CVE-2023-53406

The CVE-2023-53406 issue affects the Linux kernel’s USB gadget code (pxa25x_udc), where using debugfs_lookup() without balancing dput() could leak memory over time. The advisory describes the root cause as a memory-leak condition and recommends replacing the pattern with debugfs_lookup_and_remove...

CVE-2023-53410

CVE-2023-53410 (Linux kernel) : The issue is a memory leak in USB ULPI related to using debugfs_lookup() without proper dput() on the result. The recommended remediation is to replace the call with debugfs_lookup_and_remove(), which handles lookup and cleanup in one step. Affected context and ref...

CVE-2023-53428

CVE-2023-53428 affects the Linux kernel powercap subsystem, specifically the arm_scmi implementation. The issue arises when powercap zones are retrieved from platforms and registered in a hierarchical tree; the current recursive walk can cause kernel stack overflow for large trees. The fix replac...

CVE-2023-53438

CVE-2023-53438 : In the Linux kernel, the AMD Zen IF poison error path could misclassify context due to non-synchronous delivery of poison by the IF unit. The issue is mitigated by adding a quirk to always save the Code Segment (CS) register when poison is consumed from the IF unit banks, ensurin...

CVE-2023-53447

CVE-2023-53447 affects the Linux kernel's f2fs: remount() may reset the READ_EXTENT_CACHE mount option, creating a race with fallocate() that can trigger a NULL pointer dereference under extent_cache locks. Root cause is a race between remount and fallocate due to default_options panel updating o...

CVE-2023-53516

The CVE-2023-53516 entry corresponds to a Linux kernel macvlan netlink policy issue. A new attribute IFLA_MACVLAN_BC_CUTOFF was added, but the nla_policy in macvlan_policy (drivers/net/macvlan.c) was not described, allowing a 4-byte integer (NLA_S32) to be faked as empty and potentially cause an ...

CVE-2023-53552

CVE-2023-53552 affects the Linux kernel DRM i915 component, specifically marking requests for GuC virtual engines to prevent use-after-free across sync_file/dma-buf handling. The underlying issue is that i915_requests could be trapped by userspace and held across processes, creating a memory-leak...

CVE-2023-53606

The CVE-2023-53606 issue concerns the Linux kernel nfsd COPY codepath, where potential refcount leaks of nfsd_file could occur in COPY codepaths (embedded and async copies). The embedded nfsd4_copy cleanup is updated to always release nfsd_file refs before nfsd4_copy returns, and cleanup_async_co...

CVE-2023-53681

CVE-2023-53681 concerns a bug in the Linux kernel’s bcache subsystem. According to connected sources, in some scenarios the return value of __bch_btree_node_alloc may be NULL, which could lead to a potential NULL pointer dereference in the caller chain (examples mention btree_split, __bch_btree_n...

CVE-2023-54321

CVE-2023-54321: Linux kernel driver core path (device_add) fix for a null pointer dereference in the error path. If dev->driver is set and bus_remove_device() is invoked before the device is bound, access to dev->p->knode_driver can dereference a NULL pointer. The fix is to clear dev-&gt...

CVE-2025-38327

The CVE-2025-38327 issue concerns the Linux kernel function graph tracing (fgraph) when the funcgraph-args option is used. The root cause described across provided documents is that if function_graph tracing is enabled while funcgraph-args is set, it may be incorrectly re-enabled and then unregis...

CVE-2025-38432

CVE-2025-38432 relates to the Linux kernel netpoll path, where the UDP checksum field (udph->check) was not initialized before checksumming. This followed a commit (f1fce08e63fe) that eliminated a redundant initialization, which inadvertently broke IPv6 netpoll transmission due to incorrect ch...

CVE-2025-38433

CVE-2025-38433 concerns a Linux kernel issue on riscv nommu kernels where the function __runtime_fixup_32 fails to handle a zero-valued upper 32 bits during patching, potentially producing garbage in the pointer’s upper half and causing a kernel panic when accessed. The fixed logic adjusts the co...

