Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/03/18 10:5 a.m.32 views

CVE-2026-23245

CVE-2026-23245 (Linux kernel, net/sched) is resolved. The vulnerability allowed replacing a gate action’s parameters while the hrtimer callback or a dump path walked the schedule list. The fix converts gate parameter updates from plain pointers to an RCU-protected snapshot , swapping updates unde...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.32 views

CVE-2026-23456

In the Linux kernel, CVE-2026-23456 concerns nf_conntrack_h323: decode_int() in CONS reads the length with get_bits() and then calls get_uint() without ensuring enough bytes remain, causing a 1–4 byte slab-out-of-bounds read. A boundary check for len after get_bits() and before get_uint() has bee...

8.2CVSS5.7AI score0.00452EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.31 views

CVE-2023-53185

CVE-2023-53185 exists in the Linux kernel: wifi/ath9k allows overwriting ENDPOINT0 attributes, enabling a bad USB device to craft a service-connection response where the target is ENDPOINT0 (reserved for HTC_CTRL_RSVD_SVC). The vulnerability is fixed in the kernel by rejecting such responses; imp...

5.5CVSS6AI score0.00149EPSS
CVE
CVE
added 2025/09/15 2:6 p.m.31 views

CVE-2023-53195

CVE-2023-53195 affects the Linux kernel mlxsw minimal subsystem. The vulnerability stems from a memory leak in mlxsw_m_linecards_init(), where the line cards array was not freed in the error path. The patch fixes this by freeing the array in the error path, making it equivalent to mlxsw_m_linecar...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/09/16 8:11 a.m.31 views

CVE-2023-53285

CVE-2023-53285 : in the Linux kernel ext4, a bounds-check fix was added in get_max_inline_xattr_value_size() to prevent reading beyond allocated memory if the inode table is corrupted by block-device writes while mounted. This resolves a potential memory read issue in inline xattrs. Impact: HIGH ...

7.8CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.31 views

CVE-2023-53319

CVE-2023-53319 (Linux kernel, KVM arm64) : The issue arises from a race between finalize_pkvm() and kvm_arm_init() initcalls, where finalize_pkvm() proceeds even if kvm_arm_init() fails, causing warnings and a potential HYP panic. The connected Astra/SUSE OSV entries confirm this vulnerability in...

5.5CVSS6.1AI score0.00128EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.31 views

CVE-2023-53399

CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...

5.5CVSS6.2AI score0.00135EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.31 views

CVE-2023-53400

CVE-2023-53400 : In the Linux kernel, ALSA: hda: Fix Oops by 9.1 surround channel names. The root cause is get_line_out_pfx() overflowing a static array when more than 8 channels are present (reported on MacBookPro 12,1 with Cirrus codec). The fix extends the code paths to accommodate 9.1 channel...

5.5CVSS6.3AI score0.00136EPSS
CVE
CVE
added 2025/09/18 1:58 p.m.31 views

CVE-2023-53417

CVE-2023-53417 affects the Linux kernel USB sl811 path. The issue is a memory leak that occurs when debugfs_lookup() is used without releasing the result with dput(). The published fix replaces this flow with debugfs_lookup_and_remove(), which handles the required cleanup in one step. The connect...

5.5CVSS6.2AI score0.00136EPSS
CVE
CVE
added 2025/09/18 4:4 p.m.31 views

CVE-2023-53425

CVE-2023-53425 affects the Linux kernel’s Mediatek VPU driver (media: platform: mediatek: vpu). The issue is a NULL pointer dereference when pdev is NULL, which could occur during vpu firmware loading in mtk_vpu.c (vpu_load_firmware). The vulnerability is mitigated by a fix that prevents derefere...

5.5CVSS6.2AI score0.00136EPSS
CVE
CVE
added 2025/09/18 4:4 p.m.31 views

CVE-2023-53429

CVE-2023-53429 is a Linux kernel vulnerability in the Btrfs extent I/O path: __extent_writepage incorrectly leveraged PageError. The patch removes PageError checks and uses the local return code to propagate submission errors, preventing leakage of error state. Publicly tracked fixes exist in OSV...

5.5CVSS6AI score0.00119EPSS
CVE
CVE
added 2025/09/18 4:4 p.m.31 views

CVE-2023-53435

CVE-2023-53435 affects the Linux kernel, addressing a memory leak in the error handling path of cas_init_one(). The vuln is tied to cas_saturn_firmware_init(), which allocates memory with vmalloc() that is freed in the .remove() path but not in error handling. The patch adds a missing vfree() to ...

