Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/02/18 2:53 p.m.32 views

CVE-2026-23224

CVE-2026-23224 relates to the Linux kernel EROFS UAF race on file-backed mounts with the directio option. The issue arises in a race between z_erofs_read_folio, erofs_fileio_submit_bio, and related IO workqueue paths, where a dio ki_complete path frees an iocb/rq while access to the underlying fi...

7.8CVSS5.2AI score0.00124EPSS
CVE
CVE
added 2026/03/04 2:36 p.m.32 views

CVE-2026-23235

CVE-2026-23235 (Linux kernel, f2fs) is a local, in-kernel vulnerability where certain f2fs sysfs attributes permit out-of-bounds memory access and misinterpretation of integer sizes. The root causes are: __sbi_store() and f2fs_sbi_show() incorrectly treat all default values as unsigned int, causi...

7.1CVSS5.8AI score0.00156EPSS
Web
CVE
CVE
added 2026/03/18 5:54 p.m.32 views

CVE-2026-23269

CVE-2026-23269 is an AppArmor/Linux kernel vulnerability where untrusted data is used as DFA start-state indices during unpack_pdb, enabling an out-of-bounds read in aa_dfa_next (via dfa->tables[YYTD_ID_BASE][start]). The issue is tied to the AppArmor LSM component and the root cause is readin...

7.1CVSS5.7AI score0.00131EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.32 views

CVE-2026-23346

CVE-2026-23346 affects the Linux kernel (arm64) in the ioremap_prot pathway. The root cause is that ioremap_prot() may extract non-address bits from a user mapping’s pgprot_t (including permissions) and generate a new user mapping, which can be accessed by the kernel when PAN is enabled. This can...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/03/28 7:16 a.m.32 views

CVE-2026-23399

CVE-2026-23399 concerns the Linux kernel nf_tables code: when cloning the second stateful expression in a dynset element, the first expression could remain unfreed on error, causing a stateful memleak in error paths. The provided CVE description confirms a resolution in the kernel, with backtrace...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.32 views

CVE-2026-23452

CVE-2026-23452 refers to a race condition in the Linux kernel PM: runtime code during device removal. The root cause described is the potential dereference of the parent device pointer (parent->power) after the parent is freed within pm_runtime_work(), which could lead to a use-after-free scen...

4.7CVSS5.8AI score0.00087EPSS
CVE
CVE
added 2026/04/06 7:38 a.m.32 views

CVE-2026-31408

CVE-2026-31408 is a Linux kernel Bluetooth SCO use-after-free in sco_recv_frame(), where conn->sk is accessed after releasing sco_conn_lock() without holding a reference. The fix uses sco_sock_hold() to take a reference before unlocking and adds sock_put() on exit paths. Connected advisories s...

8.8CVSS5.7AI score0.003EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.32 views

CVE-2026-31659

The CVE-2026-31659 issue affects the batman-adv component in the Linux kernel. batadv_tt_prepare_tvlv_global_data() computes a 16‑bit allocation length for a global TT response; if a remote originator advertises a large TT, the TT payload length plus VLAN offset can exceed 65,535 and wrap before ...

9.8CVSS5.5AI score0.00399EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.32 views

CVE-2026-31702

Summary of CVE-2026-31702 details from connected docs: The vulnerability is in the Linux kernel’s f2fs compression path. In f2fs_compress_write_end_io(), dec_page_count(sbi, type) could decrement the F2FS_WB_CP_DATA counter to zero while a concurrent unmount is unrolling, leading to a use-after-f...

7.8CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.32 views

CVE-2026-43105

The CVE-2026-43105 issue affects the Linux kernel’s DRM VC4 driver. The root cause is a memory leak where the hang state’s BO array is allocated with kzalloc() in vc4_save_hang_state() but is not freed in vc4_free_hang_state(), leaving memory allocated when the hang state is freed. A kfree() for ...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.32 views

CVE-2026-43110

CVE-2026-43110 concerns the Linux kernel brcmfmac Wi‑Fi driver. The issue arises when processing firmware interface (IF) events: the code validates the firmware-provided interface index but still uses the raw bsscfgidx as an array index without a matching range check, enabling out-of-bounds acces...

