CVE-2023-53322

CVE-2023-53322 in the Linux kernel affects the scsi qla2xxx driver. The issue arises when terminate_rport_io does not wait for all IOs to return, risking a use-after-free and potential resource leakage leading to a system crash. The connected advisories (EulerOS/RHEL) list this CVE among kernel f...

CVE-2023-53323

CVE-2023-53323 affects the Linux kernel ext2 with DAX on pmem: ext2/dax: Fix ext2_setsize when len is page aligned. The bug arises when PAGE_ALIGN(x) returns x for already-aligned x, causing dax_zero_range() to pass length 0 to iomap_begin(), which makes ext2_get_blocks() see max_blocks = 0 and t...

CVE-2023-53325

Technical details for CVE-2023-53325 are not provided in the supplied documents. Monitor for updates in connected sources.

CVE-2023-53356

CVE-2023-53356 affects the Linux kernel’s USB gadget stack (usb: gadget: u_serial). The issue is a potential null pointer dereference in gserial_suspend if gserial_disconnect has cleared gser->ioport and suspend is invoked afterwards. The fix adds a null pointer check in gserial_suspend and in...

CVE-2023-53370

CVE-2023-53370 targets the Linux kernel DRM AMDGPU MES self test memory leak. The root cause is fences for the MES queue not being freed during amdgpu_ring_fini, leading to leaks. The description states a fix was applied in the kernel; connected documents reference kernel security updates address...

CVE-2023-53371

CVE-2023-53371 (Linux kernel): memory leak in net/mlx5e related to mlx5e_fs_tt_redirect_any_create; the error path did not free fs->any, fix frees memory in the error path to align with mlx5e_fs_tt_redirect_any_destroy().

CVE-2023-53374

Technical details for CVE-2023-53374 are not publicly available in the provided connected documents. No affected products, versions, impact, or fixes are specified here; monitor for updates.

CVE-2023-53375

The CVE refers to a Linux kernel tracing issue: when a tracing instance is removed, the error logs from that instance were not freed, causing a memory leak reported by kmemleak. The problem statement and example trace are provided in the initial document, and connected advisories (EulerOS kernel ...

CVE-2023-53379

CVE-2023-53379 affects the Linux kernel, specifically the USB PHY Tahvo driver. The issue is described as a memory leak in tahvo_usb_probe() where, after obtaining an IRQ, if probe() returns a negative value, the error path failed to free allocated memory. The root cause is stated as missing erro...

CVE-2023-53380

CVE-2023-53380 affects the Linux kernel md/raid10 code. A null pointer dereference could occur in raid10_sync_request when a faulty mreplace is set between two checks. The fix merges the two checks into one and replaces the two variables with a single mreplace determination, preventing the race c...

CVE-2023-53384

CVE-2023-53384 affects the Linux kernel wifi driver (mwifiex). The vulnerability is a possible NULL pointer dereference in mwifiex_handle_uap_rx_forward due to not verifying skb_copy() result, potentially dereferencing skb in mwifiex_uap_queue_bridged_pkt. The patch adds a check for skb_copy() re...

CVE-2023-53385

The CVE-2023-53385 issue relates to the Linux kernel: media: mdp3: Fix resource leaks in of_find_device_by_node. The fix adds release of the object obtained via of_find_device_by_node using put_device to prevent leaks. Public references point to upstream commits implementing this change. If explo...

CVE-2023-53391

CVE-2023-53391 patches the Linux kernel shmem:ramfs-based tmpfs memory leak by replacing kill_sb with ramfs_kill_sb() in ramfs-based tmpfs, freeing fc->s_fs_info during init_fs_context() cleanup. Affected: Linux kernel ramfs/tmpfs shmem path; root cause: memory leak in kill_sb/init_fs_context ...

CVE-2023-53393

CVE-2023-53393 affects the Linux kernel RDMA mlx5 subsystem. The root cause is incorrect port_num handling in mlx5_ib_get_hw_stats() for device (port_num = 0), with downstream code assuming port_num >= 1, which can trigger a page fault (oops) as shown in the provided trace. The fix sets port_n...

CVE-2023-53407

CVE-2023-53407 refers to a Linux kernel issue in USB gadget support for pxa27x_udc where memory leaks occur if debugfs_lookup() results are not released (dput). The resolution, as described in multiple sources, is to call debugfs_lookup_and_remove() which handles the lookup and cleanup in one ste...

CVE-2023-53409

The CVE-2023-53409 issue concerns the Linux kernel: when using debugfs_lookup(), the returned object must be released with dput() to prevent a memory leak. The advisories state a fix by using debugfs_lookup_and_remove(), which handles the necessary logic in one step, mitigating the memory leak. A...

CVE-2023-53432

CVE-2023-53432 : Linux kernel vulnerability in the FireWire net path (firewire: net: fix use after free in fwnet_finish_incoming_packet()). The netif_rx() path frees the skb, so dereferencing skb->len could use freed memory. The incident is reported as resolved in the provided description; no ...

