14330 matches found
CVE-2026-46133
The CVE-2026-46133 issue affects Linux kernel’s Soft RoCE (RDMA/rxe) where an unauthenticated UDP packet with an unknown opcode could trigger an out-of-bounds read during ICRC/CRC processing due to missing validation of opcodes before length arithmetic. The advisory describes that entries in the ...
CVE-2026-46147
CVE-2026-46147 concerns the Linux kernel KVM on ARM64, where two bugs in vCPU initialisation can leak pin references to host vCPU/SVE pages and allow observation of a partially initialised vCPU object. The fixes extract a helper for vCPU registration, ensure proper unpinning on error, and enforce...
CVE-2026-46160
CVE-2026-46160 concerns the Linux kernel’s Btrfs filesystem: when removing a directory, last_unlink_trans is not updated, which can lead to incorrect fsync behavior if a directory with an open file descriptor is fsynced after removal. This can cause log replay during mount to fail with -EIO, pote...
CVE-2026-46190
Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...
CVE-2026-46193
CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...
CVE-2026-46200
CVE-2026-46200 affects the Linux kernel SPI MPC52xx driver. The issue stems from improper controller deregistration: the driver may deregister the controller after or without ensuring proper release of resources (interrupts, GPIOs) during driver unbind, risking system instability or resource exha...
CVE-2026-46219
CVE-2026-46219 concerns a use-after-free in the SPI mpc52xx path of the Linux kernel. The description indicates the state machine work is scheduled by the interrupt handler and must be cancelled after interrupts are disabled to avoid use-after-free. Connected OSV entries show patches in rootio-li...
CVE-2026-46246
The CVE-2026-46246 issue affects the Linux kernel driver power: supply: pm8916_lbc. It describes a use-after-free race: when requesting IRQs with the devm_ helper before the extcon handle is allocated/registered, the extcon resource can be freed while an IRQ handler is still active, leading to ex...
CVE-2026-46250
The CVE-2026-46250 entries describe a Linux kernel issue on MIPS where LLVM erroneously restores the global gp register when it is used as a global register variable (__current_thread_info), causing the gp pointer to point to the unrelocated kernel after relocate_kernel. This leads to a crash dur...
CVE-2026-46252
CVE-2026-46252 affects the Linux kernel regulator core. The vulnerability stems from improper locking in regulator_resolve_supply() error handling, where late-failing supply enable paths could trigger a lockdep warning due to holding the regulator_list_mutex while calling _regulator_put(). The fi...
CVE-2026-46253
In Linux kernel pstore/ram, CVE-2026-46253, the vulnerability is a heap buffer overflow during persistent_ram_save_old(). If the buffer size has grown since the first allocation, the code updates old_log_size to the new size and then copies with memcpy_fromio(), risking an out-of-bounds write (an...
CVE-2026-46265
The CVE-2026-46265 issue affects the Linux kernel RDMA/hns path. When sunrpc is in use and a reset occurs, QP destruction may lead to a WQ_MEM_RECLAIM dependency warning during workqueue flushing, risking kernel instability. The fixed code fixes the WQ_MEM_RECLAIM handling in the RDMA/hns path (Q...
CVE-2026-46285
CVE-2026-46285 : In the Linux kernel, the mtd/docg3 release path has a use-after-free: docg3 is obtained from cascade->floors[0]->priv, then freed by doc_release_device() before the loop completes, and later code dereferences docg3 via docg3->cascade->bch. The root cause is using a fr...
CVE-2026-46292
CVE-2026-46292 (Linux kernel): The issue is in pmdomain core handling when detaching virtual devices from a genpd. The patch fixes a missing pm_runtime_disable() call in genpd_dev_pm_detach(), which could leave runtime PM enabled for virtual devices after detachment. Consequences described includ...
CVE-2026-46307
CVE-2026-46307 affects the Linux kernel ath5k driver, where a UBSAN-detected array-index-out-of-bounds in ath5k_tasklet_tx can write beyond a 4-entry ieee80211_tx_rate array, potentially overwriting the next info->status field (ack_signal). Rootcause: ts_final_idx may be 3, causing an out-of-b...
CVE-2026-53243
CVE-2026-53243 affects the Linux kernel component related to RSEQ (rseq_exit_user_update). The issue is an uninitialized stack variable used in the initialization of the struct rseq_ids, where ids.node_id is derived from ids.cpu_id before it is initialized, enabling potential information leakage....
CVE-2026-53309
CVE-2026-53309 relates to the Linux kernel OCFS2 DLM component. A bug in the dlm_match_regions() region comparison used a <= bound, allowing reads beyond the valid range of qr_regions. The fix modifies the loop condition to use
CVE-2022-49997
CVE-2022-49997 concerns the Linux kernel component net/lantiq_xrx200. In memory-allocation failure scenarios, an invalid buffer address is stored; when the descriptor is used again, the system panics in build_skb() when accessing memory. The vulnerability is described as resolved in the provided ...
