Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/07/09 10:42 a.m.29 views

CVE-2025-38243

The CVE-2025-38243 issue affects the Linux kernel’s Btrfs log replay path. In several locations that call read_one_inode(), a NULL inode pointer could be dereferenced (e.g., iput(&inode->vfs_inode) in __add_inode_ref()), causing an invalid memory access and a crash. The available connected doc...

5.5CVSS6.5AI score0.00136EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.29 views

CVE-2025-38309

CVE-2025-38309 affects the Linux kernel’s drm/xe/vm path. The root cause is that during vm creation, the code may call xe_svm_fini() on the error path before the SVM state is initialised, causing kernel splats and a fatal NPD. A fix moves xe_svm_init() earlier in xe_svm lifecycle to ensure proper...

5.5CVSS6.5AI score0.0012EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.29 views

CVE-2025-38370

CVE-2025-38370 concerns a Linux kernel issue in the BTRFS free-space-tree rebuild path. When rebuilding the free-space tree, allocating a new metadata block group could trigger multiple transactions; during the rebuild, btrfs_rebuild_free_space_tree() may encounter newly inserted block groups and...

5.5CVSS6.3AI score0.00129EPSS
CVE
CVE
added 2025/07/25 1:20 p.m.29 views

CVE-2025-38411

CVE-2025-38411 affects the Linux kernel netfs code. The issue is a double put of the netfs request during cleanup: when a request finishes in the pause loop, the ref for IN_PROGRESS is removed, but the final wait loop may also call the collector if IN_PROGRESS is clear. The fix makes netfs_collec...

7.8CVSS6.4AI score0.00153EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.29 views

CVE-2025-38442

The CVE-2025-38442 entry concerns the Linux kernel and a fix for large folio support when THP (Transparent Huge Pages) is disabled. The vulnerability could trigger a NULL pointer dereference during boot if a block device with logical block size larger than the page size is present while THP is of...

5.5CVSS6.4AI score0.00137EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.29 views

CVE-2025-38564

CVE-2025-38564 involves the Linux kernel perf subsystem. The issue occurs in perf_mmap() when mapping a buffer read‑only into the page table after the buffer is allocated or attached. If map_range() fails, the kernel currently zaps the page table entries but does not invoke perf_mmap_close(), lea...

5.5CVSS7.4AI score0.00143EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.29 views

CVE-2025-38580

The CVE-2025-38580 entry concerns a Linux kernel ext4 use-after-free in ext4_end_io_rsv_work(). The fix adds a check in ext4_io_end_defer_completion() to ensure io_end->list_vec is empty before adding to i_rsv_conversion_list, preventing starting an unnecessary worker. It also adds ext4_emerge...

7.8CVSS7.3AI score0.00147EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.29 views

CVE-2025-38606

The CVE-2025-38606 entry describes a Linux kernel wireless issue in the ath12k driver where beacon miss handling dereferences arvif->deflink->ar before a vdev has been created, leaving arvif->ar uninitialized for some P2P/vif scenarios. The identified root cause is that arvif is only lin...

5.5CVSS7.2AI score0.00139EPSS
CVE
CVE
added 2025/08/22 4:0 p.m.29 views

CVE-2025-38651

Summary: CVE-2025-38651 concerns the Linux kernel landlock component. A bug in get_id_range() could receive a non-positive value because get_random_u8() may return 0, triggering an unsafe first argument. The fix clamps the value to ensure positivity. The vulnerability was discussed in kernel-land...

5.5CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2025/08/22 4:3 p.m.29 views

CVE-2025-38674

CVE-2025-38674 concerns the Linux kernel where a revert of the patch “drm/prime: Use dma_buf from GEM object instance” makes the dma_buf field in struct drm_gem_object unstable over a buffer object’s lifetime. As a result, the field becomes NULL when the final GEM handle is released, causing a NU...

5.5CVSS6.7AI score0.00121EPSS
CVE
CVE
added 2025/08/30 9:19 a.m.29 views

CVE-2025-38677

CVE-2025-38677 is a Linux kernel vulnerability related to F2FS. The issue arises from a corrupted image where a dnode shares the same node id as its inode, causing f2fs_get_dnode_of_data() to compute an invalid data block address and potentially access memory out of bounds. The root cause is trac...

7.1CVSS5.8AI score0.00151EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.29 views

CVE-2025-38694

In CVE-2025-38694, the Linux kernel media/dvb-frontends: dib7090p driver could dereference a null pointer in dib7090p_rw_on_apb() when msg[0].buf or msg[1].buf lengths are zero or null, because checks on buf were bypassed if buf was null and len was zero. The fix adds sanity checks on msg[0].len ...

