14330 matches found
CVE-2023-53359
CVE-2023-53359 affects the Linux kernel and fixes a memory-leak in debugfs_lookup(). The issue occurs when the result of debugfs_lookup() is not paired with a dput(), allowing memory to leak over time. The workaround introduced in the patch is to call debugfs_lookup_and_remove(), which handles al...
CVE-2023-53406
The CVE-2023-53406 issue affects the Linux kernel’s USB gadget code (pxa25x_udc), where using debugfs_lookup() without balancing dput() could leak memory over time. The advisory describes the root cause as a memory-leak condition and recommends replacing the pattern with debugfs_lookup_and_remove...
CVE-2023-53413
CVE-2023-53413 concerns a memory leak in the Linux kernel USB isp116x driver triggered by debugfs_lookup() usage. The issue arises because the result from debugfs_lookup() must be released with dput(), and if not, memory leaks accrue over time. The referenced fix replaces the call path with debug...
CVE-2023-53421
CVE-2023-53421 affects the Linux kernel blk-cgroup: when blkcg_reset_stats() clears memory for blkg_iostat_set, the fields blkg and sync are not properly re‑initialized, risking a NULL pointer dereference in blkg and potentially a kernel panic (and a lockdep issue in debug builds). The advisory f...
CVE-2023-53439
CVE-2023-53439 concerns the Linux kernel fix for skb_partial_csum_set() where skb->transport_header used the sentinel value 0xFFFF to indicate the transport header status. The description indicates the vulnerability arose from callers potentially setting skb->transport_header to 0xFFFF, and...
CVE-2023-53468
Summary of CVE-2023-53468 : In the Linux kernel, the ubifs memory leak is fixed in the alloc_wbufs() path. The issue was triggered when ubifs_wbuf_init() returns an error inside the loop, causing wbuf->buf and wbuf->inodes that were already allocated to remain unfreed. The fix adds an error...
CVE-2023-53472
CVE-2023-53472 affects the Linux kernel PWM driver for LPC32xx. The patch removes handling of PWM channels because LPC32xx PWM controllers expose a single output, so pwm->hwpwm is always 0. This simplifies the code and, per the description, fixes a NULL pointer dereference by ensuring lpc32xx-...
CVE-2023-53673
The CVE-2023-53673 issue is a Linux kernel Bluetooth vulnerability in the hci_event path. In hci_cs_disconnect, hci_conn_del is called even when disconnection failed, and ISO/L2CAP/SCO can reference hci_conn without hci_conn_get, so disconn_cfm must be called to clean up the conn; otherwise a use...
CVE-2025-38221
CVE-2025-38221 relates to a Linux kernel ext4 punching hole offset vulnerability. The available connected documents describe a fix for out-of-bounds punching: punching a hole with a start offset that exceeds max_end could yield a negative length in truncate_inode_partial_folio during page cache t...
CVE-2025-38431
The CVE-2025-38431 entry concerns the Linux kernel SMB client regression related to native SMB symlinks. The available connected document details indicate the vulnerability was addressed by restoring the ability of the client to perform lstat(2) and readlink(2) operations even when the symlink ta...
CVE-2025-38508
CVE-2025-38508 : In the Linux kernel, the fix for SEV-SNP timekeeping uses the firmware-provided TSC_FACTOR to compute the mean TSC frequency, addressing clock skew between the hypervisor and SEV-SNP guests that caused hrtimers to fire early. The change applies to x86/sev Secure TSC handling and ...
CVE-2025-38631
CVE-2025-38631 affects the Linux kernel clock framework (clk/imx95-blk-ctl). When enabling runtime PM for clock suppliers that share a power domain, a crash can occur (synchronous external abort) during clock provider registration. The root cause is improper runtime PM handling that can cut power...
CVE-2025-38648
CVE-2025-38648 refers to a Linux kernel issue in the stm32 SPI driver. The stm32_spi_probe now validates that the pointer returned by of_device_get_match_data (cfg) is non-NULL before accessing cfg->has_device_mode, preventing a potential NULL pointer dereference and possible system crash. If ...
CVE-2025-38680
The CVE CVE-2025-38680 affects the Linux kernel media: uvcvideo component, where a 1-byte out-of-bounds read can occur in uvc_parse_format(). The root cause is a buffer length check that only guaranteed buf > 2, while the code accesses buffer[3], requiring at least 4 bytes. The vulnerability’s...
CVE-2025-38695
CVE-2025-38695 affects the Linux kernel SCSI lpfc, where lpfc_sli4_vport cleanup can run before sli4_hba.hdwqs are allocated if lpfc_sli4_read_rev() fails. This may cause a NULL pointer dereference when acquiring abts_io_buf_list_lock for the first hardware queue. The fix adds a NULL pointer chec...
CVE-2025-38699
CVE-2025-38699 is a Linux kernel double-free fix in the SCSI bfad (bfa) path. When bfad_im_probe() fails during init, bfad->im is freed but not set to NULL. If the driver is later uninstalled and bfad_sm_stopping triggers bfad_im_probe_undo(), the memory at bfad->im can be freed again, enab...
