Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/03/25 10:27 a.m.29 views

CVE-2026-23315

The CVE affects the Linux kernel mt76 wifi driver (mt76_connac2_mac_write_txwi_80211). The root cause is that the function could perform an out-of-bounds access by not validating the frame length before accessing management fields, including mgmt->u.action.u.addba_req.capab. This could enable ...

7.1CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.29 views

CVE-2026-23448

Vulnerability summary (CVE-2026-23448). In the Linux kernel, the net: usb: cdc_ncm path has a bounds-check defect related to NDP16/DPE16 processing. The function cdc_ncm_rx_verify_ndp16() correctly accounts for the NDP offset in the first check, but the second check ignores ndpoffset when validat...

7.8CVSS5.9AI score0.00129EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.29 views

CVE-2026-31420

CVE-2026-31420 affects Linux kernel bridge MRP interval handling. Vulerability arises when br_mrp_start_test/br_mrp_start_in_test accept a user-supplied interval from netlink with no validation; if interval is 0, the delay becomes zero and a tight loop can exhaust memory, causing an OOM kernel pa...

5.5CVSS5.7AI score0.00091EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.29 views

CVE-2026-31509

CVE-2026-31509 affects the Linux kernel NFC NCI subsystem. The vulnerability stems from nci_close_device() flushing rx_wq and tx_wq while holding req_lock, creating a circular locking dependency with nci_rx_work() and related paths. The fix moves the rx_wq flush to after req_lock is released, rel...

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.29 views

CVE-2026-31516

The CVE-2026-31516 relates to the Linux kernel XFRM subsystem. A race occurs during net namespace teardown when a work item (policy_hthresh.work) queued by XFRM_MSG_NEWSPDINFO may run after the netns is freed, allowing xfrm_hash_rebuild() to dereference a freed struct net (potential use-after-fre...

7.8CVSS5.6AI score0.00099EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.29 views

CVE-2026-31530

The CVE-2026-31530 entry is backed by concrete details in the connected documents: in the Linux kernel’s cxl subsystem, the vulnerability stems from a use-after-free of parent_port during cxl_detach_ep() when removing CXL memory devices. The root cause is the absence of a lifetime guarantee betwe...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.29 views

CVE-2026-31570

CVE-2026-31570 relates to the Linux kernel CAN gateway module. The vulnerability is an OOB heap access in cgw_csum_crc8_rel(), caused by looping and writing using raw s8 indices (from_idx/to_idx/result_idx) instead of the precomputed bounds-safe values (from/to/res). calc_idx() yields bounds-safe...

8.8CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.29 views

CVE-2026-31588

CVE-2026-31588 concerns the Linux kernel KVM MMIO handling bug where an MMIO write that spans multiple pages could reference on‑stack data, enabling a use‑after‑free path. The root cause is an internal temporary variable path during complete_emulated_mmio when emulated MMIO writes cross page boun...

8.8CVSS5.6AI score0.00128EPSS
CVE
CVE
added 2026/04/30 10:34 a.m.29 views

CVE-2026-31692

In The Linux kernel, CVE-2026-31692 affects the rtnetlink path: the peer namespace CAP_NET_ADMIN check is missing in rtnl_newlink() when creating paired devices (e.g., veth, vxcan, netkit). This enables an unprivileged user with a user namespace to create interfaces in arbitrary network namespace...

5.5CVSS5.6AI score0.00119EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.29 views

CVE-2026-31762

CVE-2026-31762 affects the Linux kernel iio gyro mpu3050 driver. The root cause is an IRQ resource leak: during iio_trigger_register() failure, the interrupt handler is not properly released, leading to unreleased IRQ resources. The patch adds a cleanup goto to release the handler on error. Affec...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.29 views

CVE-2026-43023

CVE-2026-43023 affects the Linux kernel Bluetooth SCO path. A race condition in sco_sock_connect() allows two concurrent connect() attempts on the same socket to bypass locks, leading to use-after-free and potential socket/state corruption (BT_OPEN -> BT_CONNECT with zombie sk). The issue is d...

