Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/09/19 3:26 p.m.28 views

CVE-2025-39861

CVE-2025-39861 (Linux kernel) : A Bluetooth vulnerability in vhci can cause use-after-free when accessing debugfs files. The fix moves debugfs file creation into a dedicated function and ensures all debugfs files (e.g., force_suspend, force_wakeup) are removed during vhci_release() before freeing...

7.8CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.28 views

CVE-2025-39862

The CVE-2025-39862 entry pertains to the Linux kernel WiFi driver mt76/mt7915, where list corruption could occur after hardware restart. The identified fix clears all WCID-related lists and resets each wcid entry (wcid->sta = 0) before ieee80211_restart_hw, ensuring stations aren’t re-added pr...

7.8CVSS6.2AI score0.00133EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.28 views

CVE-2025-39884

Mode C: The provided documents describe CVE-2025-39884 as a Linux kernel (btrfs) race where eviction and inode caching can lose a live btrfs_inode in root->inodes, breaking subvolume deletion. The root cause is a window in evict() between unhashed inode removal and xarray deletion, allowing a ...

4.7CVSS5.9AI score0.00099EPSS
CVE
CVE
added 2025/09/24 11:2 a.m.28 views

CVE-2025-39889

CVE-2025-39889 affects the Linux kernel Bluetooth L2CAP stack by not properly validating the encryption key size on incoming connections. This failure can cause a mismatch between expected and actual key sizes, impacting security posture. Connected OSV data indicates Root has patched CVE-2025-398...

8.1CVSS6AI score0.00091EPSS
CVE
CVE
added 2025/10/01 7:42 a.m.28 views

CVE-2025-39899

CVE-2025-39899 concerns the Linux kernel mm/userfaultfd path where, on 32-bit ARM with CONFIG_HIGHPTE, move_pages_pte() maps PTE pages using kmap_local_page() and must unmap them in LIFO order. The current code unmapped dst_pte then src_pte in the same sequence, violating LIFO and triggering a ku...

5.5CVSS6.3AI score0.00135EPSS
CVE
CVE
added 2025/10/04 7:30 a.m.28 views

CVE-2025-39929

CVE-2025-39929 affects the Linux kernel SMB client code, specifically a leak in smbdirect_recv_io within smbd_negotiate() error path. The vulnerability is mapped to a LOCAL attack, with MEDIUM overall CVSS (base 5.5) and HIGH impact on availability. The description in the initial document notes t...

5.5CVSS6.1AI score0.00137EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.28 views

CVE-2025-39945

The CVE-2025-39945 entry concerns a race in the Linux kernel cnic subsystem where a use-after-free can occur if a delayed work item (delete_task) remains active during cnic_dev deallocation. The root cause is that cancel_delayed_work() does not guarantee the delayed work item has finished if it i...

7.8CVSS6.2AI score0.00148EPSS
CVE
CVE
added 2025/12/24 10:32 a.m.28 views

CVE-2025-68365

CVE-2025-68365 affects the Linux kernel ntfs3 code. The issue is an uninitialized memory use in fs/ntfs3 where memory allocated by __getname() (kmem_cache_alloc()) is used before being cleared. The documented fix is to allocate and clear memory with kmem_cache_zalloc(). The CVSS_base from the pro...

5.5CVSS6.1AI score0.00168EPSS
CVE
CVE
added 2026/01/13 3:31 p.m.28 views

CVE-2025-71077

In the Linux kernel vulnerability CVE-2025-71077, tpm2_get_pcr_allocation() did not cap the number of PCR banks, allowing out-of-bounds values to cause more than minimal harm. The fix caps the limit to eight banks, limiting potential damage from external I/O. The issue affects the TPM/PCR allocat...

5.5CVSS6.1AI score0.00123EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.28 views

CVE-2025-71084

CVE-2025-71084 (Linux kernel) fixes a leak in the multicast GID table reference within RDMA/cm. If the CM ID is destroyed while the multicast creation event is queued, cancel_work_sync() can prevent the work from running and destroy ah_attr, causing a refcount leak and a WARN in kernel logs. Affe...

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2026/01/14 3:5 p.m.28 views

CVE-2025-71104

The CVE-2025-71104 entry concerns the Linux kernel KVM on x86 with the HV timer. Root cause: when advancing the guest APIC timer expiration in periodic mode, adding a period to a past target expiration can create an unbounded sequence of hrtimer IRQs; if the guest is paused, this can trigger host...

5.5CVSS6.3AI score0.00095EPSS
CVE
CVE
added 2026/01/14 3:5 p.m.28 views

CVE-2025-71107

CVE-2025-71107: In Linux kernel F2FS, a race allows f2fs_put_super() to run before all node-page reads complete, causing an apparent filesystem reference-count leak during unmount (kernel.c fs/f2fs/super.c:1939). Mitigation: upstream patch adds f2fs_wait_on_all_pages() for F2FS_RD_NODE to ensure ...

5.5CVSS5.9AI score0.00159EPSS
CVE
CVE
added 2026/01/14 3:5 p.m.28 views

CVE-2025-71112

The CVE-2025-71112 entry concerns the Linux kernel net/hns3 VLAN handling. A VLAN ID may be used without validation when receiving a VLAN configuration mailbox from a VF, because vlan_del_fail_bmap length (BITS_TO_LONGS(VLAN_N_VID)) can permit out-of-bounds access if the VLAN ID is >= VLAN_N_V...

7.1CVSS6AI score0.00126EPSS
CVE
CVE
added 2026/01/23 3:23 p.m.28 views

CVE-2025-71161

CVE-2025-71161 affects the Linux kernel dm-verity feature, where recursive forward error correction could cause denial of service and potential data handling issues. The root cause is an overly deep recursive path in fec_read_bufs (up to four nested levels) that may loop excessively, and a shared...