CVE-2025-38700
Concrete details found in connected documents confirm CVE-2025-38700 affects the Linux kernel's SCSI libiscsi path (iscsi_conn->dd_data) during iSER setup when ib_fast_reg_mr allocation fails. The root cause is unconditional initialization of iscsi_conn->dd_data when dd_size may be 0, leadi...
CVE-2025-38705
CVE-2025-38705: In the Linux kernel, writing a string without delimiters to gpu_od/fan_ctrl or pp_power_profile_mode for the CUSTOM profile can cause a NULL pointer dereference in drm/amd/pm. SUSE/OpenSUSE advisories (e.g., SUSE-SU-2025:03600-1) list this alongside many other kernel fixes and ind...
CVE-2025-38706
In CVE-2025-38706, the Linux kernel ASoC core vulnerability arises when snd_soc_remove_pcm_runtime() is called with rtd == NULL, leading to a NULL pointer dereference. The issue was reproduced during topology loading and marking a link as ignore due to a missing hardware component; on module remo...
CVE-2025-38711
CVE-2025-38711 : Linux kernel vulnerability fixed in smb/server deadlock scenario when linking with ReplaceIfExists. If smb2_create_link() is called with ReplaceIfExists and the target name exists, ksmbd_vfs_kern_path_locked() locks the parent, then ksmbd_vfs_remove_file() deletes the file, and k...
CVE-2025-38712
CVE-2025-38712 refers to a Linux kernel issue in the hfsplus code path. Root cause: when the volume header has values not reflecting the filesystem state, hfsplus_fill_super() may assume the attributes file isn’t created and call hfsplus_create_attributes_file(), hitting a BUG_ON(). The fix repla...
CVE-2025-38717
CVE-2025-38717 – net/kcm race condition (Linux kernel) : Syzbot observed a race between kcm_unattach(psock) and kcm_release(kcm). The bug stems from a missing check of the flag kcm->tx_stopped before queue_work(), which can allow requeuing kcm->tx_work between cancel_work_sync() and unreser...
CVE-2025-39673
Summary (CVE-2025-39673) : The issue is in the Linux kernel’s ppp_fill_forward_path() where two race conditions could occur in the ppp channels handling. The patch uses a lockless RCU approach: test and access the first channel with list_first_or_null_rcu(); modify channel list with RCU-variants ...
CVE-2025-39684
CVE-2025-39684 affects the Linux kernel Comedi subsystem. The vulnerability arises in do_insn_ioctl() and do_insnlist_ioctl() where a buffer of insn->n samples (unsigned int per sample) could copy back more data to userspace than was initialized, leaking kernel memory. Root cause: not all inst...
CVE-2025-39689
CVE-2025-39689 affects the Linux kernel’s ftrace filter handling. The issue arose because readers (set_ftrace_filter/set_ftrace_notrace) kept a pointer to the global tracer hash, unlike writers who copy the hash. The pointer could remain static across calls that release locks and update the globa...
CVE-2025-39723
CVE-2025-39723 affects the Linux kernel netfs unbuffered write path. When all subrequests in an unbuffered write stream fail, stream->transferred could remain LONG_MAX, and wreq->transferred could be updated to that value, causing write_iter() to report an erroneous non‑zero transfer and tr...
CVE-2025-39742
CVE-2025-39742 - RDMA: hfi1 divide-by-zero in find_hw_thread_mask() (Linux kernel) Affects: Linux kernel RDMA hfi1 path; vulnerability arises from dividing the number of online CPUs by num_core_siblings, followed by a zero-division check. Root cause: division performed before validating the divis...
CVE-2025-39761
CVE-2025-39761 pertains to the Linux kernel wifi driver ath12k. The issue arises when RX peer frag setup errors occur: TID is not decremented before cleaning up peer state, risking an out-of-bounds access in peer->rx_tid[]. The advisory states that a decrement operation on TID before peer clea...
CVE-2025-39772
CVE-2025-39772 affects the Linux kernel HibMC driver for Hisilicon GPUs (drm/hisilicon/hibmc). Description: when hibmc loading fails, the driver attempted to free resources via hibmc_unload, but mode.config mutexes were uninitialized, risking a NULL-pointer dereference. The fix replaces a goto cl...
CVE-2025-39792
CVE-2025-39792 concerns the Linux kernel, where zoned DM targets (dm-crypt and dm-flakey) could previously encounter unsafe BIO splitting when handling zone append emulation. The advisory states that dm_accept_partial_bio() must not split writes passed to the map() function and that large BIOs mu...
CVE-2025-39810
CVE-2025-39810 – bnxt_en memory corruption fix in the Linux kernel driver. The issue arises when FW resources change during interface down, where bnxt_set_dflt_rings() can size bp->tx_ring[] too small if bp->num_tc > 1, permitting memory corruption in bnxt_alloc_cp_rings(). The root caus...