7.8CVSS5.8AI score0.00097EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.29 views

CVE-2026-43107

CVE-2026-43107 concerns the Linux kernel xfrm subsystem. The root cause is that xfrm_aevent_msgsize() did not reserve space for XFRMA_IF_ID, causing build_aevent() to fail with -EMSGSIZE and potentially trigger a kernel panic via a malformed netlink interaction when if_id is set. The fix uncondit...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.29 views

CVE-2026-43323

CVE-2026-43323 refers to a Linux kernel scheduler flaw in the fair scheduling component where zero_vruntime tracking could become inconsistent under certain conditions (e.g., frequent yield and multi‑cgroup scenarios). The linked sources describe a specific scenario with two runnable tasks exchan...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.29 views

CVE-2026-43471

Summary (mode C): The CVE-2026-43471 issue affects the Linux kernel’s SCSI UFS core, specifically a NULL pointer dereference in ufshcd_add_command_trace() when hwq is NULL, which can occur if ufshcd_mcq_req_to_hwq() returns NULL. A patch adds a NULL check for hwq before accessing hwq->id to pr...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/13 3:8 p.m.29 views

CVE-2026-43476

CVE-2026-43476 affects the Linux kernel’s IIO sensor driver for SPS30 (iio: chemical: sps30_i2c). The root cause is a faulty buffer size calculation in sps30_i2c_read_meas() where sizeof(num) yields sizeof(size_t) (8 bytes on 64-bit) instead of the intended 4-byte __be32 element size; the fix use...

7.8CVSS5.9AI score0.00121EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.29 views

CVE-2026-45848

The CVE-2026-45848 issue affects the Linux kernel AppArmor component, where NULL sock or sock-sk can occur during socket setup/teardown, potentially causing a NULL pointer dereference and a kernel oops (DoS) for af_unix sockets. Root cause is dereferencing NULL during socket operations; impact is...

5.5CVSS5.7AI score0.0016EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.29 views

CVE-2026-45867

The CVE-2026-45867 issue affects the Linux kernel power_supply subsystem (act8945a) and is caused by a race condition: requesting the IRQ with the devm_ path before the devm_ path that registers the power_supply handle can lead to use-after-free when the IRQ fires after the power_supply object is...

7.8CVSS5.8AI score0.00164EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.29 views

CVE-2026-45916

CVE-2026-45916 affects the Linux kernel power_supply (sbs-battery) driver. The issue is a race between IRQ handling and power_supply handle lifecycle: requesting IRQ with devm_ before allocating/registering the power_supply handle can cause an interrupt after the handle is freed but before IRQ un...

7.8CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.29 views

CVE-2026-45918

CVE-2026-45918 concerns a race condition in the Linux kernel related to OpenVPN TCP handling. When a peer is kept alive and later removed, the kernel temporarily places the peer in a release list and detaches from the socket by restoring its proto and socket callbacks. If userspace closes the soc...

5.5CVSS5.9AI score0.00163EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.29 views

CVE-2026-45928

CVE-2026-45928 relates to the Linux kernel media driver (chips-media wave5). In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is kzalloc()-ed; if the subsequent allocation for inst->codec_info fails, the error path returns -ENOMEM without freeing the previously allocated vpu, c...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.29 views

CVE-2026-45944

CVE-2026-45944 affects the Linux kernel IOMMU VT-d. During context-entry teardown, the implementation zeros a 128‑bit entry in two 64‑bit writes, risking a torn entry where the Present bit remains set while other fields are zeroed, potentially causing unpredictable behavior or spurious faults. Th...

7.5CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.29 views

CVE-2026-45982

CVE-2026-45982 concerns the Linux kernel ACPICA component, specifically a NULL pointer dereference in the function acpi_ev_address_space_dispatch(). The issue arises from a missed execution path due to an incomplete check, which could be exploited locally (as indicated by the CVSS vector and Red ...

5.5CVSS5.9AI score0.0013EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.29 views

CVE-2026-45995

A CVE-2026-45995 has been resolved in the Linux kernel for a local, low-privilege UAF issue in io_uring zcrx handling (io_free_rbuf_ring with a user_struct, freed by io_zcrx_ifq_free before ring destruction). The advisory for openSUSE Tumbleweed indicates the fix is delivered via kernel-devel-7.0...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.29 views

CVE-2026-46019

CVE-2026-46019 concerns the Linux kernel crypto/atmel-aes path. The issue: atmel_aes_buff_init() allocates 4 pages (ATMEL_AES_BUFFER_ORDER) but atmel_aes_buff_cleanup() frees only the first page via free_page(), leaking 3 pages. Resolution: use free_pages() with ATMEL_AES_BUFFER_ORDER to properly...