5.5CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2025/09/04 3:32 p.m.29 views

CVE-2025-38696

CVE-2025-38696 (Linux kernel, MIPS) : The issue occurs in stack_top() for tasks without an ABI or vDSO mapping (e.g., kthreads). If such a task calls stack_top(), it can dereference a NULL ABI pointer and crash. Affected area is the MIPS support in the Linux kernel; the advisory notes the crash c...

5.5CVSS5.8AI score0.00171EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.29 views

CVE-2025-38720

The CVE-2025-38720 entry describes a Linux kernel issue in hibmcge where two devices could sequentially acquire rtnl_lock during PCI reset, risking deadlock. The provided description explains that the hibmcge netdev previously acquired rtnl_lock in reset_prepare() and released it in reset_done(),...

5.5CVSS5.9AI score0.00105EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.29 views

CVE-2025-38730

CVE-2025-38730 concerns the Linux kernel io_uring/net handling of ring-provided buffers. The issue arises when a buffer acquired from the ring may remain valid across retries, and on the networking side, with MSG_WAITALL or streaming sockets with insufficient processing, the buffer could be kept ...

7.8CVSS5.6AI score0.00151EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.29 views

CVE-2025-38733

CVE-2025-38733 is a Linux kernel vulnerability affecting s390/mapping of lowcore pages. The issue stems from the identity mapping pinning to address zero, causing the lowcore to be mapped at zero even when relocate_lowcore is used; this can lead to NULL pointer accesses succeeding where they shou...

5.5CVSS5.7AI score0.00143EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.29 views

CVE-2025-39692

CVE-2025-39692 is a Linux kernel vulnerability related to the SMB ksmbd path where ksmbd_rdma_stop_listening() must be called before stop_sessions() to avoid using the smb_direct_wq pointer after destroy. The issue arises when the order is not respected, allowing existing connections to reference...

5.5CVSS5.9AI score0.00146EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.29 views

CVE-2025-39693

CVE-2025-39693: In the Linux kernel, the vuln affects the DRM AMD display path (drm/amd/display) where NULL pointers could be dereferenced via drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state(). The description states the root cause is that these functions can return NUL...

5.5CVSS5.9AI score0.00146EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.29 views

CVE-2025-39709

CVE-2025-39709 : In the Linux kernel, the Venus media driver risked a NULL dereference if an IRQ fired before the interrupt handler was fully initialized. The fix ensures the interrupt handler is initialized before the IRQ is registered, preventing spurious interrupts during probe (noted on Rb3Ge...

5.5CVSS5.9AI score0.00149EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.29 views

CVE-2025-39710

CVE-2025-39710: In the Linux kernel, the Venus media driver adds a packet-size validation after reading the header from shared memory to ensure the reported size cannot exceed the number of available words. This fixes potential out-of-bounds memory accesses by firmware-provided sizes. The fix tar...

7.1CVSS5.9AI score0.00152EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.29 views

CVE-2025-39717

CVE-2025-39717 concerns the Linux kernel and is described as resolved. The issue centers on open_tree_attr(2) and id-mapping changes: a bug in a previous commit allowed bypassing the restriction by calling open_tree_attr(2) without OPEN_TREE_CLONE, potentially enabling detached mounts to alter id...

7.8CVSS5.8AI score0.00141EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.29 views

CVE-2025-39737

CVE-2025-39737 corresponds to a Linux kernel kmemleak issue where soft lockups occurred during cleanup of a large kmemleak object set (e.g., ~40k objects). The provided Astra Linux bulletin notes the fix: in kmemleak_do_cleanup(), periodically call cond_resched() inside the cleanup loop to avoid ...

5.5CVSS5.9AI score0.00159EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.29 views

CVE-2025-39752

CVE-2025-39752: In the Linux kernel (ARM/rockchip), the SMP initialization hang bug was fixed by moving SRAM initialization to after all secondary CPUs are powered down. The root cause involved the trampoline code being written to SRAM while secondary CPUs were powered on, causing potential kerne...

5.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.29 views

CVE-2025-39754

CVE-2025-39754: Linux kernel race in mm/smaps between smaps_hugetlb_range and migration. The vulnerability arises when smaps_hugetlb_range() handles the page table without holding the ptl, racing with migration and potentially triggering a BUG_ON in pfn_swap_entry_to_page(). The fix is to hold th...