CVE-2025-39812
CVE-2025-39812: In the Linux kernel SCTP implementation, the vulnerability stems from not initializing sin6_scope_id in sctp_v6_from_sk(), which can cause undefined behavior. The fix clears sin6_scope_id and sin6_flowinfo to prevent use of uninitialized data in the IPv6 SCTP path. Affected contex...
CVE-2025-39813
CVE-2025-39813 concerns the Linux kernel ftrace subsystem. A race between ftrace_dump() and trace_pipe reads could trigger WARN_ON_ONCE in trace_printk_seq() when trace data is consumed by other readers, causing iter.seq to be mispopulated. The documented fix moves the trace_printk_seq() call ins...
CVE-2025-39822
The CVE-2025-39822 issue affects the Linux kernel io_uring/kbuf path. Root cause: buf->len is treated unsigned when importing buffers but is converted to signed int when committing, risking negative interpretation for large buffers. Mitigation: the min_t calculation is now unsigned. This is a ...
CVE-2025-39826
CVE-2025-39826 : In the Linux kernel, the net/rose_neigh struct’s use field was a non-atomic reference counter, risking use-after-free if the rose_neigh is freed while still referenced. The fix converts the field from unsigned short to refcount_t and switches code paths to rose_neigh_hold() and r...
CVE-2025-39840
The CVE-2025-39840 in the Linux kernel is a fixed out-of-bounds read in audit_compare_dname_path() when a watch on / coincides with a single-character create under / (e.g., /a). The root cause is that parent_len() returns 1 for "/"; audit_compare_dname_path() can set pathlen to 0 and dereference ...
CVE-2025-39873
CVE-2025-39873 (Linux kernel) : The vulnerability concerns the xilinx_can driver where xcan_write_frame() may use a previously freed skb. The root cause is that can_put_echo_skb() can take ownership of the SKB, which may be freed during or after the call, while xcan_write_frame() continues to tou...
CVE-2025-39957
CVE-2025-39957 affects the Linux kernel wireless stack (wifi: mac80211) where S1G capability length was not accounted for in scan_ies_len, causing a buffer length validation failure in ieee80211_prep_hw_scan() and a WARN in __ieee80211_start_scan(). The fix adds S1G length to the calculation to e...
CVE-2025-40082
CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...
CVE-2025-71085
The CVE-2025-71085 issue is a Linux kernel vulnerability: an oops/BUG_ON occurs in skb handling within calipso_skbuff_setattr() when headroom grows beyond INT_MAX, due to an implicit cast in __skb_cow() and a delta calculation that can become negative. The root cause is an integer overflow path t...
CVE-2025-71101
CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...
CVE-2025-71239
CVE-2025-71239 affects the Linux kernel audit subsystem: fchmodat2() was not in the change-attributes class, allowing calls that change file attributes to bypass certain audit rules. The patch adds fchmodat2() to the change attributes class, addressing this bypass path. Public advisories document...
CVE-2026-23094
CVE-2026-23094 : In the Linux kernel, the uacce subsystem’s device isolation feature creates sysfs files when either isolate_err_threshold_read or isolate_err_threshold_write callbacks exist. The issue was that accessing a non-existent callback could crash the system. The resolution implements a ...
CVE-2026-23103
Technical details about CVE-2026-23103 are not provided in the supplied documents. The description mentions making addrs_lock per port and related fixes, but lacks explicit affected products, versions, or remediation steps. Monitor for updates.
CVE-2026-23109
CVE-2026-23109 affects the Linux kernel writeback subsystem. The vulnerability arises in fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes(), where the system must wait for all pages under writeback for data integrity. Because some mappings (e.g., FUSE) do not enforce data integr...
CVE-2026-23117
The CVE-2026-23117 entry concerns the Linux kernel Intel ice network driver. The issue arises during devlink-reload: ice_devlink_reinit_down() did not call ice_deinit_hw() while ice_devlink_reinit_up() calls ice_init_hw(), causing ice_init_hw() to fail with -EBUSY if control queues remain initial...
CVE-2026-23121
Technical details for CVE-2026-23121 are not provided in the supplied documents. No affected products, root cause, or remediation are stated here. Monitor for updates from the vendor/security advisories.
CVE-2026-23136
CVE-2026-23136 : Linux kernel vulnerability in the libceph OSD client where the sparse-read state isn’t reset after a mid-payload disruption, causing the client to treat a fresh reply as a continuation of the old one. This can lead to a denial of service condition due to persistent sparse-read st...
CVE-2026-23212
CVE-2026-23212 affects the Linux kernel bonding driver where slave->last_rx (and target_last_arp_rx) data could be read/write locklessly, causing data races. The fix annotates these fields with READ_ONCE() and WRITE_ONCE(), addressing a KCSAN data race in bond_rcv_validate and related paths. C...
CVE-2026-23224
CVE-2026-23224 relates to the Linux kernel EROFS UAF race on file-backed mounts with the directio option. The issue arises in a race between z_erofs_read_folio, erofs_fileio_submit_bio, and related IO workqueue paths, where a dio ki_complete path frees an iocb/rq while access to the underlying fi...