14330 matches found
CVE-2025-39864
CVE-2025-39864 affects the Linux kernel wifi subsystem (cfg80211) and specifically the cmp_bss() path after a use-after-free in bss_free(). The fix, applied via commits addressing the hidden_beacon_bss handling, ensures the last beacon frame elements are freed only when not shared by the hidden_b...
CVE-2025-39901
CVE-2025-39901 affects the Linux kernel i40e driver. The vulnerability arises from read access to two legacy debugfs files, a read interface for the i40e command and netdev_ops buffers. Both files share a static 256-byte buffer initialized to the empty string, with reads formatting output as “: ”...
CVE-2025-71073
CVE-2025-71073 is addressed in OSV entries showing patches in the Root project: the vulnerability is fixed in the rootio-linux package for Root:Debian:11, Root:Debian:12, Root:Debian:13 and for Root:Ubuntu:22.04 and Root:Ubuntu:24.04, with multiple fixed versions available. The Initial Linux kern...
CVE-2025-71087
CVE-2025-71087: Linux kernel iavf RSS configuration fix for off-by-one in iavf_config_rss_reg(). The issue caused out-of-bounds reads/writes when configuring RSS hash key/lookup table due to loop bounds using <= with rss_key_size/rss_lut_size; the fix switches to < to enforce proper bounds....
CVE-2025-71094
CVE-2025-71094: In the Linux kernel, the ASIX USB Ethernet driver (net: usb: asix) could read an invalid PHY address from a USB device (address >= PHY_MAX_ADDR), triggering a warning in mdiobus_get_phy. The fix validates the PHY address in asix_read_phy_addr() and removes the now-redundant che...
CVE-2025-71151
CVE-2025-71151 concerns the Linux kernel CIFS SMB3 reconfiguration path. In smb3_reconfigure(), when smb3_sync_session_ctx_passwords() fails, the function returns without freeing and erasing the newly allocated new_password and new_password2, causing a memory leak and potential information leak. ...
CVE-2025-71154
CVE-2025-71154 concerns Linux kernel code for the rtl8150 USB driver. When usb_submit_urb() fails in async_set_registers(), the allocated async_req and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() frees these allocations only after a successful URB submissi...
CVE-2026-22977
CVE-2026-22977 affects the Linux kernel net: sock: fix hardened usercopy panic in sock_recv_errqueue. The issue arises when using skbuff_fclone_cache where no usercopy whitelist exists for skb.cb, causing a usercopy BUG() during put_cmsg() when copying serr->ee from skb->cb via sock_recv_er...
CVE-2026-23011
CVE-2026-23011: In the Linux kernel, ip_gre: make ipgre_header() robust to prevent skb under_panic when a device (e.g., bonding/team) changes dev->needed_headroom or dev->hard_header_len. The crash described involves mld_newpack/mld_sendpack path with an skb that had insufficient headroom, ...
CVE-2026-23025
CVE-2026-23025 : In the Linux kernel, drain_page_zone() could corrupt per-CPU pages (pcp) when an interrupt occurs and code path uses spin_lock(&pcp->lock) with SMP=n, because spin_trylock() may fail. The issue enables potential pcp structure corruption. The fix adds local wrappers that conver...
CVE-2026-23110
CVE-2026-23110 relates to the Linux kernel SCSI core: Wake up the error handler when final completions race against each other. The description identifies two race conditions that can prevent the error handler from waking up, potentially leaving I/O in the error state. Root causes are memory-orde...
CVE-2026-23147
The CVE-2026-23147 issue concerns Linux kernel btrfs zlib compression on S390 hardware acceleration. After a refactor (S390x HW acceleration), the code stopped releasing the page cache folio returned by btrfs_compress_filemap_get_folio(), leading to a folio leak. The root cause is a missing folio...
CVE-2026-23198
CVE-2026-23198 relates to the Linux kernel KVM irqfd handling. The vulnerability arose when deassociating an IRQFD could clobber the irqfd’s copy of the IRQ’s routing entry, causing arch-specific code (e.g., kvm_arch_irq_bypass_del_producer on x86/arm64) to misinterpret routing as MSI. The fix ch...
CVE-2026-23222
CVE-2026-23222 has been resolved in the Linux kernel. The bug was due to omap_crypto_copy_sg_lists() allocating an array of scatterlist pointers instead of scatterlist objects, causing a 4x under-allocation. The fix uses sizeof(*new_sg) to allocate the correct object size, ensuring proper scatter...
CVE-2026-23398
CVE-2026-23398 — Linux kernel icmp_tag_validation NULL pointer dereference has concrete details in the provided documents. The vulnerability occurs when icmp_tag_validation() dereferences inet_protos[proto] without a NULL check for an unregistered protocol number in an ICMP Fragmentation Needed p...