5.5CVSS6AI score0.00136EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.31 views

CVE-2025-38447

CVE-2025-38447: Linux kernel mm/rmap batched unmap could read past PTE table end. Root cause: batched unmap in try_to_unmap_one() could read beyond PTE table when a folio’s mappings span >1 page. Fix: refactor into folio_unmap_pte_batch(), compute a safe batch size capped by VMA and PMD bounda...

7.1CVSS6AI score0.00156EPSS
CVE
CVE
added 2025/08/16 10:55 a.m.31 views

CVE-2025-38518

CVE-2025-38518 concerns the Linux kernel: on Zen2-class AMD CPUs, the INVLPGB flag is disabled in the kernel to prevent system oopses/panics during TLB flush. The root cause is a misreported CPUID INVLPGB bit by AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h). The mitigation across connec...

5.5CVSS6.6AI score0.00119EPSS
CVE
CVE
added 2025/08/16 11:34 a.m.31 views

CVE-2025-38547

CVE-2025-38547 affects the Linux kernel IIO ADC driver for the AXP20x family (AXP717). The issue is a missing sentinel entry in the AXP717 ADC channel maps, which leads to a KASAN warning. The described remediation is to add the missing sentinel entry to the channel maps. The provided material do...

5.5CVSS6.5AI score0.00135EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.31 views

CVE-2025-38636

CVE-2025-38636 : Linux kernel vulnerability in DA monitor tracepoints where tracing printed strings could read 32 bytes from a literal __array instead of __string, causing a global-out-of-bounds access to automaton_snep (harmless during print, but unsafe). The fix replaces reading 32 bytes with _...

7.1CVSS6.5AI score0.00139EPSS
CVE
CVE
added 2025/08/22 4:3 p.m.31 views

CVE-2025-38673

CVE-2025-38673 impacts the Linux kernel. The issue arises from the stability of the dma_buf field in struct drm_gem_object across a GEM object’s lifetime, which can become NULL after the final GEM handle is released, leading to a NULL-pointer dereference. Public documents indicate that prior work...

5.5CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.31 views

CVE-2025-38687

CVE-2025-38687 involves a race in the Linux kernel’s comedi subsystem where detaching a device can free the wait_queue_head before active poll entries are finished, causing a use-after-free. The fix adds synchronization in COMEDI_DEVCONFIG by unblocking in the detach path and applying a write loc...

4.7CVSS5.8AI score0.0011EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.31 views

CVE-2025-38709

CVE-2025-38709 affects the Linux kernel loop device where changing the loop block size while a filesystem is mounted can cause a block-size mismatch between the loop device and the superblock, triggering warnings such as in __getblk_slow(). The issue is remedied by obtaining an exclusive hold on ...

5.5CVSS5.8AI score0.00136EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.31 views

CVE-2025-38713

CVE-2025-38713 concerns a slab-out-of-bounds read in the Linux kernel’s hfsplus handling. The issue occurs in hfsplus_uni2asc(), which can be triggered via hfsplus_readdir() and may crash the kernel (KASAN slab-out-of-bounds). The connected documents confirm a fix in the kernel source to address ...

7.1CVSS5.8AI score0.00152EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.31 views

CVE-2025-38714

CVE-2025-38714 affects the Linux kernel’s HFS+ subsystem. The issue is a slab-out-of-bounds in hfsplus_bnode_read(), leading to potential memory corruption during operations that touch HFS+ bnodes. The connected advisories indicate a fix has been applied in upstream kernel code (hfsplus_bnode_rea...

7.1CVSS5.8AI score0.00151EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.31 views

CVE-2025-38737

CVE-2025-38737 affects the Linux kernel CIFS implementation. The issue is an oops caused by an uninitialised variable in smb3_init_transform_rq(), where the buffer used by netfs_alloc_folioq_buffer() could be read/modified unexpectedly. The fix initializes the buffer to NULL before calling netfs_...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.31 views

CVE-2025-39687

CVE-2025-39687 affects the Linux kernel subsystem for the iio: light driver, specifically the as73211 component. The root cause described is that buffer holes were not zeroed when the buffer was copied into a kfifo that user space can read. The documented remediation in the initial description is...

7.1CVSS6AI score0.00162EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.31 views

CVE-2025-39703

CVE-2025-39703 affects the Linux kernel net/hsr path. When an HSR frame arrives with insufficient space for the HSR tag, the skb cannot accommodate headers, leading to a panicked skb_push() in br_dev_queue_push_xmit() and a kernel crash. The issue stems from corrupted HSR frames being processed b...