5.5CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.29 views

CVE-2026-46028

CVE-2026-46028 — Linux kernel crypto/AF_ALG: per‑request IV storage for async AEAD . The vulnerability occurs in AF_ALG AEAD async requests that previously reused a socket‑wide IV buffer during processing, allowing later socket activity to modify the shared IV before the original request finished...

5.5CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.29 views

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

8.2CVSS5.7AI score0.00433EPSS
CVE
CVE
added 2026/05/27 12:57 p.m.29 views

CVE-2026-46051

CVE-2026-46051 affects the Linux kernel's MD RAID5 path. The vulnerability arises when retry_aligned_read() encounters an overlapped stripe and releases it via raid5_release_stripe(), placing it on the released_stripes list. In a subsequent raid5d loop, release_stripe_list() drains the stripe ont...

5.5CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/05/27 12:57 p.m.29 views

CVE-2026-46055

CVE-2026-46055 affects the Linux kernel AppArmor LSM. The issue is a missing string terminator in aa_dfa_match, causing a slab-out-of-bounds read/write during path mounting on ARM64 Ubuntu 26.04 with Linux 7.0-rc4 (Snapdragon X1). Reported impact includes potential DoS or information disclosure. ...

7.1CVSS5.9AI score0.0015EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.29 views

CVE-2026-46077

CVE-2026-46077 involves a Linux kernel crypto module (atmel-tdes) where DMA sync direction was incorrect. The issue occurs when DMA output was consumed by the CPU and the address_out was not synced with the CPU correctly, risking stale data on non‑coherent platforms. The published fixes switch to...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.29 views

CVE-2026-46080

CVE-2026-46080 : In the Linux kernel, the ocfs2 code path is fixed to prevent credit-exhaustion during direct I/O (dio) by splitting transactions in dio completion and batching extent handling. The patch relocates removing inodes from the orphan list until the extent tree update completes, reduci...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.29 views

CVE-2026-46081

CVE-2026-46081 is a Linux kernel vulnerability in the crypto/acomp subsystem. The issue arises when an asynchronous hardware implementation (e.g., QAT) completes a request using the DMA virtual address interface, causing acomp_save_req() to store a pointer to the wrong object in req->base.data...

7.8CVSS5.8AI score0.00166EPSS
CVE
CVE
added 2026/05/27 12:59 p.m.29 views

CVE-2026-46103

CVE-2026-46103 affects the Linux kernel, specifically the USB stack where can: ucan fixes the devres lifetime. The root cause is that resources bound to USB interfaces were not guaranteed to outlive the parent USB device, leading to memory leaks when drivers unbind (e.g., during probe deferrals o...

5.5CVSS5.9AI score0.00114EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46108

In the Linux kernel, CVE-2026-46108 affects the ipmi:si path where a failure to allocate a message could leave the driver in a bad state. The root cause is insufficiently returning to normal operation after allocation fails, which can impact availability (local access, low privileges). The vulner...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46118

CVE-2026-46118 concerns the Linux kernel component pseries/papr-hvpipe, where a null pointer dereference could occur in papr_hvpipe_dev_create_handle() after changing to FD_PREPARE. The root cause described across sources is that src_info is reused post-retain_and_null_ptr when adding to a global...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46120

Concrete details found: CVE-2026-46120 affects the Linux kernel ip6_gre machinery. The issue is in ip6erspan_changelink(), which wrongly uses dev_net(dev) instead of the correct per-netns hash resolved by link_net, after a patch series that fixed per-netns resolution in ip6erspan_newlink(). This ...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46126

CVE-2026-46126 affects the Linux kernel RDMA/mana component. The issue stems from the error unwind flow in mana_ib_create_qp_rss() cleanup of the Work Queue (WQ) table, leading to improper resource cleanup. Reports identify two bugs: (1) a double i-- in the first failure path of the unwinding loo...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46143

The CVE-2026-46143 issue affects the Linux kernel’s ASoC component, specifically qcom: q6apm-lpass-dai. Root cause: prepare may be invoked multiple times, causing multiple graph opens in the playback path and resulting memory leaks. Mitigation in the public documents is a patch that adds a check ...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46148

CVE-2026-46148 concerns the Linux kernel’s microchip-core-qspi driver where the built-in chip select could be driven active when multiple devices share the QSPI controller, potentially conflicting with GPIO-based CS. The provided records confirm a concrete fix: the driver now controls chip select...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46156

CVE-2026-46156 affects the Linux kernel LoongArch implementation, specifically loongson_gpu_fixup_dma_hang(), where the code may read device registers using an incorrect base (base+PCI_DEVICE_ID) when a discrete GPU is present. This causes ADE and can trigger a kernel panic, leading to local DoS....

