14330 matches found
CVE-2026-43071
CVE-2026-43071 affects the Linux kernel dcache component, specifically an OOB read in dentry_hashtable when dhash_entries is set to 1. The root cause is incorrect d_hash_shift calculation, causing an access to unallocated memory and potential kernel panic/DoS. The issue is mitigated by patching t...
CVE-2026-43091
The CVE-2026-43091 vulnerability affects the Linux kernel xfrm policy handling during netns exit. The root cause is that xfrm_policy_fini() frees the policy_bydst hash tables after flushing work items and deleting policies, but does not wait for concurrent RCU readers to exit read-side critical s...
CVE-2026-43113
In the Linux kernel, CVE-2026-43113 affects the wl1251 Wi‑Fi driver. The function wl1251_tx_packet_cb() uses the firmware completion ID (a raw u8) to index a fixed 16-entry wl->tx_frames[] array without validating that the ID fits. The callback can dereference out-of-range IDs. The fix rejects...
CVE-2026-43249
The CVE-2026-43249 entry describes a race in the Linux kernel 9p/xen frontend: xenwatch and backend change notifications can concurrently call xen_9pfs_front_free, causing a double-free and a general protection fault. The fixes guard the teardown path so only a single caller releases the front-en...
CVE-2026-43339
CVE-2026-43339 affects the Linux kernel. The issue is a use-after-free scenario in the IPv6 address configuration path: within addrconf_permanent_addr(), a warning message could be produced after the ipv6 object could be deleted, leading to UaF when accessed. The fix reorders the statement to avo...
CVE-2026-43342
CVE-2026-43342 concerns the Linux kernel USB gadget RNDIS driver (f_rndis). The issue arises from race conditions when RNDIS options (class/subclass/protocol) are accessed concurrently via configfs, enabling unsafe concurrent access. The remediation implemented is to protect these options using a...
CVE-2026-43351
The CVE-2026-43351 issue affects the Linux kernel’s KVM on arm64 when creating a virtual GIC. If vgic_allocate_private_irqs_locked() fails, kvm_vgic_create() can exit before vgic dist regions are initialised, and kvm_vgic_dist_destroy() may then attempt to free uninitialised data, risking a crash...
CVE-2026-43371
The CVE-2026-43371 details the Linux kernel macb driver fault where disabling transmit resets tx_head/tx_tail to 0, causing silent loss of queued packets, memory leaks, and race conditions between macb_tx_poll() and macb_start_xmit(). This can prolong recovery after suspend (e.g., NFS rootfs on A...
CVE-2026-43439
CVE-2026-43439 : In the Linux kernel, a race between task migration and iteration in cgroup can cause iterators to skip tasks when a task migrates from cset->tasks to cset->mg_tasks. The patch adds a call to css_set_skip_task_iters() before unlinking the task from cset->tasks, advancing ...
CVE-2026-43452
CVE-2026-43452 affects the Linux kernel netfilter x_tables option walkers (xt_tcpudp and xt_dccp). The vulnerability arises when processing packet options: walkers that increment with i += op[i + 1] ? : 1 can read op[i + 1] past the end of the option area, enabling an out-of-bounds read. Multiple...
CVE-2026-43496
CVE-2026-43496 affects the Linux kernel net/sched subsystem (sch_red). When red qdiscs with children (e.g., qfq) perform a peek() to expose an skb and then immediately dequeue from the child, the code path could dereference NULL and trigger a kernel panic. The fix changes the sequence from direct...
CVE-2026-45855
The CVE-2026-45855 issue affects the Linux kernel’s libata-scsi component, where NCQ command traffic could starve non-NCQ commands in multi-queue hosts. Root cause: mixing NCQ and non-NCQ can delay non-NCQ execution when NCQ is in-flight. The fix implements forward progress for non-NCQ commands b...
CVE-2026-45858
The CVE-2026-45858 entry concerns the Linux kernel ext4 behavior: when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O, a stale data issue could occur if a split happens in the middle. The published details explain that ext4_split_extent...
CVE-2026-45872
The CVE-2026-45872 issue affects Linux kernel SCSI smartpqi: pqi_report_phys_luns() where the rpl_list buffer could leak if an unsupported data format is encountered or rpl_16byte_wwid_list allocation fails. The root cause is early returns bypassing cleanup logic. The fix consolidates error handl...
CVE-2026-45874
CVE-2026-45874 affects the Linux kernel component under the phosphate path for Freescale IMX8QM HSIO. The issue arises when the devicetree provides no fsl,refclk-pad-mode; during probe, refclk_pad is set to NULL, and imx_hsio_configure_clk_pad() uses this pointer unconditionally, risking a NULL p...
