CVE-2023-53357

CVE-2023-53357 affects the Linux kernel md/raid10 code. The slab-out-of-bounds occurs in md_bitmap_get_counter when a large value is written to md/bitmap_set_bits, causing -EINVAL if page >= bitmap->pages and the result isn’t checked promptly. The fix moves the page-boundary check into md_b...

CVE-2023-53399

CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...

CVE-2023-53411

CVE-2023-53411 affects the Linux kernel. The issue is a memory leak when using debugfs_lookup(), because the returned object must be released with dput(). The documented fix is to use debugfs_lookup_and_remove() which handles the required cleanup in one step. Exploitation details are not provided...

CVE-2023-53415

CVE-2023-53415 concerns the Linux kernel USB-DWC3 subsystem. The vulnerability arises from not freeing memory obtained via debugfs_lookup(): the returned object must be released with dput(), otherwise a memory leak occurs over time. The fixed approach consolidates the logic by using debugfs_looku...

CVE-2023-53418

The CVE-2023-53418 issue affects the Linux kernel USB gadget driver, specifically the lpc32xx_udc in the USB subsystem. The root cause was a memory leak when using debugfs_lookup() because the returned object was not paired with a dput(), leaving memory allocated over time. The provided fixes sim...

CVE-2023-53429

CVE-2023-53429 is a Linux kernel vulnerability in the Btrfs extent I/O path: __extent_writepage incorrectly leveraged PageError. The patch removes PageError checks and uses the local return code to propagate submission errors, preventing leakage of error state. Publicly tracked fixes exist in OSV...

CVE-2023-53433

CVE-2023-53433 affects the Linux kernel’s VLAN handling. The issue arises from the change to add a new helper, vlan_get_protocol_and_depth(), to fix callers that relied on skb->head for MAC header data. Before the fix, code paths used pskb_may_pull() instead of skb_header_pointer() in __vlan_g...

CVE-2025-38309

CVE-2025-38309 affects the Linux kernel’s drm/xe/vm path. The root cause is that during vm creation, the code may call xe_svm_fini() on the error path before the SVM state is initialised, causing kernel splats and a fatal NPD. A fix moves xe_svm_init() earlier in xe_svm lifecycle to ensure proper...

CVE-2025-38366

Summary: CVE-2025-38366 pertains to the Linux kernel (LoongArch KVM) where the number of CPUs requested from user space could exceed the supported limit, risking an array pointer overflow. The fixed condition adds validation for the cpu number in the LoongArch KVM path, aligning the checked range...

CVE-2025-38519

The CVE-2025-38519 entry pertains to the Linux kernel (mm/damon) and is supported by multiple sources in the connected documents. The root cause is a divide-by-zero crash in damon_get_intervals_score() when region size is zero. The current patch fixes the bug without disallowing zero-size regions...

CVE-2025-38525

CVE-2025-38525 concerns the Linux kernel RXRPC path. The vulnerability arises when accepting an incoming RXRPC call: rxrpc_assess_MTU_size() traverses to the IP layer to determine MTU while interrupts are disabled, and the IP layer may call local_bh_enable(), which can trigger a warning if IRQs a...

CVE-2025-38564

CVE-2025-38564 involves the Linux kernel perf subsystem. The issue occurs in perf_mmap() when mapping a buffer read‑only into the page table after the buffer is allocated or attached. If map_range() fails, the kernel currently zaps the page table entries but does not invoke perf_mmap_close(), lea...

CVE-2025-38567

The CVE-2025-38567 vulnerability affects the Linux kernel NFS server (nfsd) where racing calls to nfsd_open_local_fh() can cause an extra reference to the net to be leaked if both calls succeed in nfsd_file_acquire_local(). One instance will fail to store the file reference yet keep the extra net...

CVE-2025-38638

CVE-2025-38638: In the Linux kernel IPv6 stack, inet6_rt_notify() could be invoked under RCU protection, allowing concurrent route changes and rt6_fill_node() returning -EMSGSIZE. The fix adds retry logic: when this situation is detected, the skb is resized and the operation retried, and a previo...

CVE-2025-38642

CVE-2025-38642 affects the Linux kernel’s wifi/mac80211 monitor mode handling. The issue arises on devices without WANT_MONITOR_VIF (and likely without channel context support), triggering a WARN_ON when modifying the per-link settings of a MONITOR interface. The fix moves this validation from a ...

CVE-2025-38654

CVE-2025-38654 concerns the Linux kernel pinctrl path for canaan k230. The vulnerability arises from the ordering of device-tree parsing and pinctrl registration, where device-tree parsing must complete before devm_pinctrl_register() is called to avoid using uninitialized pin resources. The provi...