4.7CVSS6AI score0.00105EPSS
CVE
CVE
added 2025/09/12 3:59 p.m.29 views

CVE-2025-39797

CVE-2025-39797 concerns the Linux kernel xfrm duplicate SPI handling. The vulnerability arises when Strongswan triggers an XFRM_NETLINK_ALLOC_SPI request, enabling xfrm_alloc_spi() to return success for an SPI already in use, causing multiple inbound SAs to share the same SPI (distinguished only ...

7.8CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.29 views

CVE-2025-39830

CVE-2025-39830 : In the Linux kernel’s net/mlx5 HWS subsystem, the hws_pool_buddy_init error-path cleanup fails to free the allocator structure, causing a memory leak. The published fix adds the missing kfree() to release all allocated memory. This is a memory-leak issue in the buddy allocator cl...

5.5CVSS6AI score0.00119EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.29 views

CVE-2025-39847

CVE-2025-39847: In the Linux kernel, pad_compress_skb() can leak memory if alloc_skb() fails, as the old skb reference may be freed incorrectly at the caller. The fix aligns pad_compress_skb() semantics with realloc: free the old skb only after successful allocation and compression, and at the ca...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.29 views

CVE-2025-39848

CVE-2025-39848 (Linux kernel) concerns ax25_kiss_rcv() potentially queuing/mangling input skbs when the skb is shared, leading to crashes in __netif_receive_skb_core() after a per-netns packet-chain change. The root cause is a lack of proper unsharing of skbs in ax25_kiss_rcv(), with a regression...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.29 views

CVE-2025-39854

CVE-2025-39854 affects the ice driver in the Linux kernel. The ice_ll_ts_intr() path could dereference a NULL tracker or use-after-free if the ice_ptp_tx tracker isn’t initialized. The fix gates access on the tracker’s initialized state and ensures reset clears the init flag under lock to prevent...

7.8CVSS6.2AI score0.00141EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.29 views

CVE-2025-39857

CVE-2025-39857 concerns the Linux kernel net/smc subsystem. The issue is a NULL pointer dereference in smc_ib_is_sg_need_sync(), observed when using the software RoCE device where ibdev->dma_device can be null. The patch adds a NULL pointer check to prevent the crash. The vulnerability affects...

5.5CVSS6AI score0.00137EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.29 views

CVE-2025-39880

CVE-2025-39880 is a Linux kernel vulnerability affecting the libceph code path. Affected component: ceph_connection_v1_info access in the generic messenger code can read/write a union member (v1 vs v2) without validating which member is active. On 64-bit systems, con->v1.auth_retry can overlap...

7.8CVSS6.2AI score0.00144EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.29 views

CVE-2025-39888

CVE-2025-39888 concerns a Linux kernel issue in fuse: Block access to folio overlimit. A slab-out-of-bounds write occurred in fuse_dev_do_write when the OOB condition could trigger if bytes to retrieve are truncated to fc->max_pages and an offset is present. The root cause was not fully detail...

7.8CVSS6AI score0.00136EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.29 views

CVE-2025-71095

CVE-2025-71095 concerns a crash in the Linux kernel’s net: stmmac path when using zero-copy XDP_TX. The root cause is that stmmac_xdp_xmit_back() always treated the xdp_buff as a page-pool memory type, regardless of whether the xdp_buff originated from a page pool or a zero-copy XSK pool, leading...

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.29 views

CVE-2025-71096

Summary (CVE-2025-71096) : The Linux kernel RDMA core netlink path handling RDMA_NL_LS_OP_IP_RESOLVE could return a DGID-less response, risking an uninitialized read on the stack. The fix ensures the LS_NLA_TYPE_DGID attribute is present, uses nla_parse_deprecated() to populate nlattrs, and then ...

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.29 views

CVE-2025-71100

CVE-2025-71100 affects the Linux kernel wifi rtl8192cu (rtlwifi). The issue arises when tid values from ieee80211_get_tid() may exceed the bounds of sta_entry->tids[] (MAX_TID_COUNT), triggering an out-of-bounds access and UBSAN warning. The patched code adds a bounds check to ensure TID

7.8CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2026/01/14 3:5 p.m.29 views

CVE-2025-71111

CVE-2025-71111 (Linux kernel) : A TOCTOU race in hwmon w83791d caused by a macro, FAN_FROM_REG, evaluating arguments multiple times in lockless contexts, potentially triggering divide-by-zero. The fix converts the macro to a static function (arguments evaluated once, by-value). Additionally, stor...

4.7CVSS6.1AI score0.00089EPSS
CVE
CVE
added 2026/01/14 3:5 p.m.29 views

CVE-2025-71113

The CVE-2025-71113 issue is in the Linux kernel crypto af_alg path. Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, which could cause uninitialized data to be used in certain error paths or when new fields are added. The root cause is missing z...