CVE-2025-38554

CVE-2025-38554 in the Linux kernel describes a use-after-free (UAF) involving VMAs: if vma->mm is freed after vma->vm_refcnt has dropped, a recycled VMA could be mishandled, leading to UAF. The race can occur when VMAs are recycled under RCU (with SLAB_TYPESAFE_BY_RCU) and lock_vma_under_rc...

CVE-2025-38731

CVE-2025-38731: In the Linux kernel, the drm/xe driver fixes a double-free in xe_vm_bind_ioctl when an array bind argument check fails. The bug freed bind_ops twice; the fix nulls bind_ops after freeing to prevent a second free. Root cause: double-free in xe_vm_bind_ioctl+0x1b2/0x21f0 (KASAN repo...

CVE-2025-39708

CVE-2025-39708 affects the Linux kernel media: iris component; the issue is a potential NULL pointer dereference in iris_hfi_gen2_handle_system_error where an argument could be null. The fix adds a null check before accessing members. Base CVSS v3.1 is 5.5 (MEDIUM), with local attack vector and l...

CVE-2025-39793

Summary (CVE-2025-39793): In the Linux kernel io_uring/memmap path, the vulnerability arises when allocating memory where nr_pages may overflow during a shift if the size exceeds UINT_MAX. The root cause is failure to cast mr->nr_pages to size_t before shifting, which could allow overflow and ...

CVE-2025-39839

CVE-2025-39839 (Linux kernel) : In batman-adv network-coding decode, batman-adv NC code decodes skb data by XORing with coded_len without verifying the source skb length, only checking payload against destination skb length. This can produce a local out-of-bounds read and a small out-of-bounds wr...

CVE-2025-39868

CVE-2025-39868 describes a Linux kernel vulnerability where a runtime warning (WARN_ON_ONCE) could be triggered during unmount due to how erofs (and related DAX entries) were handled. The root cause, as noted in the description, is a fix introduced by commit 0e2f80afcfa6 that added WARN_ON_ONCE t...

CVE-2025-39875

CVE-2025-39875: Linux kernel igb driver NULL pointer dereference during ethtool loopback test due to missing q_vector for test ring. The fix adjusts the __xdp_rxq_info_reg() call by using 0 as napi_id (since napi_id isn't needed after commit 5ef44b3cb43b), preventing NULL dereferences when ethtoo...

CVE-2025-39905

The CVE-2025-39905 issue affects the Linux kernel phylink path: the race arises from phylink_resolve() manipulating pl->phydev under pl->state_mutex, creating a lock-order inversion with pl->phydev->lock. The fix introduces an explicit lock to serialize concurrent writes to pl->phy...

CVE-2025-39914

CVE-2025-39914 affects the Linux kernel tracing subsystem. The issue occurs when a fault injection triggers a failure during chunk allocation in trace_pid_list_alloc, causing trace_pid_list_set to fail and potentially trigger a double registration of the same tracepoint (tracepoint_add_func). The...

CVE-2025-39948

The CVE-2025-39948 issue is in the Linux kernel ice driver’s RX path for multi-buffer/XDP frames. A zero-size descriptor could cause ice_put_rx_mbuf() to skip a buffer, preventing ice_put_rx_buf() and leaving a stale page in the RX ring. This could break page reuse/free logic (ice_reuse_rx_page) ...

CVE-2025-71085

The CVE-2025-71085 issue is a Linux kernel vulnerability: an oops/BUG_ON occurs in skb handling within calipso_skbuff_setattr() when headroom grows beyond INT_MAX, due to an implicit cast in __skb_cow() and a delta calculation that can become negative. The root cause is an integer overflow path t...