5.5CVSS5.6AI score0.00148EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.31 views

CVE-2025-39707

Technical details for CVE-2025-39707 (affected component, root cause, impact, or fix) are not publicly provided in the connected documents. Monitor for updates from vendor advisories and security feeds.

5.5CVSS6AI score0.00134EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.31 views

CVE-2025-39711

CVE-2025-39711 affects the Linux kernel, specifically the media/ivsc code (ACE/CSI drivers). The vulnerability arises from missing mei_cldev_disable() calls in the remove() paths, causing mei_cl client objects to remain on mei_device->file_list after memory is freed by mei_cl_bus_dev_release()...

7.8CVSS5.7AI score0.00138EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.31 views

CVE-2025-39807

CVE-2025-39807 : Open kernel vulnerability in Linux kernel's DRM/Mediatek path, where after a hotplug event the cursor update could dereference NULL old_state->crtc, causing a kernel panic. The connected security sources confirm the fix adds NULL pointer checks to ensure stability by preventin...

5.5CVSS6AI score0.00145EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.31 views

CVE-2025-39816

CVE-2025-39816 pertains to the Linux kernel’s io_uring/kbuf path. The issue stems from reading ring-provided buffer lengths without a stable read, risking changes between checks and commits since buffers come from userspace. The fix mandates using READ_ONCE() when reading these lengths and tighte...

5.5CVSS6AI score0.00135EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.31 views

CVE-2025-39831

The CVE-2025-39831 entry describes a Linux kernel issue in the fbnic driver where phylink resume was invoked under an RTNL locking condition during PM resume, causing a locking assertion in phylink.c and a kernel warning. The root cause is moving phylink resume out of the service_task and into op...

5.5CVSS6.2AI score0.00134EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.31 views

CVE-2025-39836

CVE-2025-39836 is a Linux kernel issue described as resolved: the EFI stmm path allocated a communication buffer with kmalloc(), while the consumer expects contiguous pages, risking corruptions/BUGs. The fix switches from kmalloc() to alloc_pages_exact() in setup_mm_hdr() so buffers passed to tee...

7.8CVSS6.3AI score0.00142EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.31 views

CVE-2025-39845

CVE-2025-39845 : In the Linux kernel, the patch defines ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page-table synchronization when calling p*d_populate_kernel(). For 5-level paging, synchronization uses pgd_populate_kernel(); for 4-level paging, pgd_populate() is a no-op ...

5.5CVSS6AI score0.00137EPSS
CVE
CVE
added 2025/10/01 7:44 a.m.31 views

CVE-2025-39911

CVE-2025-39911 : Linux kernel i40e driver fix for IRQ freeing in i40e_vsi_request_irq_msix error path. If request_irq() fails after the first iteration, the error path frees IRQs with the wrong dev_id, causing IRQs to remain freed incorrectly and triggering a WARNING: “Trying to free already-free...

7.8CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2025/12/24 12:9 p.m.31 views

CVE-2025-68749

CVE-2025-68749 (Linux kernel) relates to a race in the ivpu accelerator driver when unbinding BOs. The fix adds bo_list_lock protection around the unmapping sequence, ensuring a BO is fully unmapped either during context teardown or when still on the BOs list. This prevents the Memory manager war...

4.7CVSS6AI score0.00086EPSS
CVE
CVE
added 2026/01/13 3:31 p.m.31 views

CVE-2025-71075

CVE-2025-71075 is fixed in the Linux kernel SCSI AIC94XX driver. The root cause was a race condition during device removal where asd_pci_remove() could free the asd_ha structure while pending tasklets still existed, enabling a use-after-free vulnerability. The patch synchronizes with pending work...

7.8CVSS6.2AI score0.00126EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.31 views

CVE-2025-71091

The CVE-2025-71091 issue is in the Linux kernel: when a port is disabled but queue priority changes are processed, team_queue_override_port_prio_changed() could run a del on an already-removed list node, triggering a kernel bug. The fix adds an early return when the port is not enabled to avoid t...

7.8CVSS6.1AI score0.0012EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.31 views

CVE-2026-23123

The CVE-2026-23123 issue affects the Linux kernel (interconnect: debugfs) where the src_node and dst_node pointers could be read or written unsafely due to not being initialized. The fix initializes src_node and dst_node to empty strings before creating debugfs entries to ensure reads/writes are ...

