14330 matches found
CVE-2026-23224
CVE-2026-23224 relates to the Linux kernel EROFS UAF race on file-backed mounts with the directio option. The issue arises in a race between z_erofs_read_folio, erofs_fileio_submit_bio, and related IO workqueue paths, where a dio ki_complete path frees an iocb/rq while access to the underlying fi...
CVE-2026-23235
CVE-2026-23235 (Linux kernel, f2fs) is a local, in-kernel vulnerability where certain f2fs sysfs attributes permit out-of-bounds memory access and misinterpretation of integer sizes. The root causes are: __sbi_store() and f2fs_sbi_show() incorrectly treat all default values as unsigned int, causi...
CVE-2026-23269
CVE-2026-23269 is an AppArmor/Linux kernel vulnerability where untrusted data is used as DFA start-state indices during unpack_pdb, enabling an out-of-bounds read in aa_dfa_next (via dfa->tables[YYTD_ID_BASE][start]). The issue is tied to the AppArmor LSM component and the root cause is readin...
CVE-2026-23346
CVE-2026-23346 affects the Linux kernel (arm64) in the ioremap_prot pathway. The root cause is that ioremap_prot() may extract non-address bits from a user mapping’s pgprot_t (including permissions) and generate a new user mapping, which can be accessed by the kernel when PAN is enabled. This can...
CVE-2026-23399
CVE-2026-23399 concerns the Linux kernel nf_tables code: when cloning the second stateful expression in a dynset element, the first expression could remain unfreed on error, causing a stateful memleak in error paths. The provided CVE description confirms a resolution in the kernel, with backtrace...
CVE-2026-23452
CVE-2026-23452 refers to a race condition in the Linux kernel PM: runtime code during device removal. The root cause described is the potential dereference of the parent device pointer (parent->power) after the parent is freed within pm_runtime_work(), which could lead to a use-after-free scen...
CVE-2026-31408
CVE-2026-31408 is a Linux kernel Bluetooth SCO use-after-free in sco_recv_frame(), where conn->sk is accessed after releasing sco_conn_lock() without holding a reference. The fix uses sco_sock_hold() to take a reference before unlocking and adds sock_put() on exit paths. Connected advisories s...
CVE-2026-31659
The CVE-2026-31659 issue affects the batman-adv component in the Linux kernel. batadv_tt_prepare_tvlv_global_data() computes a 16‑bit allocation length for a global TT response; if a remote originator advertises a large TT, the TT payload length plus VLAN offset can exceed 65,535 and wrap before ...
CVE-2026-31702
Summary of CVE-2026-31702 details from connected docs: The vulnerability is in the Linux kernel’s f2fs compression path. In f2fs_compress_write_end_io(), dec_page_count(sbi, type) could decrement the F2FS_WB_CP_DATA counter to zero while a concurrent unmount is unrolling, leading to a use-after-f...
CVE-2026-43105
The CVE-2026-43105 issue affects the Linux kernel’s DRM VC4 driver. The root cause is a memory leak where the hang state’s BO array is allocated with kzalloc() in vc4_save_hang_state() but is not freed in vc4_free_hang_state(), leaving memory allocated when the hang state is freed. A kfree() for ...
CVE-2026-43110
CVE-2026-43110 concerns the Linux kernel brcmfmac Wi‑Fi driver. The issue arises when processing firmware interface (IF) events: the code validates the firmware-provided interface index but still uses the raw bsscfgidx as an array index without a matching range check, enabling out-of-bounds acces...
CVE-2026-43215
The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...
CVE-2026-43265
CVE-2026-43265 affects the Linux kernel KVM for x86. The vulnerability arises when a vCPU is put into a blocking state with an already-injected event or nested run, allowing a user or guest to manipulate vCPU state and trigger a spurious userspace exit (often KVM_EXIT_UNKNOWN) that could crash th...
CVE-2026-43335
CVE-2026-43335 pertains to the Linux kernel interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, which can lead to a NULL pointer dereference in icc_link_nodes() at runtime when a destination interconnect pointer is invalid. The conseq...
CVE-2026-43366
Summary: CVE-2026-43366 affects the Linux kernel’s io_uring/kbuf recycling path. A gap existed between when a buffer was grabbed and when it could be recycled; if the target list is empty, it could be upgraded to a ring-provided type without proper validation. The issue arises from missing checks...
