Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/09/16 4:12 p.m.34 views

CVE-2023-53331

Summary (CVE-2023-53331) : In the Linux kernel, the pstore/ram path could treat an empty prz as valid during init, allowing a start value equal to zero to bypass bounds checks and trigger out-of-bounds writes, potentially causing panics in multiple code paths (e.g., sysdump_panic_event, panic, do...

7.8CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.34 views

CVE-2023-53354

CVE-2023-53354 concerns the Linux kernel skb_segment path used for zero-copy of SKBs. The bug occurs when skb_orphan_frags() updates nr_frags, leaving the local nrfrags stale and causing a panic while iterating frags during GSO/zero-copy processing. The fix moves the call to zero-copy functions b...

5.5CVSS6.3AI score0.00177EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.34 views

CVE-2023-53397

Technical details about CVE-2023-53397 (Linux kernel modpost off-by-one in is_executable_section) are not publicly available in the provided connected documents. Monitor for updates from vendors/security advisories.

5.5CVSS6.1AI score0.00136EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.34 views

CVE-2023-53401

CVE-2023-53401 pertains to the Linux kernel memory.c mm subsystem. KCSAN detected a data race in obj_stock_flush_required() where stock->cached_objcg could be reset between a check and a dereference, potentially causing a NULL pointer dereference. The associated fix implemented in the kernel i...

4.7CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.34 views

CVE-2025-38196

CVE-2025-38196 affects the Linux kernel io_uring resource (io_uring/rsrc) cloning path. The bug arises when registering clone buffers where the sum of offset and count exceeds the available range, causing an allocation via kmalloc to be too large and potentially triggering a WARN_ON in kmalloc (m...

5.5CVSS6.6AI score0.00129EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.34 views

CVE-2025-38224

CVE-2025-38224 concerns the Linux kernel’s can: kvaser_pciefd driver where echo_skb_max was defined as 17 (KVASER_PCIEFD_CAN_TX_MAX_COUNT) but later rounded to the next power of two (32). This caused potential slab-out-of-bounds in kvaser_pciefd_handle_ack_packet() when computing tx/rx indices, l...

7.1CVSS6.4AI score0.0014EPSS
CVE
CVE
added 2025/08/16 10:54 a.m.34 views

CVE-2025-38509

Summary of CVE-2025-38509 (Linux kernel, wifi/mac80211): A vulnerability in VHT mode notifications for sub-20 MHz channel widths (notably 5/10 MHz) could lead to invalid input reaching ieee80211_chan_width_to_rx_bw(), triggering a WARN_ON. The issue arises when VHT opmode_notif is used and unsupp...

5.5CVSS6.4AI score0.00119EPSS
CVE
CVE
added 2025/08/16 10:55 a.m.34 views

CVE-2025-38517

CVE-2025-38517 is a Linux kernel issue in lib/alloc_tag where alloc_tag_top_users() may lock alloc_tag_cttype->mod_lock even when alloc_tag_cttype is NULL or invalid, leading to a crash on memory allocation failure. The root cause is that alloc_tag_cttype can be NULL or an error value in scena...

5.5CVSS6.3AI score0.00134EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.34 views

CVE-2025-38558

In CVE-2025-38558, the Linux kernel USB gadget VAR: uvc frame-based format previously crashed when color_matching descriptor was missing, due to a NULL pointer dereference. The fix initializes the color matching descriptor for frame-based formats, mirroring the handling already present for uncomp...

5.5CVSS7.3AI score0.00143EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.34 views

CVE-2025-38645

CVE-2025-38645 affects the Linux kernel (net/mlx5). Root cause: a NULL device memory pointer (dev->dm) can be dereferenced in mlx5_init_once() if allocation fails. Fix: add a NULL check before accessing device memory to prevent a crash. Impact in docs: LOCAL attacker could crash the system; re...

5.5CVSS6.4AI score0.00147EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.34 views

CVE-2025-38662

CVE-2025-38662 in the Linux kernel affects the ASoC Mediatek mt8365 PCM/DAI code. The issue arises in mt8365_dai_set_priv where priv_size is allocated for the destination, but the code passes afe_priv (the size of struct mt8365_afe_private) instead of the correct priv structure (mt8365_i2s_priv[i...

7.8CVSS6.5AI score0.00151EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.34 views

CVE-2025-38683

CVE-2025-38683 affects hv_netvsc in the Linux kernel. The issue arises during namespace deletion when a VF NIC is moved to a new namespace and then back, causing netdev list handling to dereference NULL and trigger a kernel panic. The supplied references describe the root cause as a race in defau...