5.5CVSS5.2AI score0.00119EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.31 views

CVE-2026-23163

The CVE-2026-23163 issue is a Linux kernel vulnerability in the amdgpu driver where APUs (Raven/Renoir) with noretry path could trigger a NULL pointer dereference in amdgpu_gmc_filter_faults_remove using uninitialized ih1 ring data. The root cause was ih1/ih2 not being initialized on APUs (second...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.31 views

CVE-2026-23171

CVE-2026-23171 is a Linux kernel bonding driver use-after-free bug. It occurs when an enslave failure happens after a new slave is added to the bond’s slave array, risking use-after-free because the new slave could be used before cleanup frees it. The fixed sequence moves the slave-array update t...

7.8CVSS5.2AI score0.00117EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.31 views

CVE-2026-23205

The CVE-2026-23205 entry describes a memory leak in the Linux kernel SMB/CIFS client (smb2_open_file()). The provided reproducer shows a scenario with a read-only CIFS export, client mount, and module removal that triggers a leak during cleanup of SMB request buffers, leading to a kmem_cache leak...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/03/20 8:8 a.m.31 views

CVE-2026-23273

The CVE refers to a Linux kernel macvlan race: macvlan_common_newlink() can reveal a device before error handling under an RCU grace period, leading to a use-after-free as shown by a KASAN report. Connected OSV entries confirm patches in Rootio-Linux for Root:Debian/Ubuntu variants (Root-OS-DEBIA...

7.8CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.31 views

CVE-2026-23468

CVE-2026-23468 affects the Linux kernel’s DRM/amdgpu BO list handling. The issue was an attacker-controlled bo_number could trigger excessive memory allocation and slow list processing; the fix introduces a hard limit of 128k entries per BO list and returns -EINVAL when exceeded. Connected adviso...

5.5CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.31 views

CVE-2026-31591

The CVE-2026-31591 entry details a Linux kernel KVM SNP/VMSA issue where vCPU state synchronization and encryption during SNP launch could be interfered with by userspace, risking vCPU state corruption or host kernel crashes. The root cause is insufficient locking around vcpu->mutex during VMS...

5.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.31 views

CVE-2026-31681

CVE-2026-31681 affects the Linux kernel netfilter xt_multiport component. The issue is in ports_match_v1() where a non-zero pflags entry is treated as a range start, causing the end of the range to be consumed incorrectly and potentially reading past the last ports[] element when a malformed rule...

5.5CVSS5.4AI score0.00115EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.31 views

CVE-2026-31682

CVE-2026-31682 affects the Linux kernel bridge implementation, where br_nd_send may parse non-linear ND options from ns->opt[]. The root cause is failure to linearize the skb before ND option parsing, risking reads past the buffer and potential memory exposure or crash. The fix is to linearize...

9.1CVSS5.3AI score0.00422EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.31 views

CVE-2026-43019

The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/05 3:29 p.m.31 views

CVE-2026-43071

CVE-2026-43071 affects the Linux kernel dcache component, specifically an OOB read in dentry_hashtable when dhash_entries is set to 1. The root cause is incorrect d_hash_shift calculation, causing an access to unallocated memory and potential kernel panic/DoS. The issue is mitigated by patching t...

9.1CVSS5.8AI score0.0039EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.31 views

CVE-2026-43091

The CVE-2026-43091 vulnerability affects the Linux kernel xfrm policy handling during netns exit. The root cause is that xfrm_policy_fini() frees the policy_bydst hash tables after flushing work items and deleting policies, but does not wait for concurrent RCU readers to exit read-side critical s...

7.8CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.31 views

CVE-2026-43113

In the Linux kernel, CVE-2026-43113 affects the wl1251 Wi‑Fi driver. The function wl1251_tx_packet_cb() uses the firmware completion ID (a raw u8) to index a fixed 16-entry wl->tx_frames[] array without validating that the ID fits. The callback can dereference out-of-range IDs. The fix rejects...

8.8CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.31 views

CVE-2026-43249

The CVE-2026-43249 entry describes a race in the Linux kernel 9p/xen frontend: xenwatch and backend change notifications can concurrently call xen_9pfs_front_free, causing a double-free and a general protection fault. The fixes guard the teardown path so only a single caller releases the front-en...

8.8CVSS5.8AI score0.00241EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.31 views

CVE-2026-43339

CVE-2026-43339 affects the Linux kernel. The issue is a use-after-free scenario in the IPv6 address configuration path: within addrconf_permanent_addr(), a warning message could be produced after the ipv6 object could be deleted, leading to UaF when accessed. The fix reorders the statement to avo...

7.8CVSS5.8AI score0.00121EPSS
Total number of security vulnerabilities14330