CVE-2026-45885
The CVE-2026-45885 issue lies in the Linux kernel power: supply: cpcap-battery path, where requesting IRQ with devm_ before registering the power_supply handle creates a use-after-free race. If the IRQ fires after the power_supply handle is freed but before IRQ unregistration, power_supply_change...
CVE-2026-45912
CVE-2026-45912 – Linux kernel ext4 caching during extent splitting . The issue affects the ext4 file system in the Linux kernel where, during ext4_split_extent_at(), the kernel may cache or mishandle extents while splitting, potentially leaving a hole in the extent status tree and causing space a...
CVE-2026-45923
Summary: CVE-2026-45923 affects the Linux kernel’s USB-CATC driver. Affected codePath: probe time endpoint verification for CATC USB endpoints. Root cause: CATC probe uses hardcoded endpoint pipes (TX/RX bulk 1, interrupt status 2) without validating endpoint descriptors, allowing a malformed USB...
CVE-2026-45929
In CVE-2026-45929, Linux kernel ovpn: fix possible use-after-free in ovpn_net_xmit. The vulnerability arises when skb_share_check frees the original skb during skb_list construction, but subsequent operations re-use a now-stale skb pointer (peer lookup, skb_dst_drop, and ovpn_peer_stats_increment...
CVE-2026-45989
CVE-2026-45989: Linux kernel use-after-free in unittest testdrv_probe() is mitigated in openSUSE/Root environments by updating kernel-devel to 7.0.11-1.1. The initial description explains that testdrv_probe() retrieves a device_node from the PCI device, applies an overlay, and then calls of_node_...
CVE-2026-46024
CVE-2026-46024 targets the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY containing zero values for both protocol and result could lead to a null pointer dereference due to ac->ops being NULL after faulty auth handling. The root cause is that a too-permissive check allowed ac->...
CVE-2026-46027
The CVE-2026-46027 fix targets the Linux kernel net/smc path, addressing a race where a CLC decline during an early handshake could trigger updates to link-group level sync state before the link group is fully initialized. The mitigation guards the link-group state update in smc_clc_wait_msg() so...
CVE-2026-46039
CVE-2026-46039 affects the Linux kernel. The root cause is a potential integer overflow in rxgk_extract_token() during the length check. The fix changes the check to round down the size of the available data rather than rounding up, preventing overflow. Kernel commits upstream (listed in referenc...
CVE-2026-46064
CVE-2026-46064 affects the Linux kernel’s ibmasm_send_i2o_message, where the copy size is derived from user-controlled dot_command_header fields and not validated against allocation size. This can let an attacker perform a heap over-read by memcpy_toio(), reaching up to ~65 KB beyond the allocate...
CVE-2026-46079
CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...
CVE-2026-46086
The CVE-2026-46086 issue affects the Linux kernel’s bridge FDB code. Local FDB entries could be rewritten in place by fdb_delete_local(), changing f->dst to another port or NULL while entries remain alive. Several bridge RCU readers (e.g., br_fdb_fillbuf() via brforward_read()) may observe f-&...
CVE-2026-46097
CVE-2026-46097: Linux kernel use-after-free in edt-ft5x06 debugfs teardown is fixed by protecting raw_buffer freeing with the device mutex and NULLing raw_buffer. The fix is described in the commit 68743c500c6e and related changes; applied so far to kernel components referenced in public advisori...
CVE-2026-46130
CVE-2026-46130 concerns the Linux kernel’s dm-verity-fec component. The root cause is an incorrect assumption about parity data layout: when reading parity bytes across blocks, parity bytes for the first RS codeword can be split across parity blocks, causing an out-of-bounds read under certain no...
CVE-2026-46176
The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...
CVE-2026-46209
CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...
CVE-2026-46232
The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...
CVE-2026-46235
CVE-2026-46235 affects the Linux kernel saa7164 media driver. The issue arises from missing return value checks for ioremap calls in saa7164_dev_setup(), specifically for BAR0 and BAR2. When ioremap fails, the code now performs cleanup: releases allocated PCI memory regions, removes the device fr...
CVE-2026-52904
CVE-2026-52904 affects the Linux kernel's DRM Nouveau NVKM path. When aperture_remove_conflicting_pci_devices() fails, nvkm_device_pci_new() could leak the device wrapper and pci_enable_device() reference. The fix redirects to the existing fail_nvkm path so nvkm_device_del() runs and balances res...
CVE-2026-53268
CVE-2026-53268 affects the Linux kernel netfilter component, specifically the conntrack_irc module. The root cause is a failure to bail out after a command string is matched, which can lead to an out-of-bounds read during parsing. Impact per sources is a potential information disclosure or denial...
CVE-2026-53273
CVE-2026-53273 describes a use-after-free in the Linux kernel TEE/OP-TEE path. When a client exits before the supplicant finishes processing, freed request memory could be dereferenced, enabling a potential crash or code execution path. The root cause is a race around request lifetime between the...