CVE-2023-53436

CVE-2023-53436 : In the Linux kernel, the scsi: snic path had a memory leak when device_add() fails because the name allocated by dev_set_name() wasn’t freed. The fix releases the reference in the error path by calling put_device(), allowing kobject_cleanp() to free the name. The vulnerability’s ...

CVE-2023-53631

CVE-2023-53631 — In Linux kernel, platform/x86 dell-sysman reference leak: if kset_find_obj() finds a duplicate attribute, a reference to that attribute can be returned and may not be disposed, potentially leaking references. Patch note: use kobject_put() to dispose the duplicate attribute. Affec...

CVE-2025-38592

CVE-2025-38592 affects the Linux kernel Bluetooth subsystem. The issue arises in hci_devcd_dump where dev_coredumpv and skb_put_data both use hdev->dump.head, allowing a freed vmalloc buffer to be accessed and causing vmalloc-out-of-bounds access. The documented root cause is that dev_coredump...

CVE-2025-38594

CVE-2025-38594 pertains to the Linux kernel (iommu/vt-d) and fixes a use-after-free (UAF) in sva unbind with pending IOPFs. The root cause was a wrong removal of a device from the IOMMU IOPF queue when the last IOPF-capable domain detaches, occurring before intel_pasid_tear_down_entry() completed...

CVE-2025-38641

The CVE-2025-38641 issue concerns the Linux kernel Bluetooth subsystem (btusb). A NULL pointer dereference could occur on kmalloc failure because the return value wasn’t properly checked, leading to unsafe dereference in the affected code path. The connected documents state the fix as: validate t...

CVE-2025-38698

Summary: CVE-2025-38698 affects the Linux kernel JFS file system. A vulnerability allows regular file operations to fail or corrupt due to a corrupted on-disk file created with a negative i_size. The fix adds a check when opening such files to prevent subsequent operation failures, addressing pot...

CVE-2025-38731

CVE-2025-38731: In the Linux kernel, the drm/xe driver fixes a double-free in xe_vm_bind_ioctl when an array bind argument check fails. The bug freed bind_ops twice; the fix nulls bind_ops after freeing to prevent a second free. Root cause: double-free in xe_vm_bind_ioctl+0x1b2/0x21f0 (KASAN repo...

CVE-2025-39722

The CVE-2025-39722 issue is in the Linux kernel crypto/caam suspend path for iMX8QM/iMX8ULP SoCs. Root cause: CAAM register access during suspend is reserved by SECO/OPTEE, causing suspend-time crashes unless page 0 is protected; a new state variable no_page0 tracks external reservations, and sus...

CVE-2025-39732

CVE-2025-39732: In the Linux kernel, the ath11k driver slept in an atomic context during ieee80211_iterate_stations_atomic() via ath11k_mac_disable_peer_fixed_rate(), triggering a BUG: sleeping function called from invalid context. The issue is fixed by switching the iteration to ieee80211_iterat...

CVE-2025-39748

CVE-2025-39748 - Linux kernel BPF verifier issue (JSET) patched Root cause: A verifier range refinement bug after JSET could produce inconsistent register bounds on an unreachable path, due to not forgetting ranges after narrowing tnums post-JSET. Impact: Local access to kernel may be affected; C...

CVE-2025-39754

CVE-2025-39754: Linux kernel race in mm/smaps between smaps_hugetlb_range and migration. The vulnerability arises when smaps_hugetlb_range() handles the page table without holding the ptl, racing with migration and potentially triggering a BUG_ON in pfn_swap_entry_to_page(). The fix is to hold th...

CVE-2025-39829

CVE-2025-39829 is a Linux kernel issue in the trace/fgraph path. The vulnerability arises from a notifier that is not unregistered after a failed start_graph_tracing, causing a repeated warning when writing to function_profile_enabled. The connected Nessus entries confirm the concrete details: th...

CVE-2025-39875

CVE-2025-39875: Linux kernel igb driver NULL pointer dereference during ethtool loopback test due to missing q_vector for test ring. The fix adjusts the __xdp_rxq_info_reg() call by using 0 as napi_id (since napi_id isn't needed after commit 5ef44b3cb43b), preventing NULL dereferences when ethtoo...

CVE-2025-39899

CVE-2025-39899 concerns the Linux kernel mm/userfaultfd path where, on 32-bit ARM with CONFIG_HIGHPTE, move_pages_pte() maps PTE pages using kmap_local_page() and must unmap them in LIFO order. The current code unmapped dst_pte then src_pte in the same sequence, violating LIFO and triggering a ku...

CVE-2025-39907

Technical details about CVE-2025-39907 are not publicly provided in the supplied connected documents. Monitor for updates from vendors/security advisories; the initial description mentions a Linux kernel fix related to overlapping ECC buffer mappings in stm32_fmc2.

CVE-2025-39916

CVE-2025-39916 affects the Linux kernel DAMON subsystem (mm/damon/reclaim). The issue is a divide-by-zero in the calculation of min_age_region when creating a new DAMON_RECLAIM scheme, where aggr_interval is used as the divisor. The documented fix directly returns -EINVAL in this case, preventing...