5.5CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46163

CVE-2026-46163 concerns the Linux kernel wifi subsystem (b43legacy) where a firmware-controlled key index in b43legacy_rx() could exceed dev->max_nr_keys, allowing an out-of-bounds read of dev->key[]. The fix makes the bounds check enforcing by dropping frames with invalid indices. Patches ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

7.8CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/05/28 9:41 a.m.29 views

CVE-2026-46239

CVE-2026-46239 affects the Linux kernel media: i2c: ov5647 driver. Concrete issue: three control paths (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) return early without pm_runtime_put(), leaking runtime PM references. The patch changes these cases from return to a ret = ... break pattern to ensure pm...

5.5CVSS5.8AI score0.00105EPSS
CVE
CVE
added 2026/06/08 3:41 p.m.29 views

CVE-2026-46287

CVE-2026-46287 concerns the Linux kernel net: txgbe driver. The issue occurs on copper NICs with external PHY where phylink_connect_phy() is called during probe and phylink_disconnect_phy() during removal, triggering an RTNL assertion warning on module removal. The root cause is lack of proper RT...

5.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/06/08 3:41 p.m.29 views

CVE-2026-46288

CVE-2026-46288 (Linux kernel). The issue is a use-after-free in unittest changeset handling of device-tree nodes: a pointer (parent) shares the same struct device_node as nchangeset, and of_node_put(nchangeset) can drop the refcount to zero while code still uses parent to inspect properties, lead...

8.4CVSS5.5AI score0.0014EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.29 views

CVE-2026-46290

The CVE-2026-46290 issue in Linux kernels’ x86 EFI runtime handling was fixed by replacing in_interrupt() with !in_task() to preserve interrupt/NMI fault handling without being affected by the FPU softirq path. Root cause: kernel_fpu_begin() uses fpregs_lock() with local_bh_disable(), setting SOF...

5.5CVSS5.4AI score0.00121EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.29 views

CVE-2026-46295

CVE-2026-46295 involves the Linux kernel KVM/x86 interrupt handling fix. The patch ensures IRR is scanned via __kvm_apic_update_irr even when PIR is empty, falling back to apic_find_highest_vector() when PID.ON is set but PIR is empty, so the highest pending interrupt is reported from the existin...

5.5CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.29 views

CVE-2026-46305

CVE-2026-46305 affects the Linux kernel, specifically the staging/rtl8723bs path. The issue arises when kzalloc_flex()’s return value is used without checking for allocation failure, leading to a potential NULL pointer dereference when accessing the allocated structure. The fix guards access to t...

5.5CVSS5.4AI score0.001EPSS
CVE
CVE
added 2026/06/08 3:50 p.m.29 views

CVE-2026-46311

CVE-2026-46311 (Linux kernel) involves the drm/amdgpu/userq path where access to a stale wptr mapping could occur during queue creation. The root cause is improper locking when accessing the mapping data, risking unmapping of wptr_obj while a queue is in progress and another BO is at the same add...

7.8CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2026/06/08 3:50 p.m.29 views

CVE-2026-46314

CVE-2026-46314 affects the Linux kernel drm/v3d path. A local attacker can craft a self-referential multisync extension with in_sync_count=0 and out_sync_count=0, causing an infinite loop in v3d_get_extensions() because the existing guard (if (se->in_sync_count || se->out_sync_count)) never...

5.5CVSS5.4AI score0.00115EPSS
CVE
CVE
added 2026/06/09 12:36 p.m.29 views

CVE-2026-46332

The CVE-2026-46332 issue affects the Linux kernel Greybus subsystem (gb-beagleplay) where cc1352_bootloader_rx() appends serdev data into a fixed rx_buffer without validating the chunk size against remaining space. This can allow an overflow when multiple packets arrive in one callback, leading t...

8CVSS5.6AI score0.00193EPSS
Total number of security vulnerabilities14330