CVE-2025-39750

Technical details for CVE-2025-39750 are not provided in the supplied documents. No affected products, root cause, or fixes are disclosed here. Monitor for updates in forthcoming advisories or vendor bulletins.

CVE-2025-39765

CVE-2025-39765 affects Linux kernel ALSA timer handling. The issue is in snd_utimer_create() where, if kasprintf() returns NULL, snd_utimer_put_id() frees an ID that was never allocated, leading to ida_free() being called on id=0. The root cause is that utimer->id is not guaranteed to be valid...

CVE-2025-39797

CVE-2025-39797 concerns the Linux kernel xfrm duplicate SPI handling. The vulnerability arises when Strongswan triggers an XFRM_NETLINK_ALLOC_SPI request, enabling xfrm_alloc_spi() to return success for an SPI already in use, causing multiple inbound SAs to share the same SPI (distinguished only ...

CVE-2025-39846

CVE-2025-39846 : In the Linux kernel, a NULL pointer dereference could occur in PCMCIΑ code during resource allocation. Specifically, __iodyn_find_io_region() assigns pcmcia_make_resource() to res and uses it in pci_bus_alloc_resource(); if pcmcia_make_resource() fails, a dereference of res could...

CVE-2025-39847

CVE-2025-39847: In the Linux kernel, pad_compress_skb() can leak memory if alloc_skb() fails, as the old skb reference may be freed incorrectly at the caller. The fix aligns pad_compress_skb() semantics with realloc: free the old skb only after successful allocation and compression, and at the ca...

CVE-2025-39862

The CVE-2025-39862 entry pertains to the Linux kernel WiFi driver mt76/mt7915, where list corruption could occur after hardware restart. The identified fix clears all WCID-related lists and resets each wcid entry (wcid->sta = 0) before ieee80211_restart_hw, ensuring stations aren’t re-added pr...

CVE-2025-39877

The CVE-2025-39877 issue is a Linux kernel use-after-free in mm/damon/sysfs: state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock, allowing a UAF when damon_ctx is freed under damon_sysfs_lock. A fix mirrors pid_show() by taking damon_sysfs_lock before dereferencing the conte...

CVE-2025-39888

CVE-2025-39888 concerns a Linux kernel issue in fuse: Block access to folio overlimit. A slab-out-of-bounds write occurred in fuse_dev_do_write when the OOB condition could trigger if bytes to retrieve are truncated to fc->max_pages and an offset is present. The root cause was not fully detail...

CVE-2025-39952

CVE-2025-39952: In the Linux kernel, the wifi wilc1000 driver had a buffer overflow in WID string configuration (wlan_cfg.c:184) due to __memcpy() with 512 vs 65537. The patch adds length checks before memory access, basing limits on the WID data type from firmware (struct wilc_cfg_str_vals/struc...

CVE-2025-39953

CVE-2025-39953 (Linux kernel) : The issue arises in cgroup destruction where root destruction can hang during repeated perf_event/net_prio unmounts with systemd.unified_cgroup_hierarchy=1. Root cause shows root destruction enqueues, while offline work is blocked by the same wq, causing a hang. Th...

CVE-2025-39955

The CVE-2025-39955 entry concerns the Linux kernel TCP Fast Open path. The root cause is that tcp_disconnect() failed to clear tcp_sk(sk)->fastopen_rsk, allowing the retransmit timer to trigger while a TFO socket is being reused, potentially delaying or missing a retransmission. The fix implem...

CVE-2025-39965

CVE-2025-39965 concerns the Linux kernel where xfrm_alloc_spi incorrectly treated 0 as a valid SPI. A state with x->id.spi == 0 was added to the byspi list, and __xfrm_state_delete failed to remove such states, leading to a use-after-free vulnerability on list traversal. The issue is resolved ...

CVE-2025-40082

CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...

CVE-2025-71073

CVE-2025-71073 is addressed in OSV entries showing patches in the Root project: the vulnerability is fixed in the rootio-linux package for Root:Debian:11, Root:Debian:12, Root:Debian:13 and for Root:Ubuntu:22.04 and Root:Ubuntu:24.04, with multiple fixed versions available. The Initial Linux kern...

CVE-2025-71150

CVE-2025-71150 relates to a Linux kernel KSMD (ksmbd) refcount leak: when a session is found during session lookup but SMB2_SESSION_VALID is not set, the reference count for that session is not decremented. The patch fixes this by explicitly calling ksmbd_user_session_put to release the reference...

CVE-2025-71151

CVE-2025-71151 concerns the Linux kernel CIFS SMB3 reconfiguration path. In smb3_reconfigure(), when smb3_sync_session_ctx_passwords() fails, the function returns without freeing and erasing the newly allocated new_password and new_password2, causing a memory leak and potential information leak. ...