CVE-2026-31626
CVE-2026-31626 affects the Linux kernel’s rtl8723bs staging driver, specifically the rtw_BIP_verify() function. A u64 variable (le_tmp64) was not fully initialized, which Smatch warned could leave the last two bytes uninitialized (only 6 of 8 bytes copied). The issue is resolved by initializing l...
CVE-2026-31627
The CVE-2026-31627 entry concerns the Linux kernel i2c s3c24xx driver, where the first byte of an SMBUS message (the size) is not validated before processing. This could allow out-of-range SMBUS block lengths to be acted on, with potential impact to I2C SMBUS block operations. The description not...
CVE-2026-31629
The CVE-2026-31629 vulnerability affects the Linux kernel NFC LLCP subsystem. Specifically, in nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly releases resources but lacks an early return, causing fall-through to subsequent release calls. Th...
CVE-2026-43232
Summary: CVE-2026-43232 is a Linux kernel vulnerability in the FarSync WAN driver (net: wan: farsync) that causes a use-after-free when detaching a FarSync T-series card. The issue arises from a race between tasklets/work queues and card removal: fst_card_info is freed in fst_remove_one() but fst...
CVE-2026-43327
CVE-2026-43327 affects the Linux kernel USB dummy-hcd code. The race involves usb_gadget_udc_reset() being invoked with a NULL second argument (driver) due to a race between USB reset and driver unbind, enabling a potential crash. The root cause was that stop_activity() could drop and re-acquire ...
CVE-2026-43483
CVE-2026-43483 (Linux kernel, KVM/VMX-SVM) fixes a flaw in SVM AVIC handling where CR8 write interception could remain enabled after AVIC activation. The patch explicitly sets/clears CR8 interception when AVIC is (de)activated to prevent the dangling intercept, which could cause TPR desynchroniza...
CVE-2026-45835
CVE-2026-45835: In the Linux kernel, Bluetooth L2CAP code is vulnerable to a NULL pointer dereference in l2cap_sock_new_connection_cb() due to a missing NULL guard. The fix adds the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(), addressing the null-ptr-deref ...
CVE-2026-45839
CVE-2026-45839 is a Linux kernel vulnerability where negative CO-RE accessor indices in bpf_core_parse_spec() could cause an out-of-bounds read, leading to a deterministic kernel crash during BPF program load on systems with CONFIG_DEBUG_INFO_BTF=y. The issue arises because sscanf parses componen...
CVE-2026-45869
CVE-2026-45869 affects the Linux kernel wm97xx power supply driver. A race between request_irq() and power_supply_register() can cause a NULL pointer dereference in power_supply_changed() if an interrupt fires before the power_supply handle is registered. Fix: ensure the IRQ is requested after re...
CVE-2026-45904
The CVE-2026-45904 issue affects the Linux kernel’s PowerPC EEH driver, where a restructuring workaround caused a recursive lock scenario around pci_lock_rescan_remove. The problem arose when EEH event handling briefly acquired the PCI bus lock while eeh_pe_bus_get() could also attempt the same l...
CVE-2026-45942
Summary of CVE-2026-45942 : A race condition in the Linux kernel ext4 bitmap handling enables inconsistent bitmap reporting due to concurrent page migration and bitmap modification in the load_buddy path. The root cause is that the fast load_buddy path only increments the folio refcount and can o...
CVE-2026-45949
CVE-2026-45949 details from connected OSV/NVD entries confirm a race in the Linux kernel hwrng core where concurrent unregister/start calls may cause use-after-free due to hwrng_fill not being cleared reliably. The patch serializes access with rng_mutex, moves cleanup to a work_struct, and conver...
CVE-2026-45973
CVE-2026-45973 affects the Linux kernel’s RDMA/mlx5 driver. A race during firmware reset in LAG mode could cause the driver to hang indefinitely while waiting for UMR completion on device unload, because the master/bond device would miss slave sys_error events. The fix adds a sys_error notifier r...
CVE-2026-46102
The CVE-2026-46102 issue affects the Linux kernel network stream parser (net: strparser). When the stream parser is aborted (e.g., after a message assembly timeout), the partially assembled message referenced by strp->skb_head is not released in strp_abort_strp(), causing a memory leak that co...
CVE-2026-46125
CVE-2026-46125 describes a Linux kernel issue in the wifi mac80211 path where, if Multi-Link Operation (MLO) connection preparation fails, the associated station may not be removed correctly. The advisory states that the interface is reset to non-MLD and the station linked to the vif should be de...
CVE-2026-46170
CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...
CVE-2026-46185
The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...
CVE-2026-46202
CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...
CVE-2026-46203
The CVE-2026-46203 issue affects the Linux kernel, specifically the spi: cadence-quadspi driver. The root cause is unclocked register access that can occur if the controller is not runtime-resumed before being disabled during driver unbind. The fix ensures the controller is runtime resumed prior ...