CVE-2025-71087

CVE-2025-71087: Linux kernel iavf RSS configuration fix for off-by-one in iavf_config_rss_reg(). The issue caused out-of-bounds reads/writes when configuring RSS hash key/lookup table due to loop bounds using <= with rss_key_size/rss_lut_size; the fix switches to < to enforce proper bounds....

CVE-2025-71107

CVE-2025-71107: In Linux kernel F2FS, a race allows f2fs_put_super() to run before all node-page reads complete, causing an apparent filesystem reference-count leak during unmount (kernel.c fs/f2fs/super.c:1939). Mitigation: upstream patch adds f2fs_wait_on_all_pages() for F2FS_RD_NODE to ensure ...

CVE-2025-71112

The CVE-2025-71112 entry concerns the Linux kernel net/hns3 VLAN handling. A VLAN ID may be used without validation when receiving a VLAN configuration mailbox from a VF, because vlan_del_fail_bmap length (BITS_TO_LONGS(VLAN_N_VID)) can permit out-of-bounds access if the VLAN ID is >= VLAN_N_V...

CVE-2025-71119

CVE-2025-71119 affects the Linux kernel. The vulnerability arises in powerpc/kexec where, if SMT is disabled or in partial SMT state, loading a new kernel image for kexec and rebooting can trigger a warning (Waking offline cpu) because add_cpu() fails when cpu_bootable() rejects CPUs due to cpu_s...

CVE-2025-71138

CVE-2025-71138 pertains to the Linux kernel DRM MSM DPU, where a missing NULL pointer check for the pingpong interface was fixed. The vulnerability is addressed by upstream patch 693860, with the issue occurring in dpu_encoder_phys_wb_setup_ctl() and related code paths. Affected environments refe...

CVE-2025-71141

CVE-2025-71141 (Linux kernel) affects the DRM tilcdc path. The root cause was that drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() were invoked unconditionally in tilcdc_fini(), even when the device failed to register, causing probe-time warnings. The fix rewrites the failed probe cle...

CVE-2025-71189

Technical details for CVE-2025-71189 are not provided in the connected documents; the available sources only reference the vulnerability and fix at a high level. Monitor for updates.

CVE-2025-71234

CVE-2025-71234: Linux kernel rtl8xxxu slab-out-of-bounds in rtl8xxxu_sta_add fixed by setting hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during probe to correctly allocate per-station data. Issue caused mac80211 to access sta->drv_priv beyond allocated space; KASAN showed a slab-...

CVE-2025-71235

CVE-2025-71235 : Linux kernel, scsi: qla2xxx driver. The issue arises when a module unload is issued while a fabric scan is in progress, causing a crash due to freeing memory in interrupt context (dma_free_attrs) after the UNLOADING flag is set and a scheduled work item cannot be allocated. Root ...

CVE-2025-71301

CVE-2025-71301 affects the Linux kernel DRM shmem test code. The root cause is that the GEM object reservation lock was not consistently held during vmap and vunmap, which led to warnings and potential instability. The published fixes acquire and release the reservation lock around vmap and vunma...

CVE-2026-23002

CVE-2026-23002 affects the Linux kernel’s buildid path. The fix switches the sleepable context reader to use __kernel_read() for reading file data instead of direct page cache access via read_cache_folio(), reducing the risk of a NULL pointer dereference in filemap_read_folio. The patch keeps exi...

CVE-2026-23012

CVE-2026-23012 affects the Linux kernel (mm/damon/core): a use-after-free in damon_call_control handling when a DAMON context is inactive. If damon_call() runs against a non-running context, the call returns an error but the damon_call_control object remains linked to the context’s call_controls ...

CVE-2026-23068

CVE-2026-23068 (Linux kernel) : The spi-sprd-adi driver could double-free the spi_controller on probe failure due to using spi_alloc_host() with devm_spi_register_controller(), then falling through to spi_controller_put() when a restart handler registration failed. The fix switches to devm_spi_al...