CVE-2025-71156

CVE-2025-71156 : In the Linux kernel gve driver, interrupt enabling is deferred until NAPI registration. Currently interrupts may be enabled on request before the NAPI context is ready, causing failures (call trace leading to __napi_poll, net_rx_action, etc.). The workaround/mitigation described ...

CVE-2025-71182

CVE-2025-71182 is a Linux kernel vulnerability in the CAN j1939 subsystem where j1939_session_activate() could succeed after a netdevice unregister, due to race conditions around NETDEV_UNREGISTER handling. The issue is addressed by a kernel patch that ensures ndev->reg_state is checked with t...

CVE-2025-71225

CVE-2025-71225: Linux kernel vulnerability in RAID update path. When updating raid_disks via sysfs, freeze_array may unblock before queued r1bio structures are released, causing free_r1bio() to access memory with the old raid_disks/mempool configuration. This can lead to out-of-bounds access and ...

CVE-2025-71233

CVE-2025-71233 affects the Linux kernel PCI endpoint implementation. The issue arises from asynchronous sub-group creation via delayed work, which could NULL-dereference when the driver directory is removed before the work completes. The documented fix is to replace configfs_register_group() with...

CVE-2026-22979

CVE-2026-22979 is a Linux kernel vulnerability affecting memory accounting for GRO-fragmented SKBs. The issue arose because skb_segment_list() continued to add each fragment’s truesize to delta_truesize while subtracting it from the parent SKB, even though fragments are no longer charged to the s...

CVE-2026-23007

CVE-2026-23007 affects the Linux kernel: the auto-generated integrity buffer for writes could leave the non-PI portion of metadata uninitialized when PI is generated and the metadata size exceeds the PI tuple. This could allow reading uninitialized memory from userspace or via physical access to ...

CVE-2026-23072

CVE-2026-23072: Linux kernel l2tp memleak in l2tp_udp_encap_recv() fixed by adding proper error handling after protocol version validation; the patch ensures l2tp_session_put() is called to avoid leaking objects (l2tp_session, l2tp_tunnel, sock). References indicate the commit addresses a memory‑...

CVE-2026-23109

CVE-2026-23109 affects the Linux kernel writeback subsystem. The vulnerability arises in fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes(), where the system must wait for all pages under writeback for data integrity. Because some mappings (e.g., FUSE) do not enforce data integr...

CVE-2026-23116

CVE-2026-23116 : On i.MX8MQ, the VPUMIX domain’s 8mq VPU block controller had no separate reset and clock enable bits, causing a potential system hang when G1/G2 reset could not be performed independently. The Linux kernel fix removes the separate rst_mask and clk_mask for imx8mq_vpu_blk_ctl_doma...

CVE-2026-23117

The CVE-2026-23117 entry concerns the Linux kernel Intel ice network driver. The issue arises during devlink-reload: ice_devlink_reinit_down() did not call ice_deinit_hw() while ice_devlink_reinit_up() calls ice_init_hw(), causing ice_init_hw() to fail with -EBUSY if control queues remain initial...

CVE-2026-23123

The CVE-2026-23123 issue affects the Linux kernel (interconnect: debugfs) where the src_node and dst_node pointers could be read or written unsafely due to not being initialized. The fix initializes src_node and dst_node to empty strings before creating debugfs entries to ensure reads/writes are ...

CVE-2026-23126

CVE-2026-23126 affects the Linux kernel netdevsim driver. It describes a race on the bpf_bound_progs list between nsim_bpf_create_prog() (list_add_tail) and nsim_bpf_destroy_prog() (list_del), which can corrupt the list and trigger a kernel crash (kernel BUG at lib/list_debug.c). The proposed rem...

CVE-2026-23149

Summary: CVE-2026-23149 affects the Linux kernel DRM subsystem, specifically drm_gem_change_handle_ioctl(). The vulnerability arises because GEM buffer object handles are u32 in the user API while internal idr_alloc() uses int ranges, causing a kernel warning (WARN_ON_ONCE) when a handle larger t...

CVE-2026-23154

CVE-2026-23154 concerns the Linux kernel fix for segmentation of forwarding fraglist GRO. The description explains that GRO packets containing a frag_list could be mishandled during GSO segmentation because skb_segment_list cannot correctly process GRO skbs converted by XLAT (which translates onl...

CVE-2026-23202

The CVE-2026-23202 issue is in the Linux kernel SPI driver for Tegra210-quad (tegra_qspi_combined_seq_xfer). The root cause is that curr_xfer is read by the IRQ handler without the spinlock, and is cleared without proper synchronization, allowing a race that could yield a NULL pointer dereference...