8.8CVSS5.8AI score0.00244EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.32 views

CVE-2026-43215

The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...

8.8CVSS5.8AI score0.00298EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.32 views

CVE-2026-43265

CVE-2026-43265 affects the Linux kernel KVM for x86. The vulnerability arises when a vCPU is put into a blocking state with an already-injected event or nested run, allowing a user or guest to manipulate vCPU state and trigger a spurious userspace exit (often KVM_EXIT_UNKNOWN) that could crash th...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.32 views

CVE-2026-43335

CVE-2026-43335 pertains to the Linux kernel interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, which can lead to a NULL pointer dereference in icc_link_nodes() at runtime when a destination interconnect pointer is invalid. The conseq...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.32 views

CVE-2026-43366

Summary: CVE-2026-43366 affects the Linux kernel’s io_uring/kbuf recycling path. A gap existed between when a buffer was grabbed and when it could be recycled; if the target list is empty, it could be upgraded to a ring-provided type without proper validation. The issue arises from missing checks...

7.8CVSS5.9AI score0.0013EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.32 views

CVE-2026-43391

CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...

8.8CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.32 views

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.32 views

CVE-2026-43462

CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...

7.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2026/05/21 12:17 p.m.32 views

CVE-2026-43502

The CVE-2026-43502 vulnerability affects the Linux kernel net/rds zerocopy send path. The root cause is incorrect cleanup logic: zerocopy ownership is determined by op_mmp_znotifier, but purge uses rm->m_rs, risking unqueued messages being cleaned up as if they owned normal payload pages. The ...

7.8CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/05/26 4:14 p.m.32 views

CVE-2026-45834

CVE-2026-45834 affects the Linux kernel Bluetooth L2CAP path. A NULL pointer dereference in l2cap_sock_state_change_cb() is fixed by adding the NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(); patch applies to affected kernel versions (e.g., openSUSE/SUSE notes and ...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/26 4:14 p.m.32 views

CVE-2026-45836

The CVE-2026-45836 vulnerability affects the Linux kernel Bluetooth L2CAP code and stems from a missing NULL guard in l2cap_sock_get_sndtimeo_cb(), which can cause a null pointer dereference. The issue is resolved by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_s...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.32 views

CVE-2026-45920

Technical details (affected products, exact impact, and fixes) for CVE-2026-45920 are not provided in the supplied documents. Monitor official advisories for updates and remediation guidance.

7.8CVSS5.7AI score0.00146EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.32 views

CVE-2026-45932

CVE-2026-45932 – Linux kernel (bpf: Fix tcx/netkit detach permissions when prog fd isn’t given) The issue allows BPF_PROG_DETACH on tcx or netkit devices to be executed by any user when no program FD is provided, bypassing permission checks. A fix was added to require CAP_NET_ADMIN or CAP_SYS_ADM...

7.3CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.32 views

CVE-2026-45933

CVE-2026-45933 affects the Linux kernel BPF verifier. The root cause is that sync_linked_regs() failed to preserve the register ID during bounds propagation, so when known_reg bounds were propagated to reg, reg retained an old/new id mismatch. This can cause incorrect bound propagation across lin...

