14330 matches found
CVE-2023-53430
CVE-2023-53430 affects the Linux kernel with the mt76 Wi‑Fi driver. The issue is a memory leak in the DMA cleanup path (mt76_dma_tx_cleanup) that could impact system availability. The vulnerability is resolved by fixing the device unregister memory leak and ensuring all configured RX queues are c...
CVE-2023-53635
CVE-2023-53635 concerns a Linux kernel conntrack timeout bug in nfnetlink_queue: the nf_conn->timeout value could be doubled/subtracted due to incorrect handling when unconfirmed vs. confirmed conntracks. The connected OpenVAS/Nessus entries document the fix as separating how ct->timeout is...
CVE-2025-38144
CVE-2025-38144 concerns the Linux kernel watchdog code for Lenovo SE30 hardware. The vulnerability stems from a NULL pointer dereference in lenovo_se30_wdt_probe() when devm_ioremap() returns NULL on error, and the code fails to check this condition. A fix was implemented to add a NULL check afte...
CVE-2025-38266
CVE-2025-38266 affects the Linux kernel pinctrl/mediatek EINT path. The root cause was an invalid dereference: a function (mtk_eint_do_init) could be called with a version of struct mtk_pinctrl that lacks the required soc field when using v1 drivers, leading to a potential crash on certain boards...
CVE-2025-38367
CVE-2025-38367 concerns the Linux kernel LoongArch KVM subsystem. The issue arises from a logic error where a modified index is reused as an array index when updating the EIOINTC_ENABLE register, creating an array index overflow condition. The vulnerability affects the kernel, with the descriptio...
CVE-2025-38492
In CVE-2025-38492, the Linux kernel netfs subsystem exposes a race between cache write completion and NETFS_RREQ_ALL_QUEUED being set. When netfslib spawns subrequests (e.g., copy2cache used by Ceph) that finish asynchronously, the collector can be blocked if ALL_QUEUED is set after subrequests a...
CVE-2025-38619
CVE-2025-38619 affects the Linux kernel media TI J721e CSI-2 RX driver. The root cause was that, when ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the corresponding vb2 buffer was marked as ERROR but not removed from the DMA queue, allowing it to be retried and causing a list_del corr...
CVE-2025-38625
The CVE-2025-38625 issue concerns the Linux kernel vfio/pds driver. When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, probe fails with a WARN_ON trace because vfio_device_ops.detach_ioas isn’t set. The vuln is resolved by applying a fix that uses the generic vfio_io...
CVE-2025-38629
Technical details about CVE-2025-38629 are not publicly available in the provided connected documents. The initial description mentions a NULL check in scarlett2, but no further technical specifics are provided. Monitor for updates.
CVE-2025-38642
CVE-2025-38642 affects the Linux kernel’s wifi/mac80211 monitor mode handling. The issue arises on devices without WANT_MONITOR_VIF (and likely without channel context support), triggering a WARN_ON when modifying the per-link settings of a MONITOR interface. The fix moves this validation from a ...
CVE-2025-38669
CVE-2025-38669 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable across a GEM object’s lifetime, becoming NULL after the final GEM handle is released, leading to a NULL-pointer dereference. The vulnerability arose after a change to use dma_buf from the G...
CVE-2025-38675
CVE-2025-38675 affects the Linux kernel xfrm subsystem. The issue arises when preemption causes xfrm_state_look_at to search on a different pcpu (CPU2 vs CPU1); if a state for CPU2 is found in the state_cache during the lookup, the code may enter the acquire block with state_ptrs not initialized....
CVE-2025-38701
CVE-2025-38701 relates to ext4 in the Linux kernel where a syzbot-triggered BUG_ON could occur when INLINE_DATA_FL is set but the system.data xattr is missing. The fix replaces BUG_ON with EXT4_ERROR_INODE() in ext4_create_inline_data() and ext4_inline_data_truncate(), and documents reporting a c...
CVE-2025-38715
Technical details for CVE-2025-38715 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2025-38716
CVE-2025-38716 affects the Linux kernel and relates to the hfs_find_init() code path. The vulnerability arises when the tree pointer is NULL, potentially triggering a general protection fault / null pointer dereference during HFS operations (e.g., ext_read_extent, get_block, and subsequent file m...
CVE-2025-38719
The CVE-2025-38719 entry concerns the Linux kernelnet hibmcge: when the network port is down, a released queue can yield ring->len = 0, triggering a division by zero in hbg_get_queue_used_num() called from debugfs. The provided patch adds a guard: if ring->len is 0, hbg_get_queue_used_num()...
CVE-2025-38723
CVE-2025-38723 concerns the Linux kernel, specifically LoongArch BPF tailcall handling. The issue arises in the tailcall jump offset calculation when bpf_int_jit_compile() fails to initialize the JIT context, leaving out_offset = -1. Consequently, the computed jmp_offset = (out_offset - cur_offse...
