), because the returned object must be released with dput(). The documented fix is to use debugfs_lookup_and_remove() which handles the required cleanup in one step. Exploitation details are not provided...

CVE-2023-53415

CVE-2023-53415 concerns the Linux kernel USB-DWC3 subsystem. The vulnerability arises from not freeing memory obtained via debugfs_lookup(): the returned object must be released with dput(), otherwise a memory leak occurs over time. The fixed approach consolidates the logic by using debugfs_looku...

CVE-2023-53418

The CVE-2023-53418 issue affects the Linux kernel USB gadget driver, specifically the lpc32xx_udc in the USB subsystem. The root cause was a memory leak when using debugfs_lookup() because the returned object was not paired with a dput(), leaving memory allocated over time. The provided fixes sim...

CVE-2023-53429

CVE-2023-53429 is a Linux kernel vulnerability in the Btrfs extent I/O path: __extent_writepage incorrectly leveraged PageError. The patch removes PageError checks and uses the local return code to propagate submission errors, preventing leakage of error state. Publicly tracked fixes exist in OSV...