5.5CVSS5.7AI score0.00159EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.34 views

CVE-2025-38702

The CVE-2025-38702 entry concerns the Linux kernel fbdev subsystem. The issue is a potential buffer overflow in do_register_framebuffer() when unregistration creates NULL gaps in registered_fb[], when all slots become occupied despite num_registered_fb

7.8CVSS6.3AI score0.00174EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.34 views

CVE-2025-38708

CVE-2025-38708 is addressed in the Linux kernel via a fix in DRBD: a missing kref_get in handle_write_conflicts when two-primaries are enabled could cause a use-after-free and kernel crash. The issue occurs during detection of concurrent writes to the same sector across nodes, where premature drb...

7.8CVSS5.9AI score0.00157EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.34 views

CVE-2025-38721

CVE-2025-38721 affects the Linux kernel netfilter ctnetlink table dump path. A reference count leak in ctnetlink_dump_table() can occur if res ct_general) only when ct != last, and a cookie-based workaround is mentioned as an alternative. The Astra Linux bulletin confirms the same vulnerability i...

5.5CVSS5.7AI score0.00155EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.34 views

CVE-2025-38735

The CVE-2025-38735 entry concerns the Linux kernel gve driver. A crash could occur if an ethtool operation is issued after shutdown() has begun, because shutdown() tears down internal data structures and ethtool IOCTLs could dereference freed/NULL pointers, triggering a kernel panic. The document...

5.5CVSS5.8AI score0.00147EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.34 views

CVE-2025-39675

CVE-2025-39675 affects the Linux kernel DRM/AMD display path. In mod_hdcp_hdcp1_create_session(), get_first_active_display() may return NULL when the display list is empty, causing a NULL pointer dereference. The fix adds a NULL pointer check and returns MOD_HDCP_STATUS_DISPLAY_NOT_FOUND. This mi...

5.5CVSS5.8AI score0.00147EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.34 views

CVE-2025-39678

CVE-2025-39678 affects the Linux kernel, specifically the x86/amd/hsmp code path. The vulnerability arises when sock->metric_tbl_addr is NULL, which can cause a NULL pointer dereference when accessing metrics_bin. The provided connected SUSE advisory confirms the fix: a NULL check was added to...

5.5CVSS5.9AI score0.00145EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.34 views

CVE-2025-39700

CVE-2025-39700 concerns the Linux kernel damon migration code. According to connected advisories, damon_migrate_pages() can perform migration to an invalid target node, triggering a kernel BUG (PAGEFAULT/OOP) on local execution. The fix adds a target-node validity check in damon_migrate_pages(), ...

5.5CVSS5.6AI score0.00143EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.34 views

CVE-2025-39724

CVE-2025-39724 affects the Linux kernel serial 8250 driver. When PSLVERR_RESP_EN=1, an error response can be generated reading an empty RBR with FIFO enabled due to a race in serial8250_do_startup/DW paths. The fix wraps serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under port->lock to preve...

5.5CVSS5.9AI score0.00157EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.34 views

CVE-2025-39743

CVE-2025-39743 refers to a Linux kernel vulnerability in the JFS file system where inode pages were not truncated during eviction when the inode’s hard link count was 0. The reproducer observed AGGR_RESERVED_I on the inode copy and eviction with hard link 0, causing clear_inode() to trigger becau...

7.8CVSS6AI score0.00167EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.34 views

CVE-2025-39833

CVE-2025-39833 (Linux kernel) Root cause: when unloading the hfcpci module with CONFIG_DEBUG_OBJECTS_TIMERS enabled, an uninitialized timer could trigger a kernel warning path during deletion, as shown in the stack trace and timer-related debug prints. Impact: locally leveraged by a privileged co...

5.5CVSS6.1AI score0.00119EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.34 views

CVE-2025-39871

CVE-2025-39871 relates to the Linux kernel dmaengine idxd driver. The fix removes an improper idxd_free() call that could trigger a duplicate put_device() leading to refcount underflow and a use-after-free during module unload. The issue arises in idxd_remove() and during module exit when CONFIG_...

7.8CVSS6.2AI score0.0014EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.34 views

CVE-2025-39881

CVE-2025-39881 involves a use-after-free in the Linux kernel PSI/PCI monitoring path within kernfs polling. The issue occurs when an open PSI-related file is released while an epoll poll still holds references, leading to use-after-free during re-enabling the monitoring. The fix introduces kernfs...