CVE-2025-39918

CVE-2025-39918 is a Linux kernel issue affecting the wifi mt76 driver: fix for linked list corruption caused by not leaving scheduled wcid entries on the temporary on-stack list. Multiple advisories (AlmaLinux/Rocky/Oracle Linux) reference this CVE among kernel issues; the available documents des...

CVE-2025-39927

CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...

CVE-2025-39931

The CVE-2025-39931 entry concerns the Linux kernel crypto/af_alg subsystem. The vulnerability occurs in af_alg_sendmsg: if an error causes the call to abort, ctx->merge may contain a garbage value from the previous loop, which can trigger a crash on the next entry into af_alg_sendmsg when atte...

CVE-2025-39966

CVE-2025-39966 (Linux kernel, iommufd) : A race during abort for file descriptors could cause a use-after-free when the object is freed while a file’s private_data references it. The bug arises because fput() defers release() to a workqueue; ifAbort allocation fails before installing the file, th...

CVE-2025-40149

CVE-2025-40149 affects the Linux kernel TLS path: get_netdev_for_sock() could trigger a use-after-free if sk_dst_get(sk)->dev is used during setsockopt(). The fix replaces sk_dst_get() with __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(), and notes that the only user of ->ndo_sk_g...

CVE-2025-68340

CVE-2025-68340 (Linux kernel): A race/logic sequencing issue in the team device code can hang when adding a port device (e.g., gre0) configured as UP. Root cause: moving team_dev_type_check_change to after subsequent checks caused header_ops to switch from eth_header to ipgre_header mid-execution...

CVE-2025-71094

CVE-2025-71094: In the Linux kernel, the ASIX USB Ethernet driver (net: usb: asix) could read an invalid PHY address from a USB device (address >= PHY_MAX_ADDR), triggering a warning in mdiobus_get_phy. The fix validates the PHY address in asix_read_phy_addr() and removes the now-redundant che...

CVE-2025-71104

The CVE-2025-71104 entry concerns the Linux kernel KVM on x86 with the HV timer. Root cause: when advancing the guest APIC timer expiration in periodic mode, adding a period to a past target expiration can create an unbounded sequence of hrtimer IRQs; if the guest is paused, this can trigger host...

CVE-2025-71143

CVE-2025-71143 concerns a Linux kernel issue in clk: samsung: exynos-clkout where .num was initialized after .hws[] was accessed, triggering UBSAN_BOUNDS warnings. The fix moves the .num initialization before the first access of .hws[] (as noted in commit f316cdff8d67 and related annotations) to ...

CVE-2025-71188

CVE-2025-71188 affects the Linux kernel DMA engine path for the lpc18xx-dmamux component, where a reference leak to the platform device during route allocation could occur. The fix drops the reference after looking up the DMA mux platform device, mitigating the leak. OSV entries show Root:Ubuntu ...

CVE-2025-71221

CVE-2025-71221: The Linux kernel mmp_pdma driver contained a race in mmp_pdma_residue() that could cause use-after-free when descriptors are freed while tx_status() iterates the descriptor list. The race occurs as CPU0 unwinds the descriptor list without proper locking while CPU1's tasklet can fr...

CVE-2026-23005

CVE-2026-23005 is a Linux kernel issue where XSTATE_BV bits for features disabled by XFD can be out of sync with XFD during guest XSAVE/XRSTOR handling. The fix clears XSTATE_BV[i] when XFD[i]=1 during KVM_SET_XSAVE loading of guest state and related WRMSR updates, preventing XRSTOR from #NM and ...

CVE-2026-23013

CVE-2026-23013 pertains to the Linux kernel: in the octeon_ep_vf IRQ handling, the rollback path frees IRQs with a mismatched dev_id, using the literal 'oct' instead of the original ioq_vector. This can leave irqaction registrations alive, causing a use-after-free or crash when the interrupt fire...

CVE-2026-23084

CVE-2026-23084 affects the Linux kernel be2net driver. The vulnerability arises when be_cmd_get_mac_from_list() is called with pmac_id_valid == false and pmac_id == NULL, which can cause a NULL pointer dereference. The fix, per the description, is to pass the address of a stub variable to the fun...

CVE-2026-23088

CVE-2026-23088 affects the Linux kernel tracing subsystem. The issue arises when a synthetic event reuses an existing synthetic event’s stacktrace field, leading to a kernel crash (crash/NULL pointer dereference) when enabling linked synthetic events. The root cause is how the stacktrace field is...

CVE-2026-23091

CVE-2026-23091 concerns the Linux kernel intel_th subsystem, where a device-leak was reported during output open(). The description states to drop the reference taken when looking up the th device on errors and on close(). It notes that a recent commit fixed the leak in some open() error paths bu...

CVE-2026-23130

CVE-2026-23130 pertains to the Linux kernel’s ath12k wireless driver and describes a deadlock in flushing management frames. The issue arises after a commit converted the management transmission work item into a wiphy work, which must run under wiphy lock protection; if a management frame is queu...