7.8CVSS5.8AI score0.00172EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.32 views

CVE-2026-45938

CVE-2026-45938 pertains to the Linux kernel pm8916_lbc power supply module. The issue is a use-after-free caused by a race between IRQ handling and power_supply handle lifetime: if IRQs are requested before the power_supply handle is registered, an interrupt can occur after the handle is freed bu...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.32 views

CVE-2026-45998

CVE-2026-45998 affects the Linux kernel RxRPC stack. The vulnerability arises when skb_unshare() fails to unshare a packet during rxrpc_input_packet(); the parent’s skb pointer can be NULL, risking a kernel oops in trace_rxrpc_rx_done(). The fix moves the unsharing logic down to rxrpc_input_call_...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.32 views

CVE-2026-46078

Summary: CVE-2026-46078 affects the Linux kernel EROFS filesystem, where trailing dirents can trigger an out-of-bounds read due to incorrect nameoff handling. The root cause is that namelen calculations for trailing dirents use strnlen with unchecked nameoffs, allowing underflow when nameoff >...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.32 views

CVE-2026-46088

CVE-2026-46088 affects the Linux kernel (ALSA subsystem). The vulnerability arises in snd_ctl_elem_init_enum_names() where a loop advances through a names buffer using buf_len, and may call fortified strnlen(p, 0) when buf_len reaches zero but items remain. Public documents indicate the fix added...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46122

Summary : CVE-2026-46122 concerns the Linux kernel wifi driver (b43) where firmware-provided key indices can exceed the bounds of dev->key[] (58 entries) in b43_rx(), allowing an out-of-bounds read. The fix makes the B43_WARN_ON check enforcing and drops the frame when an invalid key index is ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

7.7CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

7.8CVSS5.9AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

8.8CVSS5.8AI score0.00281EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.32 views

CVE-2026-46308

CVE-2026-46308 affects the Linux kernel: a use-after-free in mediatek’s pmdomain code, within scpsys_get_bus_protection_legacy(). The bug stems from of_find_node_with_property() returning a device node with an incremented refcount, followed by of_node_put(node) before validating the result of sys...

7.8CVSS5.4AI score0.00115EPSS
CVE
CVE
added 2026/06/19 2:43 p.m.32 views

CVE-2026-52910

The CVE-2026-52910 issue is in the Linux kernel where a cBPF reuseport program may be freed immediately when detached from a reuseport group, without waiting for an RCU grace period. This can lead to a use-after-free and potential memory corruption when a concurrent UDP send crosses the fast path...

7.8CVSS5.7AI score0.00104EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53228

The CVE-2026-53228 entry documents a vulnerability in the Linux kernel SIT IPv6 tunnel driver. When GSO offloads are used, the code may keep a stale pointer to the inner IPv6 header after skb header unclone and potential headroom reallocation, leading to reads from freed memory. A fix reloads the...

9.8CVSS5.7AI score0.00559EPSS
CVE
CVE
added 2025/09/15 2:2 p.m.31 views

CVE-2022-50246

CVE-2022-50246 involves a refcount leak in the Linux kernel’s usb: typec: tcpci subsystem. The vulnerability stems from tcpci_register_port()’s use of the fwnode-derived node in tcpci_parse_config(), where the node’s refcount is increased by device_get_named_child_node() but not balanced in all e...

5.5CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2025/09/18 4:3 p.m.31 views

CVE-2022-50407

The CVE-2022-50407 entry concerns the Linux kernel crypto: hisilicon/qm component, where the code path allocates a small local buffer for a QoS value and uses sscanf without validating destination length, enabling a stack overflow. Public documents in connected sources confirm the issue and descr...

5.5CVSS6.4AI score0.0016EPSS
CVE
CVE
added 2025/09/18 4:3 p.m.31 views

CVE-2022-50408

The CVE-2022-50408 entry concerns a use-after-free in brcmfmac within the Linux kernel when handling wifi transmission in brcmf_netdev_start_xmit(). The vulnerability can allow a schedule race between brcmf_proto_tx_queue_data and updating skb stats, leading to a use-after-free observed by KASAN....

7.8CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2025/09/18 4:3 p.m.31 views

CVE-2022-50412

CVE-2022-50412 affects the Linux kernel code paths for drm: bridge: adv7511 and CEC i2c device unregistration. The issue arises when cec_unregister_adapter() calls adapter ops that may become invalid during unregistration, which can invalidate the CEC address and trigger a kernel oops (example tr...