CVE-2026-46220
CVE-2026-46220 affects the Linux kernel’s drm/amdgpu sdma4 fence emission. The vulnerability stems from two BUG_ON(addr & 0x3) assertions in sdma_v4_0_ring_emit_fence(), which could be triggered by unprivileged userspace submissions via DRM_IOCTL_AMDGPU_CS, causing a kernel panic in a scheduler w...
CVE-2026-46222
In CVE-2026-46222, the Linux kernel’s media: rockchip: rkcif driver was fixed by adding the missing MUST_CONNECT flag to pads, addressing a null-pointer dereference when a media stream is enabled. The issue arose from pads not reliably checking for connected devices, enabling a local attacker to ...
CVE-2026-46224
The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...
CVE-2026-46231
CVE-2026-46231 concerns the Linux kernel’s batman-adv code. When batadv_bla_add_claim() fails to insert a new claim into its hash, a reference to the target backbone_gw could be leaked. The vulnerability arises from not releasing that reference on the error path, potentially allowing a backbone_g...
CVE-2026-46293
CVE-2026-46293 : In the Linux kernel, the mpfs-ccc clock driver suffers an out-of-bounds access during output registration UBSAN reports. The hws array is allocated for two PLLs and four output dividers, but IDs include two DLLs and their outputs, which the driver does not support. The documented...
CVE-2026-52909
The CVE-2026-52909 issue affects the Linux kernel’s IPv6 Virtual Tunnel Interface (ip6_vti) fallback device: ip6_vti0 may be movable between network namespaces because netns_immutable is not set during initialisation. Multiple connected advisories confirm this root cause and indicate patches have...
CVE-2026-52939
CVE-2026-52939 is addressed by the Debian/Ubuntu Linux kernel fixes in the 6.1.y series. Debian LTS advisories (DLA-4671, DLA-4665) indicate linux-6.1 packages are updated to mitigate this issue, e.g., Debian 11/12 updates shipping linux-6.1 with CVE-2026-52939 included and patched versions such ...
CVE-2026-52943
CVE-2026-52943 affects the Linux kernel: two pskb_carve helpers (pskb_carve_inside_header and pskb_carve_inside_nonlinear) copy the old skb_shared_info header via memcpy without calling net_zcopy_get() for the new copy, creating an unaccounted destructor_arg (uarg) reference. This can cause use-a...
CVE-2022-50114
CVE-2022-50114 affects the Linux kernel 9p subsystem. The root cause is a refcount leak in p9_read_work() error handling when m->rreq->rc.sdata is NULL; p9_req_put must be called to avoid the leak. Affected component: net/9p (p9_read_work). The fix is documented in kernel commits (e.g., 34b...
CVE-2022-50205
The CVE-2022-50205 entry corresponds to a Linux kernel vulnerability in ext2 that adds validity checks for inode counts. The root cause is that inodes stored in the superblock must match the computed value from inodes-per-group, and there must be at least one block worth of inodes per group; thes...
CVE-2022-50367
CVE-2022-50367 affects the Linux kernel’s nilfs filesystem code. The vulnerability arises when in alloc_inode, inode_init_always() may return -ENOMEM if security_inode_alloc() fails, leaving inode->i_private uninitialized. nilfs_is_metadata_file_inode() can then return true and nilfs_free_inod...
CVE-2023-53210
CVE-2023-53210 affects Linux kernel md/raid5-cache code: a null pointer dereference can occur in r5l_flush_stripe_to_raid() when io completion is processed after the log end clears the list. The root cause is r5l_log_flush_endio() clearing the list before handling bio cleanup, which can lead to a...
CVE-2023-53226
CVE-2023-53226 affects the Linux kernel wireless driver mwifiex (wifi): the issue is an OOB and integer underflow when RX packets are processed, potentially allowing out-of-bounds skb->data access. Connected advisories (Unity/Linux, Red Hat SUSE, MiracleLinux) confirm remediation via kernel up...
CVE-2023-53299
CVE-2023-53299 affects the Linux kernel's md/raid10 recovery path. The issue leaks the field r10bio->remaining when a read I/O fails and recovery_request_write() exits early, causing end_sync_request() to run only once and an I/O hang. The documented fix reduces or decrements 'remaining' depen...
CVE-2023-53313
CVE-2023-53313 concerns the Linux kernel, fixing the corrupted md/raid10 behavior where no input validation existed for echo md/max_read_errors, risking overflow and affecting availability (fixed in the kernel). Public references from Unity Linux Nessus advisories reproduce the description, confi...
CVE-2023-53352
CVE-2023-53352 : In the Linux kernel, a null pointer dereference could occur in the DRM TTM swap path (ttm_bo_swapout) when swapping, potentially leading to a crash. The vulnerability is resolved by a guard that checks for null pointers before accessing ttm structures during swapout, effectively ...