Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/09/18 4:4 p.m.30 views

CVE-2023-53430

CVE-2023-53430 affects the Linux kernel with the mt76 Wi‑Fi driver. The issue is a memory leak in the DMA cleanup path (mt76_dma_tx_cleanup) that could impact system availability. The vulnerability is resolved by fixing the device unregister memory leak and ensuring all configured RX queues are c...

5.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.30 views

CVE-2023-53635

CVE-2023-53635 concerns a Linux kernel conntrack timeout bug in nfnetlink_queue: the nf_conn->timeout value could be doubled/subtracted due to incorrect handling when unconfirmed vs. confirmed conntracks. The connected OpenVAS/Nessus entries document the fix as separating how ct->timeout is...

5.5CVSS6AI score0.00189EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.30 views

CVE-2025-38144

CVE-2025-38144 concerns the Linux kernel watchdog code for Lenovo SE30 hardware. The vulnerability stems from a NULL pointer dereference in lenovo_se30_wdt_probe() when devm_ioremap() returns NULL on error, and the code fails to check this condition. A fix was implemented to add a NULL check afte...

5.5CVSS7.1AI score0.00137EPSS
CVE
CVE
added 2025/07/10 7:37 a.m.30 views

CVE-2025-38266

CVE-2025-38266 affects the Linux kernel pinctrl/mediatek EINT path. The root cause was an invalid dereference: a function (mtk_eint_do_init) could be called with a version of struct mtk_pinctrl that lacks the required soc field when using v1 drivers, leading to a potential crash on certain boards...

5.5CVSS6.4AI score0.00137EPSS
CVE
CVE
added 2025/07/25 12:47 p.m.30 views

CVE-2025-38367

CVE-2025-38367 concerns the Linux kernel LoongArch KVM subsystem. The issue arises from a logic error where a modified index is reused as an array index when updating the EIOINTC_ENABLE register, creating an array index overflow condition. The vulnerability affects the kernel, with the descriptio...

7.8CVSS6.7AI score0.00144EPSS
CVE
CVE
added 2025/07/28 11:22 a.m.30 views

CVE-2025-38492

In CVE-2025-38492, the Linux kernel netfs subsystem exposes a race between cache write completion and NETFS_RREQ_ALL_QUEUED being set. When netfslib spawns subrequests (e.g., copy2cache used by Ceph) that finish asynchronously, the collector can be blocked if ALL_QUEUED is set after subrequests a...

4.7CVSS6.5AI score0.00087EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.30 views

CVE-2025-38619

CVE-2025-38619 affects the Linux kernel media TI J721e CSI-2 RX driver. The root cause was that, when ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the corresponding vb2 buffer was marked as ERROR but not removed from the DMA queue, allowing it to be retried and causing a list_del corr...

5.5CVSS6.5AI score0.00145EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.30 views

CVE-2025-38625

The CVE-2025-38625 issue concerns the Linux kernel vfio/pds driver. When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, probe fails with a WARN_ON trace because vfio_device_ops.detach_ioas isn’t set. The vuln is resolved by applying a fix that uses the generic vfio_io...

5.5CVSS6.5AI score0.00145EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.30 views

CVE-2025-38629

Technical details about CVE-2025-38629 are not publicly available in the provided connected documents. The initial description mentions a NULL check in scarlett2, but no further technical specifics are provided. Monitor for updates.

5.5CVSS6.5AI score0.00143EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.30 views

CVE-2025-38642

CVE-2025-38642 affects the Linux kernel’s wifi/mac80211 monitor mode handling. The issue arises on devices without WANT_MONITOR_VIF (and likely without channel context support), triggering a WARN_ON when modifying the per-link settings of a MONITOR interface. The fix moves this validation from a ...

5.5CVSS6.8AI score0.00143EPSS
CVE
CVE
added 2025/08/22 4:3 p.m.30 views

CVE-2025-38669

CVE-2025-38669 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable across a GEM object’s lifetime, becoming NULL after the final GEM handle is released, leading to a NULL-pointer dereference. The vulnerability arose after a change to use dma_buf from the G...

5.5CVSS6.7AI score0.00121EPSS
CVE
CVE
added 2025/08/22 4:4 p.m.30 views

CVE-2025-38675

CVE-2025-38675 affects the Linux kernel xfrm subsystem. The issue arises when preemption causes xfrm_state_look_at to search on a different pcpu (CPU2 vs CPU1); if a state for CPU2 is found in the state_cache during the lookup, the code may enter the acquire block with state_ptrs not initialized....

