Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/05/05 3:29 p.m.31 views

CVE-2026-43071

CVE-2026-43071 affects the Linux kernel dcache component, specifically an OOB read in dentry_hashtable when dhash_entries is set to 1. The root cause is incorrect d_hash_shift calculation, causing an access to unallocated memory and potential kernel panic/DoS. The issue is mitigated by patching t...

9.1CVSS5.8AI score0.0039EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.31 views

CVE-2026-43091

The CVE-2026-43091 vulnerability affects the Linux kernel xfrm policy handling during netns exit. The root cause is that xfrm_policy_fini() frees the policy_bydst hash tables after flushing work items and deleting policies, but does not wait for concurrent RCU readers to exit read-side critical s...

7.8CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.31 views

CVE-2026-43113

In the Linux kernel, CVE-2026-43113 affects the wl1251 Wi‑Fi driver. The function wl1251_tx_packet_cb() uses the firmware completion ID (a raw u8) to index a fixed 16-entry wl->tx_frames[] array without validating that the ID fits. The callback can dereference out-of-range IDs. The fix rejects...

8.8CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.31 views

CVE-2026-43249

The CVE-2026-43249 entry describes a race in the Linux kernel 9p/xen frontend: xenwatch and backend change notifications can concurrently call xen_9pfs_front_free, causing a double-free and a general protection fault. The fixes guard the teardown path so only a single caller releases the front-en...

8.8CVSS5.8AI score0.00241EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.31 views

CVE-2026-43339

CVE-2026-43339 affects the Linux kernel. The issue is a use-after-free scenario in the IPv6 address configuration path: within addrconf_permanent_addr(), a warning message could be produced after the ipv6 object could be deleted, leading to UaF when accessed. The fix reorders the statement to avo...

7.8CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/08 1:37 p.m.31 views

CVE-2026-43342

CVE-2026-43342 concerns the Linux kernel USB gadget RNDIS driver (f_rndis). The issue arises from race conditions when RNDIS options (class/subclass/protocol) are accessed concurrently via configfs, enabling unsafe concurrent access. The remediation implemented is to protect these options using a...

4.7CVSS5.8AI score0.00086EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.31 views

CVE-2026-43351

The CVE-2026-43351 issue affects the Linux kernel’s KVM on arm64 when creating a virtual GIC. If vgic_allocate_private_irqs_locked() fails, kvm_vgic_create() can exit before vgic dist regions are initialised, and kvm_vgic_dist_destroy() may then attempt to free uninitialised data, risking a crash...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.31 views

CVE-2026-43371

The CVE-2026-43371 details the Linux kernel macb driver fault where disabling transmit resets tx_head/tx_tail to 0, causing silent loss of queued packets, memory leaks, and race conditions between macb_tx_poll() and macb_start_xmit(). This can prolong recovery after suspend (e.g., NFS rootfs on A...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.31 views

CVE-2026-43439

CVE-2026-43439 : In the Linux kernel, a race between task migration and iteration in cgroup can cause iterators to skip tasks when a task migrates from cset->tasks to cset->mg_tasks. The patch adds a call to css_set_skip_task_iters() before unlinking the task from cset->tasks, advancing ...

4.7CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.31 views

CVE-2026-43452

CVE-2026-43452 affects the Linux kernel netfilter x_tables option walkers (xt_tcpudp and xt_dccp). The vulnerability arises when processing packet options: walkers that increment with i += op[i + 1] ? : 1 can read op[i + 1] past the end of the option area, enabling an out-of-bounds read. Multiple...

8.2CVSS5.8AI score0.00443EPSS
CVE
CVE
added 2026/05/21 12:12 p.m.31 views

CVE-2026-43496

CVE-2026-43496 affects the Linux kernel net/sched subsystem (sch_red). When red qdiscs with children (e.g., qfq) perform a peek() to expose an skb and then immediately dequeue from the child, the code path could dereference NULL and trigger a kernel panic. The fix changes the sequence from direct...

5.5CVSS5.8AI score0.00118EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.31 views

CVE-2026-45855

The CVE-2026-45855 issue affects the Linux kernel’s libata-scsi component, where NCQ command traffic could starve non-NCQ commands in multi-queue hosts. Root cause: mixing NCQ and non-NCQ can delay non-NCQ execution when NCQ is in-flight. The fix implements forward progress for non-NCQ commands b...