7.8CVSS6.1AI score0.00161EPSS
CVE
CVE
added 2025/09/18 4:3 p.m.31 views

CVE-2022-50415

CVE-2022-50415 affects the Linux kernel on the parisc architecture, where start_task() calls create_singlethread_workqueue() without validating its return value. If the call returns NULL, a null pointer dereference can occur later in queue_delayed_work/on and __queue_work, accessing wq->flags....

5.5CVSS6.1AI score0.00152EPSS
CVE
CVE
added 2025/09/18 4:4 p.m.31 views

CVE-2022-50417

The CVE-2022-50417 issue affects the Linux kernel (drm/panfrost) where panfrost_gem_create_with_handle() could return a BO whose only reference came from the handle, enabling a potential use-after-free if the handle was released by user space. Additionally, if panfrost_gem_mapping_get() in panfro...

7.8CVSS5.8AI score0.00149EPSS
CVE
CVE
added 2025/09/18 4:4 p.m.31 views

CVE-2022-50419

CVE-2022-50419 concerns the Linux kernel Bluetooth subsystem, specifically the hci_sysfs path. The public description states that the issue arises from attempting to call device_add multiple times for a single device structure, violating documented expectations that device_add() (and device_regis...

7.8CVSS6.1AI score0.00156EPSS
CVE
CVE
added 2025/09/15 2:3 p.m.31 views

CVE-2023-53150

CVE-2023-53150 is a Linux kernel issue reported as resolved, affecting the kernel’s SCSI qla2xxx path. The vulnerability arises when a NULL pointer rport may be dereferenced in fc_bsg_to_rport(); the fix adds a validation step to ensure rport is non-NULL before dereferencing. EulerOS security adv...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:3 p.m.31 views

CVE-2023-53152

CVE-2023-53152 concerns the Linux kernel AMDGPU driver. The issue arises during removal of the amdgpu driver where BOs allocated for PSP are not freed, triggering a calltrace warning in amddrm_buddy_fini and related shutdown paths (amdgpu_exit, amdgpu_driver_release_kms). The provided trace shows...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.31 views

CVE-2023-53179

The CVE-2023-53179 entry concerns the Linux kernel netfilter ipset component. Issue: the missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet.c caused an incorrect CIDR_POS(c) calculation, risking slab-out-of-bounds access due to integer underflow. Root cause: absence of IP_SET_HASH_WITH...

7.8CVSS6AI score0.00157EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.31 views

CVE-2023-53185

CVE-2023-53185 exists in the Linux kernel: wifi/ath9k allows overwriting ENDPOINT0 attributes, enabling a bad USB device to craft a service-connection response where the target is ENDPOINT0 (reserved for HTC_CTRL_RSVD_SVC). The vulnerability is fixed in the kernel by rejecting such responses; imp...

5.5CVSS6AI score0.00149EPSS
CVE
CVE
added 2025/09/15 2:6 p.m.31 views

CVE-2023-53195

CVE-2023-53195 affects the Linux kernel mlxsw minimal subsystem. The vulnerability stems from a memory leak in mlxsw_m_linecards_init(), where the line cards array was not freed in the error path. The patch fixes this by freeing the array in the error path, making it equivalent to mlxsw_m_linecar...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.31 views

CVE-2023-53319

CVE-2023-53319 (Linux kernel, KVM arm64) : The issue arises from a race between finalize_pkvm() and kvm_arm_init() initcalls, where finalize_pkvm() proceeds even if kvm_arm_init() fails, causing warnings and a potential HYP panic. The connected Astra/SUSE OSV entries confirm this vulnerability in...

5.5CVSS6.1AI score0.00128EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.31 views

CVE-2023-53399

CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...

5.5CVSS6.2AI score0.00135EPSS
Total number of security vulnerabilities14330