4.7CVSS6.4AI score0.00101EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.30 views

CVE-2025-38701

CVE-2025-38701 relates to ext4 in the Linux kernel where a syzbot-triggered BUG_ON could occur when INLINE_DATA_FL is set but the system.data xattr is missing. The fix replaces BUG_ON with EXT4_ERROR_INODE() in ext4_create_inline_data() and ext4_inline_data_truncate(), and documents reporting a c...

5.5CVSS5.8AI score0.00165EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.30 views

CVE-2025-38715

Technical details for CVE-2025-38715 are not publicly provided in the supplied documents. Monitor for updates.

7.1CVSS5.9AI score0.00151EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.30 views

CVE-2025-38716

CVE-2025-38716 affects the Linux kernel and relates to the hfs_find_init() code path. The vulnerability arises when the tree pointer is NULL, potentially triggering a general protection fault / null pointer dereference during HFS operations (e.g., ext_read_extent, get_block, and subsequent file m...

5.5CVSS5.9AI score0.00136EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.30 views

CVE-2025-38719

The CVE-2025-38719 entry concerns the Linux kernelnet hibmcge: when the network port is down, a released queue can yield ring->len = 0, triggering a division by zero in hbg_get_queue_used_num() called from debugfs. The provided patch adds a guard: if ring->len is 0, hbg_get_queue_used_num()...

5.5CVSS5.9AI score0.00134EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.30 views

CVE-2025-38723

CVE-2025-38723 concerns the Linux kernel, specifically LoongArch BPF tailcall handling. The issue arises in the tailcall jump offset calculation when bpf_int_jit_compile() fails to initialize the JIT context, leaving out_offset = -1. Consequently, the computed jmp_offset = (out_offset - cur_offse...

5.5CVSS6AI score0.00151EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.30 views

CVE-2025-39676

CVE-2025-39676 affects the Linux kernel in the SCSI qla4xxx path. The issue arises because qla4xxx_ep_connect() can return error pointers, while qla4xxx_get_ep_fwdb() is expected to return NULL on error; propagating error pointers leads to an Oops in the caller. The fix changes error pointers to ...

5.5CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.30 views

CVE-2025-39679

CVE-2025-39679: In the Linux kernel driver drm/nouveau/nvif, fixing a memory leak in nvif_vmm_ctor() when nvif_vmm_type is invalid. The patch returns -EINVAL and frees resources; connected advisories reference this CVE but provide no additional exploit details.

5.5CVSS5.9AI score0.00145EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.30 views

CVE-2025-39704

CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...

5.5CVSS6.4AI score0.00131EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.30 views

CVE-2025-39715

CVE-2025-39715 affects the Linux kernel on Parisc where a read-access check was not triggered for certain user-access memory references, allowing a local attacker to execute a LWS compare-and-swap at an address that is read-protected at PRIV_USER. The issue is fixed by probing read access rights ...

5.5CVSS6.2AI score0.00136EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.30 views

CVE-2025-39720

CVE-2025-39720 concerns the Linux kernel ksmbd subsystem. The issue is a refcount leak: when ksmbd_conn_releasing(opinfo->conn) returns true, the refcount is not decremented properly, preventing memory release and potentially causing resource leak. Multiple connected sources describe the same ...

5.5CVSS5.9AI score0.00135EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.30 views

CVE-2025-39721

CVE-2025-39721 (Linux kernel, crypto: qat) : Repeated loading/unloading of a device-specific QAT driver (e.g., qat_4xxx) can trigger a use-after-free when a power-management interrupt fires just before the core intel_qat.ko remains loaded. The shared workqueue qat_misc_wq may still host a deferre...

5.5CVSS5.6AI score0.00133EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.30 views

CVE-2025-39739

The CVE-2025-39739 issue is a Linux kernel iommu/arm-smmu-qcom vulnerability that was resolved by adding SM6115 MDSS compatibility to the MDSS clients list to apply the needed workaround. The described impact includes unhandled SMMU context faults during boot on QRB4210 RB2 (SM4250/SM6115) and re...

5.5CVSS6AI score0.00145EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.30 views

CVE-2025-39747

Technical details about CVE-2025-39747 are not publicly provided in the supplied documents. Monitoring for updates from OSV/Root feeds is advised; no concrete affected products, root cause, or patch details are present here.

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.30 views

CVE-2025-39756

CVE-2025-39756 is a Linux kernel issue where extremely high nr_open values (e.g., 1073741816) can trigger massive file descriptor table allocations that exceed INT_MAX, causing a kernel warning and impractical memory requests (>8GB) during operations near the FD limit. The root cause involves ...