5.5CVSS5.9AI score0.00164EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.31 views

CVE-2026-45858

The CVE-2026-45858 entry concerns the Linux kernel ext4 behavior: when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O, a stale data issue could occur if a split happens in the middle. The published details explain that ext4_split_extent...

5.5CVSS5.7AI score0.00155EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.31 views

CVE-2026-45872

The CVE-2026-45872 issue affects Linux kernel SCSI smartpqi: pqi_report_phys_luns() where the rpl_list buffer could leak if an unsupported data format is encountered or rpl_16byte_wwid_list allocation fails. The root cause is early returns bypassing cleanup logic. The fix consolidates error handl...

5.5CVSS5.9AI score0.00166EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.31 views

CVE-2026-45874

CVE-2026-45874 affects the Linux kernel component under the phosphate path for Freescale IMX8QM HSIO. The issue arises when the devicetree provides no fsl,refclk-pad-mode; during probe, refclk_pad is set to NULL, and imx_hsio_configure_clk_pad() uses this pointer unconditionally, risking a NULL p...

5.5CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/05/27 12:16 p.m.31 views

CVE-2026-45885

The CVE-2026-45885 issue lies in the Linux kernel power: supply: cpcap-battery path, where requesting IRQ with devm_ before registering the power_supply handle creates a use-after-free race. If the IRQ fires after the power_supply handle is freed but before IRQ unregistration, power_supply_change...

7.8CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.31 views

CVE-2026-45912

CVE-2026-45912 – Linux kernel ext4 caching during extent splitting . The issue affects the ext4 file system in the Linux kernel where, during ext4_split_extent_at(), the kernel may cache or mishandle extents while splitting, potentially leaving a hole in the extent status tree and causing space a...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.31 views

CVE-2026-45923

Summary: CVE-2026-45923 affects the Linux kernel’s USB-CATC driver. Affected codePath: probe time endpoint verification for CATC USB endpoints. Root cause: CATC probe uses hardcoded endpoint pipes (TX/RX bulk 1, interrupt status 2) without validating endpoint descriptors, allowing a malformed USB...

5.5CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.31 views

CVE-2026-45929

In CVE-2026-45929, Linux kernel ovpn: fix possible use-after-free in ovpn_net_xmit. The vulnerability arises when skb_share_check frees the original skb during skb_list construction, but subsequent operations re-use a now-stale skb pointer (peer lookup, skb_dst_drop, and ovpn_peer_stats_increment...

7.8CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.31 views

CVE-2026-45989

CVE-2026-45989: Linux kernel use-after-free in unittest testdrv_probe() is mitigated in openSUSE/Root environments by updating kernel-devel to 7.0.11-1.1. The initial description explains that testdrv_probe() retrieves a device_node from the PCI device, applies an overlay, and then calls of_node_...

7.8CVSS5.7AI score0.00163EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.31 views

CVE-2026-46024

CVE-2026-46024 targets the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY containing zero values for both protocol and result could lead to a null pointer dereference due to ac->ops being NULL after faulty auth handling. The root cause is that a too-permissive check allowed ac-&gt...

7.5CVSS5.7AI score0.0049EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.31 views

CVE-2026-46027

The CVE-2026-46027 fix targets the Linux kernel net/smc path, addressing a race where a CLC decline during an early handshake could trigger updates to link-group level sync state before the link group is fully initialized. The mitigation guards the link-group state update in smc_clc_wait_msg() so...

7.5CVSS5.7AI score0.00501EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.31 views

CVE-2026-46039

CVE-2026-46039 affects the Linux kernel. The root cause is a potential integer overflow in rxgk_extract_token() during the length check. The fix changes the check to round down the size of the available data rather than rounding up, preventing overflow. Kernel commits upstream (listed in referenc...

9.8CVSS5.8AI score0.00442EPSS
CVE
CVE
added 2026/05/27 12:57 p.m.31 views

CVE-2026-46064

CVE-2026-46064 affects the Linux kernel’s ibmasm_send_i2o_message, where the copy size is derived from user-controlled dot_command_header fields and not validated against allocation size. This can let an attacker perform a heap over-read by memcpy_toio(), reaching up to ~65 KB beyond the allocate...