CVE-2026-23080

Technical details for CVE-2026-23080 are not provided in the connected documents. The sources reference the CVE in advisories (e.g., USN entries) but do not include product/vendor/component/version, root cause, impact, or fix specifics. Monitor for updates.

CVE-2026-23083

CVE-2026-23083 is a Linux kernel vulnerability affecting FOU (IPv4/IPv6 over UDP) handling, where setting FOU_ATTR_IPPROTO to 0 could leave the skb unfreed in fou_udp_recv() and not retried in ip_protocol_deliver_rcu(). The fix suppresses 0 for FOU_ATTR_IPPROTO and applies upstream patching to pr...

CVE-2026-23089

CVE-2026-23089 is a Linux-kernel issue in ALSA USB-audio: use-after-free in snd_usb_mixer_free() when mixer creation fails, causing freed mixer control memory to be referenced by callbacks during card registration. The connected advisories confirm the root cause and state the fix is to remove all...

CVE-2026-23093

Summary (CVE-2026-23093) : In the Linux kernel, the ksmbd: smbd DMA unmapping path uses dma_unmap_sg() with a different number of entries than dma_map_sg(), which is the root cause of the vulnerability. The fix ensures dma_unmap_sg() is called with the same nents as dma_map_sg(). According to the...

CVE-2026-23099

CVE-2026-23099 (bonding: limit BOND_MODE_8023AD to Ethernet devices) is addressed in the Linux kernel, preventing use of BOND_MODE_8023AD on non-Ethernet devices. The issue, observed in bonding/low-level MAC address handling, can cause out-of-bounds memory access when enslaving or configuring net...

CVE-2026-23110

CVE-2026-23110 relates to the Linux kernel SCSI core: Wake up the error handler when final completions race against each other. The description identifies two race conditions that can prevent the error handler from waking up, potentially leaving I/O in the error state. Root causes are memory-orde...

CVE-2026-23113

CVE-2026-23113 affects the Linux kernel io-uring/io-wq component. The issue stems from not checking IO_WQ_BIT_EXIT in the io_worker_handle_work() loop, causing long exits when processing large pending reads (e.g., 2GB reads from /dev/msr* with >16MB per read). Evidence in the advisory shows th...

CVE-2026-23119

The CVE-2026-23119 issue in the Linux kernel concerns the bonding driver where a net pointer was not always provided to __skb_flow_dissect() after plumb­ing the network namespace. The lack of a valid net pointer (via skb->dev, skb->sk, or a user pointer) allowed a syzbot-created bare skb to...

CVE-2026-23129

Technical details for CVE-2026-23129 are not publicly available in the provided documents. The materials note a fix in Linux kernel dpll duplicate registrations and enforcing a single registration, but no further technical specifics are included. Monitor vendor advisories for updates.

CVE-2026-23133

Technical details for CVE-2026-23133 are not publicly provided in the connected documents; the Ubuntu advisories reference it among others but do not expose affected product, impact, or patch specifics. Monitor for updates.

CVE-2026-23155

CVE-2026-23155 affects the Linux kernel; it fixes a gs_usb_receive_bulk_callback path in can: gs_usb by correcting error messaging and resubmission handling. The patch adds null initialization for netdev when reads are short and未assigned, and reports the failed resubmit error value. This is a loc...

CVE-2026-23161

CVE-2026-23161 affects the Linux kernel's mm/shmem, swap handling. The bug stems from a race between truncate and swap entry split: the code uses xa_get_order without lock protection to determine the swap entry order and then calls xa_cmpxchg_irq, which can use an outdated order if the entry was ...

CVE-2026-23164

CVE-2026-23164 affects the Linux kernel rocker subsystem. The root cause is a memory leak: rocker_world_port_pre_init() allocates rocker_port->wpriv with kzalloc, but rocker_world_port_post_fini() frees it only if wops->port_post_fini is set. Since rock­er_ofdpa_ops provides port_post_fini ...