CVE-2025-38658

Summary (CVE-2025-38658) : In the Linux kernel nvmet PCIe target, a failure path in nvmet_req_init() could cause a command to be completed twice (one via __nvmet_req_complete() -> queue_response, and another via nvmet_pci_epf_exec_iod_work()), potentially sending two completions to the host an...

CVE-2025-38686

CVE-2025-38686 describes a Linux kernel local crash in userfaultfd’s UFFDIO_MOVE when encountering a migration PMD entry. The fix adds a missing check and delegates migration-entry handling to split_huge_pmd(), and removes an unnecessary folio check. Upstream commits (e.g., 7f1101a0a181243ad587ec...

CVE-2025-38706

In CVE-2025-38706, the Linux kernel ASoC core vulnerability arises when snd_soc_remove_pcm_runtime() is called with rtd == NULL, leading to a NULL pointer dereference. The issue was reproduced during topology loading and marking a link as ignore due to a missing hardware component; on module remo...

CVE-2025-38720

The CVE-2025-38720 entry describes a Linux kernel issue in hibmcge where two devices could sequentially acquire rtnl_lock during PCI reset, risking deadlock. The provided description explains that the hibmcge netdev previously acquired rtnl_lock in reset_prepare() and released it in reset_done(),...

CVE-2025-39705

The CVE-2025-39705 entry concerns a NULL pointer dereference in the AMD display driver (DC module) for the Linux kernel. Root cause: during cleanup in dc_destruct(), if dc->ctx construction failed, dc->ctx is NULL but code dereferenced dc->ctx->perf_trace. The fix added a NULL check f...

CVE-2025-39710

CVE-2025-39710: In the Linux kernel, the Venus media driver adds a packet-size validation after reading the header from shared memory to ensure the reported size cannot exceed the number of available words. This fixes potential out-of-bounds memory accesses by firmware-provided sizes. The fix tar...

CVE-2025-39711

CVE-2025-39711 affects the Linux kernel, specifically the media/ivsc code (ACE/CSI drivers). The vulnerability arises from missing mei_cldev_disable() calls in the remove() paths, causing mei_cl client objects to remain on mei_device->file_list after memory is freed by mei_cl_bus_dev_release()...

CVE-2025-39714

CVE-2025-39714 is a Linux kernel issue affecting the media: usbtv path. When a streaming application (e.g., ffplay) is active and another process changes the TV standard from NTSC to PAL, the kernel can crash due to copying into unmapped memory. The root cause is that increasing the usbtv struct’...

CVE-2025-39734

CVE-2025-39734 affects the Linux kernel component fs/ntfs3 in the NTFS file-system path. The issue stems from a revert of the inode_trylock versus inode_lock handling (commit 69505fe98f198ee813898cbcaf6770949636430b). The description notes that previously conditional lock acquisition was removed ...

CVE-2025-39739

The CVE-2025-39739 issue is a Linux kernel iommu/arm-smmu-qcom vulnerability that was resolved by adding SM6115 MDSS compatibility to the MDSS clients list to apply the needed workaround. The described impact includes unhandled SMMU context faults during boot on QRB4210 RB2 (SM4250/SM6115) and re...

CVE-2025-39758

CVE-2025-39758: In Linux kernel RDMA/siw, a bug caused sending oversized iov_iters and tcp_sendmsg calls after siw_tcp_sendpages, due to miscomputed per-page bytes and overall size. Root cause was the way iov_iter byte counts and the size passed to tcp_sendmsg_locked were set, leading to out-of-b...

CVE-2025-39781

CVE-2025-39781 concerns the Linux kernel on the PA-RISC (parisc) architecture. The issue is described as the removal of a WARN_ON_ONCE() from flush_cache_vmap in the parisc code path, with observed warnings that could occasionally trigger. The available documents do not detail any exploit vectors...

CVE-2025-39789

CVE-2025-39789 concerns the Linux kernel crypto code (x86/aegis). The vulnerability stems from missing error checks in skcipher_walk during memory allocations. Affected component: kernel crypto subsystem; impact reported as high availability risk with local attacker context. The issue has been re...

CVE-2025-39794

CVE-2025-39794 affects the Linux kernel on ARM Tegra platforms. The root cause is an incorrect use of memcpy when writing to IRAM, causing Kasan to crash due to boundary checks failing under normal memcpy. The vulnerability is local with a high impact on availability, and the description notes th...

CVE-2025-39851

CVE-2025-39851 affects the Linux kernel vxlan implementation. When learning is enabled, a packet may refresh an FDB entry that points to an FDB nexthop group but has no remote, causing a NULL pointer dereference (NPD). The fix drops such packets earlier (before dereferencing a remote) and removes...

CVE-2025-39857

CVE-2025-39857 concerns the Linux kernel net/smc subsystem. The issue is a NULL pointer dereference in smc_ib_is_sg_need_sync(), observed when using the software RoCE device where ibdev->dma_device can be null. The patch adds a NULL pointer check to prevent the crash. The vulnerability affects...