5.5CVSS6.2AI score0.00123EPSS
CVE
CVE
added 2026/01/23 2:25 p.m.29 views

CVE-2025-71156

CVE-2025-71156 : In the Linux kernel gve driver, interrupt enabling is deferred until NAPI registration. Currently interrupts may be enabled on request before the NAPI context is ready, causing failures (call trace leading to __napi_poll, net_rx_action, etc.). The workaround/mitigation described ...

7.8CVSS5.2AI score0.00119EPSS
CVE
CVE
added 2026/01/31 11:41 a.m.29 views

CVE-2025-71188

CVE-2025-71188 affects the Linux kernel DMA engine path for the lpc18xx-dmamux component, where a reference leak to the platform device during route allocation could occur. The fix drops the reference after looking up the DMA mux platform device, mitigating the leak. OSV entries show Root:Ubuntu ...

5.5CVSS5.7AI score0.00183EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.29 views

CVE-2026-22979

CVE-2026-22979 is a Linux kernel vulnerability affecting memory accounting for GRO-fragmented SKBs. The issue arose because skb_segment_list() continued to add each fragment’s truesize to delta_truesize while subtracting it from the parent SKB, even though fragments are no longer charged to the s...

5.5CVSS5.3AI score0.0012EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.29 views

CVE-2026-23002

CVE-2026-23002 affects the Linux kernel’s buildid path. The fix switches the sleepable context reader to use __kernel_read() for reading file data instead of direct page cache access via read_cache_folio(), reducing the risk of a NULL pointer dereference in filemap_read_folio. The patch keeps exi...

5.5CVSS5.3AI score0.0015EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.29 views

CVE-2026-23101

The CVE-2026-23101 issue affects the Linux kernel LED subsystem. The root cause is a race where an LED was added to leds_list before led_init_core() and before led_classdev.set_brightness_work is initialized. This could allow a default-trigger LED to call led_trigger_set() and queue an uninitiali...

4.7CVSS5.2AI score0.0012EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.29 views

CVE-2026-23154

CVE-2026-23154 concerns the Linux kernel fix for segmentation of forwarding fraglist GRO. The description explains that GRO packets containing a frag_list could be mishandled during GSO segmentation because skb_segment_list cannot correctly process GRO skbs converted by XLAT (which translates onl...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23189

CVE-2026-23189 concerns a NULL pointer dereference in ceph_mds_auth_match() within the CephFS kernel client. The patch reworks ceph_mdsmap_decode() and namespace_equals() so that ceph_mdsmap contains an extracted FS name (m_fs_name) and the code path uses this value for strict authorization check...

5.5CVSS5.3AI score0.00112EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23193

CVE-2026-23193 affects the Linux kernel SCSI/ISCsi path (scsi: target: iscsi). The issue is a use-after-free in iscsit_dec_session_usage_count() where complete() is called while sess->session_usage_lock is held, risking use-after-free of iscsit_session during wakeup/deallocation. The fix relea...

8.8CVSS5.2AI score0.0024EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23195

The CVE-2026-23195 entry pertains to the Linux kernel, specifically the cgroup/dmem subsystem. The issue is a pool use-after-free (UAF) where a pool could still be held after its memory region is unregistered, leading to a local, kernel-space bug. The provided connected documents describe the roo...

7.8CVSS5.1AI score0.0011EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23200

CVE-2026-23200: In the Linux kernel, a bug in ipv6 ECMP handling occurred when clearing RTF_ADDRCONF during static route addition, causing a mismatch between the fib6_next chain and fib6_siblings list and triggering a kernel BUG. The fix (as described in the report) is to clear RTF_ADDRCONF only ...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23203

CVE-2026-23203 relates to the Linux kernel cpsw driver. The fix changes the processing of the ndo_set_rx_mode callback to run in a work queue (net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue) rather than holding the RTNL lock during certain paths. Root cause involved a lock- and c...

5.5CVSS5.5AI score0.001EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.29 views

CVE-2026-23208

CVE-2026-23208 — Linux kernel ALSA USB audio OOB write fix . The issue arose when user-provided ALSA USB audio parameters led to an out-of-bounds write: calculated frames (packsize[0] * packets) exceeded URB buffer, triggering KASAN slab-out-of-bounds in sound/usb/pcm.c. The patch adds a safety c...

7.8CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.29 views

CVE-2026-23216

Technical details for CVE-2026-23216 are not publicly provided in the supplied documents. The available description mentions a fix in iscsit_dec_conn_usage_count() and a kernel patch, but no vendor/product specifics.

7.8CVSS5.2AI score0.00117EPSS
Total number of security vulnerabilities14330