CVE-2022-49939
In CVE-2022-49939, the vulnerability is in the Linux kernel binder code where a race between closing a node reference and binder_deferred_release can cause a use-after-free: a weak_handle transaction may fail to increment a node’s reference, and if the target process is dying, the cleanup is dela...
CVE-2022-50075
The CVE-2022-50075 entry concerns Linux kernel tracing/eprobes. A NULL pointer dereference can occur when a symbol "@" is used with an event probe, because eprobes previously did not handle data sources beyond main registers (e.g., immediate addresses, symbols, current task name). The issue is mi...
CVE-2022-50106
The CVE-2022-50106 issue affects the Linux kernel, specifically powerpc/cell/axon_msi: a refcount leak in setup_msi_msg_address caused by of_get_next_parent() returning a node pointer with an incremented refcount. The root cause is missing of_node_put() in the error path, leading to leaking refer...
CVE-2022-50225
CVE-2022-50225 concerns a Linux kernel issue on riscv where the uprobe handling incorrectly clears/sets the SR_SPIE flag around origin instruction execution. The description and connected sources state that the problematic sequence could occur when a page fault happens while the origin instructio...
CVE-2022-50273
CVE-2022-50273 concerns Linux kernel f2fs recovery logic. The vuln is fixed by a patch that adds a DATA_GENERIC_ENHANCE_UPDATE flag to the data block recovery flow, enabling validation of destination blkaddr in SIT during recovery and skipping f2fs_replace_block() to prevent inconsistent SIT/inod...
CVE-2022-50342
CVE-2022-50342 affects the Linux kernel floppy subsystem: memory leak in do_floppy_init() when floppy_alloc_disk() fails, leaking set->tag in the error path. The issue is resolved by freeing the current drive’s set->tag before returning. Connected advisories (SUSE OSV and Astra Linux) corro...
CVE-2022-50363
Summary (CVE-2022-50363) The vulnerability affects the Linux kernel’s skmsg flow where alloc_sk_msg() could be invoked from a non-sleepable context. The call path shown in the provided trace goes through alloc_sk_msg() in net/core/skmsg.c to sk_psock_verdict_recv(), which uses rcu_read_lock(). Th...
CVE-2022-50380
Affected software: Linux kernel. Vulnerable component: mm: /proc/pid/smaps_rollup (show_smaps_rollup). Root cause: a null-deref when there are no VMAs in the task, introduced by commit 258f669e7e88 that converted to a single value seq_file. Impact stated: availability impact is HIGH in CVSS metri...
CVE-2022-50386
CVE-2022-50386 is a Linux kernel Bluetooth L2CAP use‑after‑free vulnerability. The fix adds a guard by calling l2cap_chan_hold_unless_zero() after __l2cap_get_chan_blah() to prevent a use‑after‑free in l2cap_chan_destroy. Affected: Linux kernel Bluetooth L2CAP path; impact per sources is high (CV...
CVE-2022-50392
CVE-2022-50392 is a Linux kernel vulnerability affecting ASoC: mediatek mt8183. The issue is a refcount leak in the mt8183_mt6358_ts3a227_max98357_dev_probe() path caused by not calling of_node_put() on the phandle node returned by of_parse_phandle() when finishing usage. The connected advisories...
CVE-2022-50399
CVE-2022-50399 affects the Linux kernel media/atomisp component, where user-supplied height/width can cause overflow in height*width in sh_css_set_black_frame(). The issue has been fixed in kernel patches (publicly noted in multiple advisories), with distributors (e.g., Root, SUSE) applying fixes...
CVE-2022-50543
In CVE-2022-50543, Linux kernel RDMA/rxe has a double free of mr->map when rxe_mr_init_user() fails and rxe_mr_cleanup() is called. The root cause involved freeing mr->map twice in the error path, traced through prior commits and a revert, and has been fixed by making rxe_mr_cleanup() free ...
CVE-2023-53181
Technical details for CVE-2023-53181 are not provided in the supplied documents. The visible text references a Linux kernel dma-buf leak fix but lacks specific product/version/subcomponent data. Monitor for updates.
CVE-2023-53241
The CVE-2023-53241 entry describes a Linux kernel NFSD flaw where op_release was skipped for some replies, causing a potential memory leak in layoutget when an error occurs. The fix ensures op_release is called even if op_func returns an error and, on error, nfsd4_block_get_device_info_scsi must ...
CVE-2023-53254
CVE-2023-53254 is a Linux kernel vulnerability related to the cacheinfo shared_cpu_map. The issue occurs when the kernel checks that caches with the same index are shared, which can trigger slab-out-of-bounds access if CPUs have different cache hierarchies. A second problem is a mismatched shared...