7.1CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.31 views

CVE-2026-46079

CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...

5.5CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.31 views

CVE-2026-46086

The CVE-2026-46086 issue affects the Linux kernel’s bridge FDB code. Local FDB entries could be rewritten in place by fdb_delete_local(), changing f->dst to another port or NULL while entries remain alive. Several bridge RCU readers (e.g., br_fdb_fillbuf() via brforward_read()) may observe f-&...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.31 views

CVE-2026-46097

CVE-2026-46097: Linux kernel use-after-free in edt-ft5x06 debugfs teardown is fixed by protecting raw_buffer freeing with the device mutex and NULLing raw_buffer. The fix is described in the commit 68743c500c6e and related changes; applied so far to kernel components referenced in public advisori...

7.8CVSS5.8AI score0.00124EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.31 views

CVE-2026-46130

CVE-2026-46130 concerns the Linux kernel’s dm-verity-fec component. The root cause is an incorrect assumption about parity data layout: when reading parity bytes across blocks, parity bytes for the first RS codeword can be split across parity blocks, causing an out-of-bounds read under certain no...

7.1CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.31 views

CVE-2026-46176

The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...

7.8CVSS5.8AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46209

CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...

7.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46232

The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...

8.1CVSS5.7AI score0.00258EPSS
CVE
CVE
added 2026/05/28 9:41 a.m.31 views

CVE-2026-46235

CVE-2026-46235 affects the Linux kernel saa7164 media driver. The issue arises from missing return value checks for ioremap calls in saa7164_dev_setup(), specifically for BAR0 and BAR2. When ioremap fails, the code now performs cleanup: releases allocated PCI memory regions, removes the device fr...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/06/09 12:36 p.m.31 views

CVE-2026-52904

CVE-2026-52904 affects the Linux kernel's DRM Nouveau NVKM path. When aperture_remove_conflicting_pci_devices() fails, nvkm_device_pci_new() could leak the device wrapper and pci_enable_device() reference. The fix redirects to the existing fail_nvkm path so nvkm_device_del() runs and balances res...

5.5CVSS5.4AI score0.00114EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.31 views

CVE-2026-53268

CVE-2026-53268 affects the Linux kernel netfilter component, specifically the conntrack_irc module. The root cause is a failure to bail out after a command string is matched, which can lead to an out-of-bounds read during parsing. Impact per sources is a potential information disclosure or denial...

8.2CVSS5.7AI score0.00364EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.31 views

CVE-2026-53273

CVE-2026-53273 describes a use-after-free in the Linux kernel TEE/OP-TEE path. When a client exits before the supplicant finishes processing, freed request memory could be dereferenced, enabling a potential crash or code execution path. The root cause is a race around request lifetime between the...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2025/06/18 10:54 a.m.30 views

CVE-2022-49939

In CVE-2022-49939, the vulnerability is in the Linux kernel binder code where a race between closing a node reference and binder_deferred_release can cause a use-after-free: a weak_handle transaction may fail to increment a node’s reference, and if the target process is dying, the cleanup is dela...

7CVSS6.5AI score0.00131EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.30 views

CVE-2022-50075

The CVE-2022-50075 entry concerns Linux kernel tracing/eprobes. A NULL pointer dereference can occur when a symbol "@" is used with an event probe, because eprobes previously did not handle data sources beyond main registers (e.g., immediate addresses, symbols, current task name). The issue is mi...

5.5CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.30 views

CVE-2022-50106

The CVE-2022-50106 issue affects the Linux kernel, specifically powerpc/cell/axon_msi: a refcount leak in setup_msi_msg_address caused by of_get_next_parent() returning a node pointer with an incremented refcount. The root cause is missing of_node_put() in the error path, leading to leaking refer...

5.5CVSS6.4AI score0.00163EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.30 views

CVE-2022-50225

CVE-2022-50225 concerns a Linux kernel issue on riscv where the uprobe handling incorrectly clears/sets the SR_SPIE flag around origin instruction execution. The description and connected sources state that the problematic sequence could occur when a page fault happens while the origin instructio...