CVE-2026-23205

The CVE-2026-23205 entry describes a memory leak in the Linux kernel SMB/CIFS client (smb2_open_file()). The provided reproducer shows a scenario with a read-only CIFS export, client mount, and module removal that triggers a leak during cleanup of SMB request buffers, leading to a kmem_cache leak...

CVE-2026-23214

In CVE-2026-23214, the Linux kernel Btrfs implementation may start new transactions even when the filesystem is mounted with rescue options that mark it fully read-only. This can trigger a transaction during unmount when inodes are evicted, producing warnings like “Transaction aborted (error -22)...

CVE-2026-23244

CVE-2026-23244 affects the Linux kernel and stems from nvme_pr_read_keys() allocating memory based on a user-supplied num_keys value. The code uses num_keys to determine the rse allocation size up to an upper limit PR_KEYS_MAX (64K). A malicious or buggy userspace input can cause a kzalloc-based ...

CVE-2026-31601

CVE-2026-31601 affects the Linux kernel vfio/xe driver. When resetting a Virtual Function (VF) device that does not support migration, a kernel page fault can occur due to the vfio_pci core structure not being fully initialized until migration init. The root cause described in connected docs is t...

CVE-2026-31677

The CVE-2026-31677 issue affects the Linux kernel af_alg path. The root cause is that af_alg_get_rsgl() could extract RX scatterlist data beyond the remaining receive budget, allowing a local attacker to trigger a DoS via recvmsg when there isn’t enough RX space for a chunk. The fix tightens budg...

CVE-2026-43062

CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...

CVE-2026-43198

CVE-2026-43198 is a Linux kernel race in IPv6 TCP socket handling. The issue occurs in tcp_v6_syn_recv_sock() where the child socket becomes visible before IPv6 state is initialized, allowing other CPUs to access it and potentially triggering instability. The fix moves the problematic code into t...

CVE-2026-43226

The CVE-2026-43226 issue affects the Linux kernel Reliable Datagram Sockets (RDS). A state-machine bug allowed an RDS_CONN_ERROR to bypass the proper shutdown path via a shortcut through RDS_CONN_CONNECTING, created by RDS/TCP multipath changes. This could leave a connection stuck in shutdown-que...

CVE-2026-43342

CVE-2026-43342 concerns the Linux kernel USB gadget RNDIS driver (f_rndis). The issue arises from race conditions when RNDIS options (class/subclass/protocol) are accessed concurrently via configfs, enabling unsafe concurrent access. The remediation implemented is to protect these options using a...

CVE-2026-43407

The CVE-2026-43407 issue affects the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY with a large payload_len could trigger an integer overflow and out-of-bounds read. The root cause is storing payload_len and related lengths in int, allowing negative values to underflow pointers. The...

CVE-2026-43439

CVE-2026-43439 : In the Linux kernel, a race between task migration and iteration in cgroup can cause iterators to skip tasks when a task migrates from cset->tasks to cset->mg_tasks. The patch adds a call to css_set_skip_task_iters() before unlinking the task from cset->tasks, advancing ...

CVE-2026-45988

The CVE-2026-45988 issue affects the Linux kernel rxrpc subsystem: a RESPONSE packet that experiences a temporary failure could end up partially decrypted and be retried, risking communication disruption or resource exhaustion. The published fix discards the problematic packet and triggers a new ...

CVE-2026-46038

CVE-2026-46038 relates to the Linux kernel net: qrtr: ns path where a node’s memory is leaked after processing BYE, because the node is not freed in ctrl_cmd_bye() failure or success. The fix removes the node from the Xarray and frees memory in both outcomes. Reported CVSS 3.1/3.1_VECTORS via NVD...

CVE-2026-46177

The CVE-2026-46177 issue affects the Linux kernel IPMI driver. It describes a vulnerability where the driver could continuously fetch events and receive messages from the BMC (or become stuck) due to the BMC not signaling completion or the attn bit getting stuck. The documented fix limits event/m...

CVE-2026-46185

The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...

CVE-2026-46209

CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...

CVE-2026-46212

CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...

CVE-2026-46214

CVE-2026-46214 relates to the Linux kernel vsock/virtio transport: a backlog count leak occurs when vsock_assign_transport() fails or switches transport, because sk_acceptq_added() is called before transport validation and not removed on error. This can cause sk_acceptq_is_full() to reject new co...

CVE-2026-46220

CVE-2026-46220 affects the Linux kernel’s drm/amdgpu sdma4 fence emission. The vulnerability stems from two BUG_ON(addr & 0x3) assertions in sdma_v4_0_ring_emit_fence(), which could be triggered by unprivileged userspace submissions via DRM_IOCTL_AMDGPU_CS, causing a kernel panic in a scheduler w...