CVE-2026-43391
CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...
CVE-2026-43437
CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...
CVE-2026-43462
CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...
CVE-2026-43502
The CVE-2026-43502 vulnerability affects the Linux kernel net/rds zerocopy send path. The root cause is incorrect cleanup logic: zerocopy ownership is determined by op_mmp_znotifier, but purge uses rm->m_rs, risking unqueued messages being cleaned up as if they owned normal payload pages. The ...
CVE-2026-45834
CVE-2026-45834 affects the Linux kernel Bluetooth L2CAP path. A NULL pointer dereference in l2cap_sock_state_change_cb() is fixed by adding the NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(); patch applies to affected kernel versions (e.g., openSUSE/SUSE notes and ...
CVE-2026-45836
The CVE-2026-45836 vulnerability affects the Linux kernel Bluetooth L2CAP code and stems from a missing NULL guard in l2cap_sock_get_sndtimeo_cb(), which can cause a null pointer dereference. The issue is resolved by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_s...
CVE-2026-45920
Technical details (affected products, exact impact, and fixes) for CVE-2026-45920 are not provided in the supplied documents. Monitor official advisories for updates and remediation guidance.
CVE-2026-45932
CVE-2026-45932 – Linux kernel (bpf: Fix tcx/netkit detach permissions when prog fd isn’t given) The issue allows BPF_PROG_DETACH on tcx or netkit devices to be executed by any user when no program FD is provided, bypassing permission checks. A fix was added to require CAP_NET_ADMIN or CAP_SYS_ADM...
CVE-2026-45933
CVE-2026-45933 affects the Linux kernel BPF verifier. The root cause is that sync_linked_regs() failed to preserve the register ID during bounds propagation, so when known_reg bounds were propagated to reg, reg retained an old/new id mismatch. This can cause incorrect bound propagation across lin...
CVE-2026-45938
CVE-2026-45938 pertains to the Linux kernel pm8916_lbc power supply module. The issue is a use-after-free caused by a race between IRQ handling and power_supply handle lifetime: if IRQs are requested before the power_supply handle is registered, an interrupt can occur after the handle is freed bu...
CVE-2026-45998
CVE-2026-45998 affects the Linux kernel RxRPC stack. The vulnerability arises when skb_unshare() fails to unshare a packet during rxrpc_input_packet(); the parent’s skb pointer can be NULL, risking a kernel oops in trace_rxrpc_rx_done(). The fix moves the unsharing logic down to rxrpc_input_call_...
CVE-2026-46078
Summary: CVE-2026-46078 affects the Linux kernel EROFS filesystem, where trailing dirents can trigger an out-of-bounds read due to incorrect nameoff handling. The root cause is that namelen calculations for trailing dirents use strnlen with unchecked nameoffs, allowing underflow when nameoff >...
CVE-2026-46088
CVE-2026-46088 affects the Linux kernel (ALSA subsystem). The vulnerability arises in snd_ctl_elem_init_enum_names() where a loop advances through a names buffer using buf_len, and may call fortified strnlen(p, 0) when buf_len reaches zero but items remain. Public documents indicate the fix added...
CVE-2026-46122
Summary : CVE-2026-46122 concerns the Linux kernel wifi driver (b43) where firmware-provided key indices can exceed the bounds of dev->key[] (58 entries) in b43_rx(), allowing an out-of-bounds read. The fix makes the B43_WARN_ON check enforcing and drops the frame when an invalid key index is ...
CVE-2026-46123
Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...
CVE-2026-46197
The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...
CVE-2026-46198
The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...
CVE-2026-46221
CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...
CVE-2026-46308
CVE-2026-46308 affects the Linux kernel: a use-after-free in mediatek’s pmdomain code, within scpsys_get_bus_protection_legacy(). The bug stems from of_find_node_with_property() returning a device node with an incremented refcount, followed by of_node_put(node) before validating the result of sys...
CVE-2026-52910
The CVE-2026-52910 issue is in the Linux kernel where a cBPF reuseport program may be freed immediately when detached from a reuseport group, without waiting for an RCU grace period. This can lead to a use-after-free and potential memory corruption when a concurrent UDP send crosses the fast path...