5.5CVSS6.4AI score0.00147EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.30 views

CVE-2022-50273

CVE-2022-50273 concerns Linux kernel f2fs recovery logic. The vuln is fixed by a patch that adds a DATA_GENERIC_ENHANCE_UPDATE flag to the data block recovery flow, enabling validation of destination blkaddr in SIT during recovery and skipping f2fs_replace_block() to prevent inconsistent SIT/inod...

5.5CVSS6AI score0.00145EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.30 views

CVE-2022-50342

CVE-2022-50342 affects the Linux kernel floppy subsystem: memory leak in do_floppy_init() when floppy_alloc_disk() fails, leaking set->tag in the error path. The issue is resolved by freeing the current drive’s set->tag before returning. Connected advisories (SUSE OSV and Astra Linux) corro...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.30 views

CVE-2022-50363

Summary (CVE-2022-50363) The vulnerability affects the Linux kernel’s skmsg flow where alloc_sk_msg() could be invoked from a non-sleepable context. The call path shown in the provided trace goes through alloc_sk_msg() in net/core/skmsg.c to sk_psock_verdict_recv(), which uses rcu_read_lock(). Th...

5.5CVSS6AI score0.00163EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.30 views

CVE-2022-50380

Affected software: Linux kernel. Vulnerable component: mm: /proc/pid/smaps_rollup (show_smaps_rollup). Root cause: a null-deref when there are no VMAs in the task, introduced by commit 258f669e7e88 that converted to a single value seq_file. Impact stated: availability impact is HIGH in CVSS metri...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.30 views

CVE-2022-50386

CVE-2022-50386 is a Linux kernel Bluetooth L2CAP use‑after‑free vulnerability. The fix adds a guard by calling l2cap_chan_hold_unless_zero() after __l2cap_get_chan_blah() to prevent a use‑after‑free in l2cap_chan_destroy. Affected: Linux kernel Bluetooth L2CAP path; impact per sources is high (CV...

8CVSS6.2AI score0.0033EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.30 views

CVE-2022-50392

CVE-2022-50392 is a Linux kernel vulnerability affecting ASoC: mediatek mt8183. The issue is a refcount leak in the mt8183_mt6358_ts3a227_max98357_dev_probe() path caused by not calling of_node_put() on the phandle node returned by of_parse_phandle() when finishing usage. The connected advisories...

5.5CVSS6.1AI score0.00148EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.30 views

CVE-2022-50399

CVE-2022-50399 affects the Linux kernel media/atomisp component, where user-supplied height/width can cause overflow in height*width in sh_css_set_black_frame(). The issue has been fixed in kernel patches (publicly noted in multiple advisories), with distributors (e.g., Root, SUSE) applying fixes...

5.5CVSS6.5AI score0.00145EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.30 views

CVE-2022-50543

In CVE-2022-50543, Linux kernel RDMA/rxe has a double free of mr->map when rxe_mr_init_user() fails and rxe_mr_cleanup() is called. The root cause involved freeing mr->map twice in the error path, traced through prior commits and a revert, and has been fixed by making rxe_mr_cleanup() free ...

7.8CVSS6AI score0.00151EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.30 views

CVE-2023-53181

Technical details for CVE-2023-53181 are not provided in the supplied documents. The visible text references a Linux kernel dma-buf leak fix but lacks specific product/version/subcomponent data. Monitor for updates.

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/15 2:23 p.m.30 views

CVE-2023-53241

The CVE-2023-53241 entry describes a Linux kernel NFSD flaw where op_release was skipped for some replies, causing a potential memory leak in layoutget when an error occurs. The fix ensures op_release is called even if op_func returns an error and, on error, nfsd4_block_get_device_info_scsi must ...

5.5CVSS6AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:46 p.m.30 views

CVE-2023-53254

CVE-2023-53254 is a Linux kernel vulnerability related to the cacheinfo shared_cpu_map. The issue occurs when the kernel checks that caches with the same index are shared, which can trigger slab-out-of-bounds access if CPUs have different cache hierarchies. A second problem is a mismatched shared...

7.1CVSS6.1AI score0.00138EPSS
Total number of security vulnerabilities14330