7.8CVSS6AI score0.0014EPSS
CVE
CVE
added 2025/10/01 8:7 a.m.34 views

CVE-2025-39923

CVE-2025-39923 concerns the Linux kernel dmaengine/qcom BAM driver. The root cause was missing error handling in DT parsing for required properties (clock and num-channels), which could allow probing to proceed unsafely and read channels from registers, risking early boot crashes across Qualcomm ...

5.5CVSS5.8AI score0.0014EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.34 views

CVE-2025-39950

CVE-2025-39950 pertains to the Linux kernel: a NULL pointer dereference can occur in net/tcp when TCP-AO is used with TCP_REPAIR during connect(), due to dereferencing skb without null-check in tcp_ao_finish_connect(). The vulnerability affects code paths where a TCP-AO key is present and TCP_REP...

5.5CVSS6AI score0.00138EPSS
CVE
CVE
added 2025/11/12 10:26 a.m.34 views

CVE-2025-40164

Technical details for CVE-2025-40164 are not publicly provided in the connected documents. Monitor for updates; current sources only list the CVE without vendor/affected products, impact, or remediation specifics.

5.5CVSS6.1AI score0.00183EPSS
CVE
CVE
added 2025/12/23 1:58 p.m.34 views

CVE-2025-68340

CVE-2025-68340 (Linux kernel): A race/logic sequencing issue in the team device code can hang when adding a port device (e.g., gre0) configured as UP. Root cause: moving team_dev_type_check_change to after subsequent checks caused header_ops to switch from eth_header to ipgre_header mid-execution...

5.5CVSS6.2AI score0.00118EPSS
CVE
CVE
added 2026/03/18 5:41 p.m.34 views

CVE-2026-23260

CVE-2026-23260 involves the Linux kernel memory-leak in regmap maple: when mas_store_gfp() fails, the newly allocated 'entry' is not freed, leaking memory. The fix frees 'entry' on the failure path and frees the replaced neighbor blocks ('lower','upper') on success. Connected advisories show patc...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/04/06 7:38 a.m.34 views

CVE-2026-31407

The CVE-2026-31407 entry covers a Linux kernel netfilter conntrack issue where missing netlink policy validations allow a local attacker to craft input that can cause a slab-out-of-bounds access in sctp/ctnetlink, via using unvalidated CTA_PROTOINFO_SCTP_STATE values and accessing ct->master-&...

7.1CVSS5.7AI score0.00169EPSS
CVE
CVE
added 2026/04/13 1:21 p.m.34 views

CVE-2026-31415

CVE-2026-31415 affects Linux kernels where ipv6: ip6_datagram_send_ctl() accepts repeated IPV6_DSTOPTS, accumulating into a 16-bit opt_flen without deduplicating. This can cause opt_flen to wrap while dst1opt points to the last 2048-byte destination-options header, leading to under-headroom pushe...

5.5CVSS5.7AI score0.00108EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.34 views

CVE-2026-31601

CVE-2026-31601 affects the Linux kernel vfio/xe driver. When resetting a Virtual Function (VF) device that does not support migration, a kernel page fault can occur due to the vfio_pci core structure not being fully initialized until migration init. The root cause described in connected docs is t...

5.5CVSS5.5AI score0.00121EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.34 views

CVE-2026-31623

The CVE-2026-31623 issue affects the Linux kernel net: usb: cdc-phonet driver. A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers in rx_complete(). The consequence described is a ...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.34 views

CVE-2026-31715

In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.34 views

CVE-2026-43029

The CVE-2026-43029 issue affects the Linux kernel MPTCP implementation. When data is received with MSG_PEEK and MSG_WAITALL, skb’s are not removed from the sk_receive_queue, causing sk_wait_data() to incorrectly report data available and potentially trigger a soft lockup. The root cause is the mi...

7.5CVSS5.8AI score0.00329EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.34 views

CVE-2026-43099

The CVE-2026-43099 issue affects the Linux kernel, specifically the IPv4/ICMP path and the IPv6 stub handling. When the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT); passing that to dev_hold() can cause a null pointer dereference and a...

7.5CVSS5.8AI score0.0049EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.34 views

CVE-2026-43119

In CVE-2026-43119, the Linux kernel Bluetooth HCI synchronous command infrastructure has a data race on hdev->req_status: __hci_cmd_sync_sk() updates it under req_lock on one workqueue, while other paths (e.g., hci_send_cmd_sync on a different workqueue, plus hci_cmd_sync_complete/cancel) read...