CVE-2025-39869

CVE-2025-39869: Linux kernel memory allocation bug in dmaengine: ti: edma caused out-of-bounds writes to queue_priority_map due to allocating with sizeof(s8) for a 2D array; manifested as kernel crashes on ARM (BeagleBoard-X15). The issue is fixed by changing the allocation to sizeof(*queue_prior...

CVE-2025-39873

CVE-2025-39873 (Linux kernel) : The vulnerability concerns the xilinx_can driver where xcan_write_frame() may use a previously freed skb. The root cause is that can_put_echo_skb() can take ownership of the SKB, which may be freed during or after the call, while xcan_write_frame() continues to tou...

CVE-2025-39881

CVE-2025-39881 involves a use-after-free in the Linux kernel PSI/PCI monitoring path within kernfs polling. The issue occurs when an open PSI-related file is released while an epoll poll still holds references, leading to use-after-free during re-enabling the monitoring. The fix introduces kernfs...

CVE-2025-39911

CVE-2025-39911 : Linux kernel i40e driver fix for IRQ freeing in i40e_vsi_request_irq_msix error path. If request_irq() fails after the first iteration, the error path frees IRQs with the wrong dev_id, causing IRQs to remain freed incorrectly and triggering a WARNING: “Trying to free already-free...

CVE-2025-39957

CVE-2025-39957 affects the Linux kernel wireless stack (wifi: mac80211) where S1G capability length was not accounted for in scan_ies_len, causing a buffer length validation failure in ieee80211_prep_hw_scan() and a WARN in __ieee80211_start_scan(). The fix adds S1G length to the calculation to e...

CVE-2025-68749

CVE-2025-68749 (Linux kernel) relates to a race in the ivpu accelerator driver when unbinding BOs. The fix adds bo_list_lock protection around the unmapping sequence, ensuring a BO is fully unmapped either during context teardown or when still on the BOs list. This prevents the Memory manager war...

CVE-2025-71101

CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...

CVE-2025-71113

The CVE-2025-71113 issue is in the Linux kernel crypto af_alg path. Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, which could cause uninitialized data to be used in certain error paths or when new fields are added. The root cause is missing z...

CVE-2025-71220

Technical details about CVE-2025-71220 (affected product/component/version, root cause, impact, fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

CVE-2025-71223

CVE-2025-71223 affects the Linux kernel's ksmbd SMB server path (smb2_open and ksmbd_vfs_getattr). The issue is a refcount leak when ksmbd_vfs_getattr() fails, potentially causing resource leakage and local impact. A kernel update fixing the refcount leak is provided by the referenced advisories ...

CVE-2026-22982

CVE-2026-22982 is a Linux kernel vulnerability in the net: mscc: ocelot driver. The issue causes a crash when adding an interface under a lag due to NULL pointer dereferences in the ocelot frontend (ocelot_vsc7514.c) where unused ports may be left as NULL. The fix updates the code to verify the p...

CVE-2026-23001

CVE-2026-23001 – Linux kernel macvlan UAF fix Multiple connected advisories reference this CVE as a fix in the macvlan subsystem. The vulnerability is described as a use-after-free (UAF) in macvlan_forward_source(), with the fix adding RC (read-copy-update) protection on (struct macvlan_source_en...

CVE-2026-23062

The CVE-2026-23062 issue is in the Linux kernel platform/x86 hp-bioscfg code. The root cause is twofold: an off-by-one error in a loop using <= instead of

CVE-2026-23105

CVE-2026-23105 (Linux kernel) : A fix in the net/sched/qfq code changes the activation check of a class from relying on the child qdisc’s qlen to using cl_is_active in qfq_rm_from_ag. This patch makes activation determination more consistent and aims to prevent exploits that could manipulate chil...

CVE-2026-23153

CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...

CVE-2026-23215

CVE-2026-23215 affects the Linux kernel’s x86/vmware code. The issue arises from buggy QEMU VMware mouse emulation that clobbers the top 32 bits of the RDI/RSI state across hypercalls, causing page faults when dereferencing a saved kernel stack address. The kernel workaround marks RDI/RSI as clob...

CVE-2026-23219

CVE-2026-23219 concerns the Linux kernel (mm/slab) where alloc_tagging_slab_free_hook was not invoked in memcg_alloc_abort_single, causing a spurious warning: “alloc_tag was not cleared …” when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled. The issue arises because the existing __memcg_slab_post_al...

CVE-2026-23247

CVE-2026-23247 is a Linux kernel TCP/TCP options issue that reintroduces port inclusion in the TS offset to mitigate an off-path TCP source port leakage via a SYN-cookie side-channel. The vulnerability is resolved by reverting a previous downgrade of timestamp offsets and performing a single siph...