CVE-2022-50105
The CVE-2022-50105 issue affects the Linux kernel (powerpc/spufs) where of_find_node_by_path() could leak a refcount. The fix, as documented, is to call of_node_put() on the remotely referenced device node when done, preventing a refcount leak in spufs_init_isolated_loader. Connected advisories (...
CVE-2022-50332
CVE-2022-50332 concerns a Linux kernel issue in video/aperture where sysfb_disable() must be called from aperture_remove_conflicting_pci_devices() before removing PCI devices to prevent simpledrm from binding to simple-framebuffer devices after the driver takes over. The vulnerability is describe...
CVE-2023-53151
CVE-2023-53151 affects the Linux kernel’s md/raid10 path. The vulnerability arose because there was no limit for plugged bio during flush writes in raid10 (unlike raid1 which used cond_resched), allowing writeback activity to cause a soft lockup under heavy I/O. The public advisories describe a f...
CVE-2023-53191
The CVE-2023-53191 vulnerability affects the Linux kernel code path irqchip/alpine-msi in alpine_msix_init_domains. The root cause is a refcount leak caused by not calling of_node_put() on the node returned by of_irq_find_parent() after it is no longer needed. A fix adds the missing of_node_put()...
CVE-2023-53287
CVE-2023-53287 : Linux kernel USB cdns3 driver fix—move the set_active() call outside the spin lock to avoid sleeping in atomic context during resume, preventing a WARN during resume (pm_runtime_resume path). The change protects the cdns data structure and removes the ‘sleeping function called fr...
CVE-2023-53290
CVE-2023-53290 affects the Linux kernel in the samples/bpf path, where fout was opened with fopen but not closed, leading to a leak in hbm's run_bpf_prog. The issue is resolved by a patch that ensures fout is closed (fclose’d) before scope exit. The provided sources confirm the fixed state and li...
CVE-2023-53373
CVE-2023-53373 in the Linux kernel affects the crypto/seqiv path. The vulnerability arises because seqiv only handles EINPROGRESS and does not account for EBUSY, risking a use-after-free for backlogged requests. The fix is to treat EBUSY the same as EINPROGRESS, preventing premature data free on ...
CVE-2023-53389
CVE-2023-53389 affects the Linux kernel’s MediaTek DisplayPort bridge (drm/mediatek) where HPD IRQs could fire before the bridge is attached to a DRM device. This could cause a NULL pointer dereference in drm_helper_hpd_irq_event() due to an invalid drm_device being passed. The published fix: ver...
CVE-2023-53404
CVE-2023-53404 relates to the Linux kernel USBFotg210 driver where a memory leak can occur when using debugfs_lookup() without releasing the result. The memory must be released with dput(), but the patch replaces this with debugfs_lookup_and_remove(), which handles the lookup and cleanup in one s...
CVE-2023-53441
CVE-2023-53441: Linux kernel bpf cpumap memory leak fix. The vulnerability concerns cpu_map_update_elem leaking memory in the BPF map update path (cpu_map_entry_alloc path) as observed by Syzkaller. The fix is in the kernel, referenced by commits such as a957ac8e0b5ffb5797382a6adbafd005a5f72851 a...
CVE-2025-38534
CVE-2025-38534 affects the Linux kernel netfs copy-to-cache path used by Ceph with local caching. The issue: a write-to-cache request could hang after the backing filesystem completes the async DIO write because NETFS_RREQ_OFFLOAD_COLLECTION wasn’t set, causing an app to miss the collection notif...
CVE-2025-38589
The Connected documents confirm CVE-2025-38589 relates to a null-ptr-deref in neigh_flush_dev() within the Linux kernel, fixed by reverting to hash-table iteration in neigh_table_clear() after introducing per-netdev neighbour lists. The issue was triggered by neigh_table_clear() calling neigh_ifd...
CVE-2025-38626
CVE-2025-38626 affects the Linux kernel with the F2FS file system in foreground log-structured (lfs) mode. The issue arises in f2fs_map_blocks() where allocations can trigger block allocations aggressively under parallel aio/dio/bufio workloads, potentially exhausting space and causing a system p...
CVE-2025-38640
CVE-2025-38640: Linux kernel vulnerability in BPF/netfilter flow where nf_hook_run_bpf() could run migrations in xmit path, allowing non-migratable context assumptions to be violated. The fix disables migration by using bpf_prog_run_pin_on_cpu() in nf_hook_run_bpf() (commit references in the Linu...
CVE-2025-38660
CVE-2025-38660 affects the Linux kernel code path used when handling Ceph-related long names. The issue stems from parse_longname() using strrchr() without a guaranteed NUL-terminated string, which motivated building a NUL-terminated copy via kmemdup_nul() to prepare input for kstrtou64(). The pr...
CVE-2025-38697
The CVE relates to the Linux kernel JFS: an upper bound check in dbAllocAG when computing the tree index could go out of bounds if filesystem metadata is corrupted. This could enable a local attacker to trigger out-of-bounds conditions in JFS data structures. The vulnerability is resolved in the ...