CVE-2025-39676
CVE-2025-39676 affects the Linux kernel in the SCSI qla4xxx path. The issue arises because qla4xxx_ep_connect() can return error pointers, while qla4xxx_get_ep_fwdb() is expected to return NULL on error; propagating error pointers leads to an Oops in the caller. The fix changes error pointers to ...
CVE-2025-39679
CVE-2025-39679: In the Linux kernel driver drm/nouveau/nvif, fixing a memory leak in nvif_vmm_ctor() when nvif_vmm_type is invalid. The patch returns -EINVAL and frees resources; connected advisories reference this CVE but provide no additional exploit details.
CVE-2025-39704
CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...
CVE-2025-39715
CVE-2025-39715 affects the Linux kernel on Parisc where a read-access check was not triggered for certain user-access memory references, allowing a local attacker to execute a LWS compare-and-swap at an address that is read-protected at PRIV_USER. The issue is fixed by probing read access rights ...
CVE-2025-39720
CVE-2025-39720 concerns the Linux kernel ksmbd subsystem. The issue is a refcount leak: when ksmbd_conn_releasing(opinfo->conn) returns true, the refcount is not decremented properly, preventing memory release and potentially causing resource leak. Multiple connected sources describe the same ...
CVE-2025-39721
CVE-2025-39721 (Linux kernel, crypto: qat) : Repeated loading/unloading of a device-specific QAT driver (e.g., qat_4xxx) can trigger a use-after-free when a power-management interrupt fires just before the core intel_qat.ko remains loaded. The shared workqueue qat_misc_wq may still host a deferre...
CVE-2025-39739
The CVE-2025-39739 issue is a Linux kernel iommu/arm-smmu-qcom vulnerability that was resolved by adding SM6115 MDSS compatibility to the MDSS clients list to apply the needed workaround. The described impact includes unhandled SMMU context faults during boot on QRB4210 RB2 (SM4250/SM6115) and re...
CVE-2025-39747
Technical details about CVE-2025-39747 are not publicly provided in the supplied documents. Monitoring for updates from OSV/Root feeds is advised; no concrete affected products, root cause, or patch details are present here.
CVE-2025-39756
CVE-2025-39756 is a Linux kernel issue where extremely high nr_open values (e.g., 1073741816) can trigger massive file descriptor table allocations that exceed INT_MAX, causing a kernel warning and impractical memory requests (>8GB) during operations near the FD limit. The root cause involves ...
CVE-2025-39758
CVE-2025-39758: In Linux kernel RDMA/siw, a bug caused sending oversized iov_iters and tcp_sendmsg calls after siw_tcp_sendpages, due to miscomputed per-page bytes and overall size. Root cause was the way iov_iter byte counts and the size passed to tcp_sendmsg_locked were set, leading to out-of-b...
CVE-2025-39763
CVE-2025-39763 affects the Linux kernel and describes an ACPI: APEI path where a synchronous memory error that is not recovered can cause the kernel to queue memory_failure() and poison a page, unmap it, and send SIGBUS to the triggering process to avoid a system-wide panic. The issue arises when...
CVE-2025-39773
CVE-2025-39773 refers to a Linux kernel issue in the bridge/net subsystem where setting multicast_query_interval to a large value can cause a local time overflow in br_multicast_send_query(), making the timer expire immediately and re-arm in a loop, potentially triggering a soft lockup (as shown ...
CVE-2025-39789
CVE-2025-39789 concerns the Linux kernel crypto code (x86/aegis). The vulnerability stems from missing error checks in skcipher_walk during memory allocations. Affected component: kernel crypto subsystem; impact reported as high availability risk with local attacker context. The issue has been re...
CVE-2025-39801
CVE-2025-39801 affects the Linux kernel USB subsystem (dwc3) where device endpoint command timeouts could trigger a kernel panic if WARN_ON is hit during connect/disconnect sequences on Exynos platforms. The root cause is a WARN_ON triggered by device endpoint commands in the privileged path duri...
CVE-2025-39805
CVE-2025-39805 affects the Linux kernel net/macb driver. The issue occurs when removing a macb device: phy_exit() is called before unregister_netdev(), causing a kernfs WARN. The documented fix moves unregister_netdev() ahead of phy_exit() in macb_remove(), preventing the PHY from being exited wh...
CVE-2025-39806
CVE-2025-39806 refers to a slab-out-of-bounds access in the Linux kernel HID multitouch path, specifically in mt_report_fixup(). An attacker could trigger this when a HID report descriptor is smaller than 607 bytes; mt_report_fixup() patches at offset 607 without validating descriptor length, lea...