5.5CVSS5.9AI score0.00114EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.34 views

CVE-2026-43209

CVE-2026-43209 – minix filesystem sanity check in Linux kernel : The minix filesystem implementation lacked proper sanity checks in minix_check_superblock(), notably for s_log_zone_size, which the patch now enforces (only 0 is supported). The update also adds sanity checks for other superblock fi...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/08 1:26 p.m.34 views

CVE-2026-43320

The CVE-2026-43320 entry concerns the Linux kernel’s drm/amd/display component. The root cause described across sources is a missing function hook check before use, which could affect dsc eDP handling. Public descriptions indicate a potential for instability or unexpected behavior in the display ...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.34 views

CVE-2026-43376

CVE-2026-43376 affects ksmbd in the Linux kernel. The vulnerability arises from freeing oplock_info with kfree() while it can still be accessed under RCU read-side critical sections (e.g., opinfo_get), allowing a use-after-free. The fixes across connected reports switch to deferred freeing via ca...

9.8CVSS5.8AI score0.00444EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.34 views

CVE-2026-43434

CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...

7.8CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.34 views

CVE-2026-45845

The CVE-2026-45845 issue affects the Linux kernel net/sched taprio code. When deleting a TAPRIO child qdisc via RTM_DELQDISC, taprio_graft() could store NULL in q->qdiscs[] and later RTM_GETTCLASS dump paths could dereference a NULL pointer during taprio_dump_class(), causing a kernel NULL poi...

5.5CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.34 views

CVE-2026-45919

CVE-2026-45919 relates to Linux kernel sched/rt self-IPI loops caused by LB on CPU0. A patch fixes the issue by filtering out the initiating CPU in rto_next_cpu to prevent self-IPIs and CPU hardlockups. Public OSV entries show Root:Ubuntu patches (e.g., ROOT-OS-UBUNTU-2404-CVE-2026-45919 and ROOT...

5.5CVSS5.8AI score0.0013EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.34 views

CVE-2026-45946

CVE-2026-45946 affects the Linux kernel ab8500 power supply driver. A race condition arises when IRQs are requested before the power_supply handle is fully registered, leading to a use-after-free if an interrupt fires after deallocation but before IRQ unregistration. The issue can crash the syste...

7.8CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.34 views

CVE-2026-45987

Technical details about CVE-2026-45987 are not publicly provided in the connected documents. No explicit affected products, root cause, or fixes are present beyond generic patch notes; monitor for updates.

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.34 views

CVE-2026-46032

Summary: CVE-2026-46032 relates to Linux kernel KVM nSVM, where a failed restore of L1 host CR3 during a nested VMEXIT could leave L1 with corrupted state and trigger a triple fault instead of a clean recovery. The fix removes the nested_svm_vmexit return value and ensures proper cleanup, resulti...

5.5CVSS6AI score0.00116EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.34 views

CVE-2026-46038

CVE-2026-46038 relates to the Linux kernel net: qrtr: ns path where a node’s memory is leaked after processing BYE, because the node is not freed in ctrl_cmd_bye() failure or success. The fix removes the node from the Xarray and frees memory in both outcomes. Reported CVSS 3.1/3.1_VECTORS via NVD...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:57 p.m.34 views

CVE-2026-46046

The CVE reports a refcount leak in ext4_xattr_inode_dec_ref_all() due to not releasing iloc with brelse() after ext4_get_inode_loc(), fixed by commit c8e008b6. OSV entries show patches in Root:Ubuntu 22.04/24.04, Debian, Debian-based RootIO builds, and openSUSE kernel-devel 7.0.11-1.1 for GA medi...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:57 p.m.34 views

CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel with x86 shadow stack (shstk) handling of sigreturn. Root cause: during a shadow-stack sigframe read, the kernel previously held the mmap lock while verifying VMA flags to distinguish shadow stack memory. A page fault during this read could trigge...

5.5CVSS5.8AI score0.00094EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.34 views

CVE-2026-46131

CVE-2026-46131 affects the Linux kernel KVM x86 code. The issue is a faulty check in slow flush hypercalls where is_guest_mode(vcpu) was used incorrectly; translate_nested_gpa() is only valid when an L2 guest runs with nested EPT/NPT enabled, so the condition should match translate_nested_gpa() i...

5.5CVSS5.8AI score0.00127EPSS
Total number of security vulnerabilities14330