CVE-2025-38729
CVE-2025-38729 relates to the Linux kernel ALSA USB-audio driver and a validation issue with UAC3 power domain descriptors. The root cause is insufficient verification of the descriptor length (bLength), which could allow out-of-bounds accesses via malicious firmware. The vulnerability affects th...
CVE-2025-39677
Summary: CVE-2025-39677 affects the Linux kernel net/sched backlog accounting in qdisc_dequeue_internal for hhf, fq, fq_codel, and fq_pie. The issue occurs when adjusting to a new backlog limit; dequeue paths drop packets from gso_skb without increasing qstats backlog, causing backlog underflow i...
CVE-2025-39681
CVE-2025-39681 relates to the Linux kernel on x86 with Hygon CPUs. The root cause was a missing resctrl_cpu_detect() call in the Hygon BSP init path after resctrl_cpu_detect() was moved to vendor-specific init code. This caused a division-by-zero in get_rdt_mon_resources() during early boot due t...
CVE-2025-39744
The CVE-2025-39744 issue affects the Linux kernel and describes a deadlock in rcu_read_unlock() when called during irq_exit() if an IPI is issued. The root cause is an incorrect handling of irq_work state inside rcu_read_unlock_special() triggered by irq_exit(), which can cause a system hang/lock...
CVE-2025-39746
CVE-2025-39746 affects the Linux kernel device driver stack for wifi/ath10k on PCIe. When the hardware becomes unreliable, ath10k can lose PCIe connectivity, causing WMI command timeouts and a restart loop that may trigger a watchdog timeout and a system crash on suspend. The advisory describes a...
CVE-2025-39776
CVE-2025-39776 is reported by CBLMARINER as affecting the Linux kernel package in Mariner, specifically versions less than 6.6.104.2-1. The advisory states that an upgraded kernel version 6.6.104.2-1 or newer resolves this issue. The provided connected document does not include additional technic...
CVE-2025-39787
CVE-2025-39787 (Linux kernel) affects the soc: qcom: mdt_loader in remoteproc usage. The root cause is reading beyond the ELF header during traversal; the fix validates the firmware buffer size and also validates e_phentsize and e_shentsize to ensure correct header traversal. Impact described as ...
CVE-2025-39788
CVE-2025-39788 affects the Linux kernel SCSI/ufs Exynos driver (gs101). The issue is in the USB/UFS host path where the left shift to set UTRL_NEXUS_TYPE is performed on an int, causing an out-of-bounds shift and writing an incorrect value (0xffffffff on gs101). The fix switches to the BIT() macr...
CVE-2025-39800
CVE-2025-39800 is a Linux kernel vulnerability affecting the btrfs subsystem. When cloning the extent buffer in btrfs_copy_root(), an unexpected eb generation could trigger a WARN_ON() instead of aborting the transaction, allowing metadata with an unexpected generation to persist. The fix aborts ...
CVE-2025-39809
CVE-2025-39809 affects the Linux kernel’s Intel QuickI2C HID path (intel-thc-hid). The issue is that the ACPI _DSD methods for ICRS/ISUB return data with a trailing byte, making the actual length one byte longer than the structs define. This leads to a stack-out-of-bounds write and a kernel crash...
CVE-2025-39832
CVE-2025-39832 concerns the Linux kernel’s mlx5 driver. The issue is a lockdep assertion triggered during the sync reset unload path, specifically when a sync reset flow is started via the devlink reload fw_activate option. The PF holds the devlink lock while handling the unload event, and the fi...
CVE-2025-39852
CVE-2025-39852: Linux kernel TCP stack IPv6 TCP-AO path leaks memory when tcp_v6_syn_recv_sock() exits on error due to missing error-handling cleanup. The linked Astra/OpenSUSE advisories confirm the fix adds inet_csk_prepare_forced_close() and tcp_done() (as in the IPv4 path) to ensure the new s...
CVE-2025-39853
CVE-2025-39853 affects the Linux kernel i40e driver. The issue arises when the MAC list is empty, as list_first_entry() can return a pointer to an invalid object, risking invalid memory access upon use. The advisory notes the fix is to replace list_first_entry() with list_first_entry_or_null(), p...
CVE-2025-39859
CVE-2025-39859 : In the Linux kernel, a race condition can cause a use-after-free when the timer watchdog used by ptp_ocp_watchdog is running during devlink deallocation. The flaw occurs because ptp_ocp_detach() only cancels the watchdog if it is pending; if the timer handler is active, timer_del...
CVE-2025-39860
CVE-2025-39860 – Linux kernel Bluetooth UAF in l2cap_sock_cleanup_listen() . The vulnerability arises from a race between bt_accept_dequeue() and l2cap_sock_cleanup_listen() where a socket could be freed while another path still holds a reference. The root cause is a race in the l2cap_sock_cleanu...
CVE-2025-39863
CVE-2025-39863 affects the Linux kernel’s wifi/brcmfmac path, specifically a use-after-free in brcmf_btcoex_info handling. The vulnerability arises from a race between brcmf_btcoex_detach() and brcmf_btcoex_timerfunc(): the timer handler can set timer_on to false while a detach is in progress, ca...