CVE-2025-39869
CVE-2025-39869: Linux kernel memory allocation bug in dmaengine: ti: edma caused out-of-bounds writes to queue_priority_map due to allocating with sizeof(s8) for a 2D array; manifested as kernel crashes on ARM (BeagleBoard-X15). The issue is fixed by changing the allocation to sizeof(*queue_prior...
CVE-2025-39925
CVE-2025-39925 affects the Linux kernel’s CAN J1939 implementation. The issue stems from the j1939 protocol not having a NETDEV_UNREGISTER notification handler, which meant that when a NETDEV_UNREGISTER event fires, the extra ref held by j1939_sk_bind() could prevent the net_device usage count fr...
CVE-2025-39931
The CVE-2025-39931 entry concerns the Linux kernel crypto/af_alg subsystem. The vulnerability occurs in af_alg_sendmsg: if an error causes the call to abort, ctx->merge may contain a garbage value from the previous loop, which can trigger a crash on the next entry into af_alg_sendmsg when atte...
CVE-2025-40039
CVE-2025-40039 relates to the Linux kernel ksmbd subsystem. It describes a race condition in the RPC handle list (sess->rpc_handle_list) managed per ksmbd session. The underlying issue: in ksmbd_session_rpc_open(), xa_store() and xa_erase() modify the XArray but were guarded only by a read loc...
CVE-2025-71083
CVE-2025-71083 affects the Linux kernel’s graphics subsystem (drm/ttm). A evicted BOs object can exist not currently tied to a resource; when devcoredump attempts to read all BOs, the code may dereference a NULL pointer. The result is an ENODATA outcome instead of buffer contents. The CVE is addr...
CVE-2026-23100
The CVE-2026-23100 entry concerns the Linux kernel mm/hugetlb code and a fix for hugetlb_pmd_shared(). The vulnerability stemmed from how shared PMD tables were detected; the patch set switches to using an independent shared count and the ptdesc_pmd_is_shared() check, so that shared PMD tables ar...
CVE-2026-23134
The event CVE-2026-23134 pertains to the Linux kernel slab/kmalloc_nolock() context checks on PREEMPT_RT. On PREEMPT_RT kernels, local_lock is a sleeping lock; when a BPF program runs from a tracepoint with preemption disabled, kmalloc_nolock() may call local_lock_irqsave() and attempt to acquire...
CVE-2026-23227
CVE-2026-23227 is addressed across several OSV records indicating patches in rootio-linux for Root:Debian/Ubuntu/OpenSUSE platforms, with multiple fixed versions available. The initial Linux kernel Vidi/Exynos memory-alloc race issue is fixed by ensuring proper locking around memory-alloc/free st...
CVE-2026-23228
The CVE-2026-23228 issue is in the Linux kernel smb server (ksmbd) where, on ksmbd_tcp_new_connection() failure, free_transport() did not decrement active_num_conn, leaking the counter. This occurs in the kthread_run() path during transport cleanup. The documented fix replaces free_transport() wi...
CVE-2026-23278
CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...
CVE-2026-31449
The CVE-2026-31449 entry concerns the Linux kernel ext4 extent code. A vulnerability was fixed in ext4_ext_correct_indexes where path[k].p_idx could point outside the valid index range if the on-disk eh_entries were corrupted, causing a slab-out-of-bounds read. The fix validates path[k].p_idx aga...
CVE-2026-31499
CVE-2026-31499 affects the Linux kernel Bluetooth L2CAP code. The vulnerability stems from l2cap_conn_del() canceling delayed work (info_timer and id_addr_timer) while holding conn->lock, while the corresponding work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()) also acquire...
CVE-2026-31505
The CVE-2026-31505 issue affects the Linux kernel iavf driver: out-of-bounds writes occur because iavf_get_ethtool_stats() uses real_num_tx_queues for ETH_SS_STATS while other paths use num_tx_queues, enabling memory corruption when ethtool -L and ethtool -S run concurrently. The fix is to use im...
CVE-2026-31557
Summary of CVE-2026-31557 (Linux kernel) : The issue affects the NVMe over Fabrics target (nvmet/nvmet_rdma) where flushing an asynchronous-event work item on nvmet-wq can recurse the same worker, risking a deadlock and DoS. The root cause is a potential re-entrant lock when nvmet_ctrl_free() flu...
CVE-2026-31687
The CVE-2026-31687 issue concerns the Linux kernel GPIO/omap driver: omap_mpuio_driver was registered from omap_gpio_probe() and could deadlock because a device lock may be held during probe, compounded by the driver core changes enforcing device_lock for driver_match_device(). The driver was als...
CVE-2026-31703
The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...
CVE-2026-43020
CVE-2026-43020 concerns the Linux kernel Bluetooth MGMT path: load-time Long Term Keys can overflow a fixed-size stack buffer if enc_size exceeds the 16-byte key buffer. The root cause is validation of enc_size not rejecting oversized values during management LTK record validation, allowing inval...