5.5CVSS6AI score0.00166EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.30 views

CVE-2025-39758

CVE-2025-39758: In Linux kernel RDMA/siw, a bug caused sending oversized iov_iters and tcp_sendmsg calls after siw_tcp_sendpages, due to miscomputed per-page bytes and overall size. Root cause was the way iov_iter byte counts and the size passed to tcp_sendmsg_locked were set, leading to out-of-b...

5.5CVSS6.2AI score0.00145EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.30 views

CVE-2025-39763

CVE-2025-39763 affects the Linux kernel and describes an ACPI: APEI path where a synchronous memory error that is not recovered can cause the kernel to queue memory_failure() and poison a page, unmap it, and send SIGBUS to the triggering process to avoid a system-wide panic. The issue arises when...

5.5CVSS6AI score0.00147EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.30 views

CVE-2025-39773

CVE-2025-39773 refers to a Linux kernel issue in the bridge/net subsystem where setting multicast_query_interval to a large value can cause a local time overflow in br_multicast_send_query(), making the timer expire immediately and re-arm in a loop, potentially triggering a soft lockup (as shown ...

5.5CVSS5.9AI score0.0011EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.30 views

CVE-2025-39789

CVE-2025-39789 concerns the Linux kernel crypto code (x86/aegis). The vulnerability stems from missing error checks in skcipher_walk during memory allocations. Affected component: kernel crypto subsystem; impact reported as high availability risk with local attacker context. The issue has been re...

5.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2025/09/15 12:36 p.m.30 views

CVE-2025-39801

CVE-2025-39801 affects the Linux kernel USB subsystem (dwc3) where device endpoint command timeouts could trigger a kernel panic if WARN_ON is hit during connect/disconnect sequences on Exynos platforms. The root cause is a WARN_ON triggered by device endpoint commands in the privileged path duri...

5.5CVSS6.3AI score0.00138EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.30 views

CVE-2025-39805

CVE-2025-39805 affects the Linux kernel net/macb driver. The issue occurs when removing a macb device: phy_exit() is called before unregister_netdev(), causing a kernfs WARN. The documented fix moves unregister_netdev() ahead of phy_exit() in macb_remove(), preventing the PHY from being exited wh...

5.5CVSS6AI score0.00146EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.30 views

CVE-2025-39806

CVE-2025-39806 refers to a slab-out-of-bounds access in the Linux kernel HID multitouch path, specifically in mt_report_fixup(). An attacker could trigger this when a HID report descriptor is smaller than 607 bytes; mt_report_fixup() patches at offset 607 without validating descriptor length, lea...

7.1CVSS6AI score0.0015EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.30 views

CVE-2025-39869

CVE-2025-39869: Linux kernel memory allocation bug in dmaengine: ti: edma caused out-of-bounds writes to queue_priority_map due to allocating with sizeof(s8) for a 2D array; manifested as kernel crashes on ARM (BeagleBoard-X15). The issue is fixed by changing the allocation to sizeof(*queue_prior...

7.1CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2025/10/01 8:7 a.m.30 views

CVE-2025-39925

CVE-2025-39925 affects the Linux kernel’s CAN J1939 implementation. The issue stems from the j1939 protocol not having a NETDEV_UNREGISTER notification handler, which meant that when a NETDEV_UNREGISTER event fires, the extra ref held by j1939_sk_bind() could prevent the net_device usage count fr...

5.5CVSS6.1AI score0.00119EPSS
CVE
CVE
added 2025/10/04 7:30 a.m.30 views

CVE-2025-39931

The CVE-2025-39931 entry concerns the Linux kernel crypto/af_alg subsystem. The vulnerability occurs in af_alg_sendmsg: if an error causes the call to abort, ctx->merge may contain a garbage value from the previous loop, which can trigger a crash on the next entry into af_alg_sendmsg when atte...

5.5CVSS6.1AI score0.00137EPSS
CVE
CVE
added 2025/10/28 11:48 a.m.30 views

CVE-2025-40039

CVE-2025-40039 relates to the Linux kernel ksmbd subsystem. It describes a race condition in the RPC handle list (sess->rpc_handle_list) managed per ksmbd session. The underlying issue: in ksmbd_session_rpc_open(), xa_store() and xa_erase() modify the XArray but were guarded only by a read loc...