CVE-2026-53228
The CVE-2026-53228 entry documents a vulnerability in the Linux kernel SIT IPv6 tunnel driver. When GSO offloads are used, the code may keep a stale pointer to the inner IPv6 header after skb header unclone and potential headroom reallocation, leading to reads from freed memory. A fix reloads the...
CVE-2022-50246
CVE-2022-50246 involves a refcount leak in the Linux kernel’s usb: typec: tcpci subsystem. The vulnerability stems from tcpci_register_port()’s use of the fwnode-derived node in tcpci_parse_config(), where the node’s refcount is increased by device_get_named_child_node() but not balanced in all e...
CVE-2022-50407
The CVE-2022-50407 entry concerns the Linux kernel crypto: hisilicon/qm component, where the code path allocates a small local buffer for a QoS value and uses sscanf without validating destination length, enabling a stack overflow. Public documents in connected sources confirm the issue and descr...
CVE-2022-50408
The CVE-2022-50408 entry concerns a use-after-free in brcmfmac within the Linux kernel when handling wifi transmission in brcmf_netdev_start_xmit(). The vulnerability can allow a schedule race between brcmf_proto_tx_queue_data and updating skb stats, leading to a use-after-free observed by KASAN....
CVE-2022-50412
CVE-2022-50412 affects the Linux kernel code paths for drm: bridge: adv7511 and CEC i2c device unregistration. The issue arises when cec_unregister_adapter() calls adapter ops that may become invalid during unregistration, which can invalidate the CEC address and trigger a kernel oops (example tr...
CVE-2022-50415
CVE-2022-50415 affects the Linux kernel on the parisc architecture, where start_task() calls create_singlethread_workqueue() without validating its return value. If the call returns NULL, a null pointer dereference can occur later in queue_delayed_work/on and __queue_work, accessing wq->flags....
CVE-2022-50417
The CVE-2022-50417 issue affects the Linux kernel (drm/panfrost) where panfrost_gem_create_with_handle() could return a BO whose only reference came from the handle, enabling a potential use-after-free if the handle was released by user space. Additionally, if panfrost_gem_mapping_get() in panfro...
CVE-2022-50419
CVE-2022-50419 concerns the Linux kernel Bluetooth subsystem, specifically the hci_sysfs path. The public description states that the issue arises from attempting to call device_add multiple times for a single device structure, violating documented expectations that device_add() (and device_regis...
CVE-2023-53150
CVE-2023-53150 is a Linux kernel issue reported as resolved, affecting the kernel’s SCSI qla2xxx path. The vulnerability arises when a NULL pointer rport may be dereferenced in fc_bsg_to_rport(); the fix adds a validation step to ensure rport is non-NULL before dereferencing. EulerOS security adv...
CVE-2023-53152
CVE-2023-53152 concerns the Linux kernel AMDGPU driver. The issue arises during removal of the amdgpu driver where BOs allocated for PSP are not freed, triggering a calltrace warning in amddrm_buddy_fini and related shutdown paths (amdgpu_exit, amdgpu_driver_release_kms). The provided trace shows...
CVE-2023-53179
The CVE-2023-53179 entry concerns the Linux kernel netfilter ipset component. Issue: the missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet.c caused an incorrect CIDR_POS(c) calculation, risking slab-out-of-bounds access due to integer underflow. Root cause: absence of IP_SET_HASH_WITH...
CVE-2023-53185
CVE-2023-53185 exists in the Linux kernel: wifi/ath9k allows overwriting ENDPOINT0 attributes, enabling a bad USB device to craft a service-connection response where the target is ENDPOINT0 (reserved for HTC_CTRL_RSVD_SVC). The vulnerability is fixed in the kernel by rejecting such responses; imp...
CVE-2023-53195
CVE-2023-53195 affects the Linux kernel mlxsw minimal subsystem. The vulnerability stems from a memory leak in mlxsw_m_linecards_init(), where the line cards array was not freed in the error path. The patch fixes this by freeing the array in the error path, making it equivalent to mlxsw_m_linecar...
CVE-2023-53319
CVE-2023-53319 (Linux kernel, KVM arm64) : The issue arises from a race between finalize_pkvm() and kvm_arm_init() initcalls, where finalize_pkvm() proceeds even if kvm_arm_init() fails, causing warnings and a potential HYP panic. The connected Astra/SUSE OSV entries confirm this vulnerability in...
CVE-2023-53399
CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...