4.7CVSS6.3AI score0.00124EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.30 views

CVE-2025-71083

CVE-2025-71083 affects the Linux kernel’s graphics subsystem (drm/ttm). A evicted BOs object can exist not currently tied to a resource; when devcoredump attempts to read all BOs, the code may dereference a NULL pointer. The result is an ENODATA outcome instead of buffer contents. The CVE is addr...

5.5CVSS5.9AI score0.00114EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.30 views

CVE-2026-23100

The CVE-2026-23100 entry concerns the Linux kernel mm/hugetlb code and a fix for hugetlb_pmd_shared(). The vulnerability stemmed from how shared PMD tables were detected; the patch set switches to using an independent shared count and the ptdesc_pmd_is_shared() check, so that shared PMD tables ar...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 3:14 p.m.30 views

CVE-2026-23134

The event CVE-2026-23134 pertains to the Linux kernel slab/kmalloc_nolock() context checks on PREEMPT_RT. On PREEMPT_RT kernels, local_lock is a sleeping lock; when a BPF program runs from a tracepoint with preemption disabled, kmalloc_nolock() may call local_lock_irqsave() and attempt to acquire...

5.5CVSS5.2AI score0.00107EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.30 views

CVE-2026-23227

CVE-2026-23227 is addressed across several OSV records indicating patches in rootio-linux for Root:Debian/Ubuntu/OpenSUSE platforms, with multiple fixed versions available. The initial Linux kernel Vidi/Exynos memory-alloc race issue is fixed by ensuring proper locking around memory-alloc/free st...

7.8CVSS5.2AI score0.00152EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.30 views

CVE-2026-23228

The CVE-2026-23228 issue is in the Linux kernel smb server (ksmbd) where, on ksmbd_tcp_new_connection() failure, free_transport() did not decrement active_num_conn, leaking the counter. This occurs in the kthread_run() path during transport cleanup. The documented fix replaces free_transport() wi...

5.5CVSS5.2AI score0.00118EPSS
CVE
CVE
added 2026/03/20 8:8 a.m.30 views

CVE-2026-23278

CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...

7.8CVSS5.7AI score0.00165EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.30 views

CVE-2026-31449

The CVE-2026-31449 entry concerns the Linux kernel ext4 extent code. A vulnerability was fixed in ext4_ext_correct_indexes where path[k].p_idx could point outside the valid index range if the on-disk eh_entries were corrupted, causing a slab-out-of-bounds read. The fix validates path[k].p_idx aga...

7.8CVSS5.6AI score0.00135EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.30 views

CVE-2026-31499

CVE-2026-31499 affects the Linux kernel Bluetooth L2CAP code. The vulnerability stems from l2cap_conn_del() canceling delayed work (info_timer and id_addr_timer) while holding conn->lock, while the corresponding work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()) also acquire...

5.5CVSS5.6AI score0.00094EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.30 views

CVE-2026-31505

The CVE-2026-31505 issue affects the Linux kernel iavf driver: out-of-bounds writes occur because iavf_get_ethtool_stats() uses real_num_tx_queues for ETH_SS_STATS while other paths use num_tx_queues, enabling memory corruption when ethtool -L and ethtool -S run concurrently. The fix is to use im...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.30 views

CVE-2026-31557

Summary of CVE-2026-31557 (Linux kernel) : The issue affects the NVMe over Fabrics target (nvmet/nvmet_rdma) where flushing an asynchronous-event work item on nvmet-wq can recurse the same worker, risking a deadlock and DoS. The root cause is a potential re-entrant lock when nvmet_ctrl_free() flu...

7.5CVSS5.4AI score0.00441EPSS
CVE
CVE
added 2026/04/27 5:32 p.m.30 views

CVE-2026-31687

The CVE-2026-31687 issue concerns the Linux kernel GPIO/omap driver: omap_mpuio_driver was registered from omap_gpio_probe() and could deadlock because a device lock may be held during probe, compounded by the driver core changes enforcing device_lock for driver_match_device(). The driver was als...

5.5CVSS5.4AI score0.00096EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.30 views

CVE-2026-31703

The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...

7.8CVSS5.5AI score0.00114EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.30 views

CVE-2026-43020

CVE-2026-43020 concerns the Linux kernel Bluetooth MGMT path: load-time Long Term Keys can overflow a fixed-size stack buffer if enc_size exceeds the 16-byte key buffer. The root cause is validation of enc_size not rejecting oversized values during management LTK record validation, allowing inval...

7.8CVSS5.9AI score0.00129EPSS
Total number of security vulnerabilities14330