5.5CVSS5.2AI score0.00165EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.28 views

CVE-2025-71221

CVE-2025-71221: The Linux kernel mmp_pdma driver contained a race in mmp_pdma_residue() that could cause use-after-free when descriptors are freed while tx_status() iterates the descriptor list. The race occurs as CPU0 unwinds the descriptor list without proper locking while CPU1's tasklet can fr...

7CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.28 views

CVE-2025-71223

CVE-2025-71223 affects the Linux kernel's ksmbd SMB server path (smb2_open and ksmbd_vfs_getattr). The issue is a refcount leak when ksmbd_vfs_getattr() fails, potentially causing resource leakage and local impact. A kernel update fixing the refcount leak is provided by the referenced advisories ...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.28 views

CVE-2025-71229

CVE-2025-71229 is a Linux kernel vulnerability affecting the rtw88 Wi‑Fi driver (rtw_core_enable_beacon). The issue arises when the function reads 4 bytes from a non-4-byte-aligned address, which can trigger an alignment fault and crash the kernel on some systems. The fixed patch changes the acce...

5.5CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/06/03 3:49 p.m.28 views

CVE-2025-71313

Summary (CVE-2025-71313) : In the Linux kernel PCI endpoint driver, there is a missing NULL check after alloc_workqueue(), which can return NULL on memory allocation failure. If a NULL workqueue pointer is later passed to queue_work() in epf_ntb_epc_init(), this can cause a NULL pointer dereferen...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.28 views

CVE-2026-22986

CVE-2026-22986 concerns a race in Linux kernel gpiolib where two drivers calling gpiochip_add_data_with_key() can concurrently traverse gpio_name_to_desc() while another adds gdev to the list, creating a window where gdev->srcu is dereferenced before it is initialized. The result is a crash (k...

4.7CVSS5.3AI score0.00087EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.28 views

CVE-2026-22996

CVE-2026-22996 affects the Linux kernel mlx5e subsystems. The issue arises from storing the unstable mlx5e_priv in mlx5e_dev devlink priv, which could lead to a kernel NULL dereference during profile changes and an oops in mlx5e_remove. The fix stores netdev directly into mlx5e_dev and derives md...

5.5CVSS5.3AI score0.00155EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.28 views

CVE-2026-23072

CVE-2026-23072: Linux kernel l2tp memleak in l2tp_udp_encap_recv() fixed by adding proper error handling after protocol version validation; the patch ensures l2tp_session_put() is called to avoid leaking objects (l2tp_session, l2tp_tunnel, sock). References indicate the commit addresses a memory‑...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.28 views

CVE-2026-23089

CVE-2026-23089 is a Linux-kernel issue in ALSA USB-audio: use-after-free in snd_usb_mixer_free() when mixer creation fails, causing freed mixer control memory to be referenced by callbacks during card registration. The connected advisories confirm the root cause and state the fix is to remove all...

7.8CVSS5.2AI score0.00135EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.28 views

CVE-2026-23122

The CVE-2026-23122 entry concerns the Linux kernel igc TSN TX packet buffer sizing. Affected component: i226 TSN support in the Linux kernel driver (igc). Root cause: reducing the TX buffer per queue from 7 KB to 5 KB to resolve TX unit hangs under heavy timestamping load. Impact: the change addr...

5.5CVSS5.4AI score0.001EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.28 views

CVE-2026-23127

CVE-2026-23127 affects the Linux kernel perf subsystem. The issue is caused by a refcount warning in perf_mmap_rb() when updating event->mmap_count during group-member mmap creation with PERF_FLAG_FD_OUTPUT. Specifically, refcount_inc(&event->mmap_count) can run when mmap_count is 0, trigge...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.28 views

CVE-2026-23219

CVE-2026-23219 concerns the Linux kernel (mm/slab) where alloc_tagging_slab_free_hook was not invoked in memcg_alloc_abort_single, causing a spurious warning: “alloc_tag was not cleared …” when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled. The issue arises because the existing __memcg_slab_post_al...

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2026/03/04 2:38 p.m.28 views

CVE-2026-23237

CVE-2026-23237 affects the Linux kernel, specifically the platform/x86 classmate-laptop driver. The issue arises when sysfs attributes of the input device are accessed before the driver has stored the input device address, causing NULL pointer dereferences via dev_get_drvdata(&inputdev->dev) i...

5.5CVSS5.8AI score0.00193EPSS
CVE
CVE
added 2026/03/18 10:5 a.m.28 views

CVE-2026-23244

CVE-2026-23244 affects the Linux kernel and stems from nvme_pr_read_keys() allocating memory based on a user-supplied num_keys value. The code uses num_keys to determine the rse allocation size up to an upper limit PR_KEYS_MAX (64K). A malicious or buggy userspace input can cause a kzalloc-based ...

7.1CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.28 views

CVE-2026-23289

CVE-2026-23289 affects the Linux kernel (IB/mthca path) in which a missed mthca_unmap_user_db() for mthca_create_srq can trigger a leak on a failed system call. The vulnerability, with local attack vector and low privileges required, may lead to privilege escalation, DoS, or information leaks as ...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.28 views

CVE-2026-23443

CVE-2026-23443 refers to a Linux kernel ACPI processor errata handling flaw (piix4). A use-after-free could occur from dereferencing device pointers after their objects were freed, stemming from a NULL-pointer dereference in acpi_processor_errata_piix4(). The fix moves diagnostic message printing...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.28 views

CVE-2026-23457

CVE-2026-23457 affects the Linux kernel netfilter nf_conntrack_sip parser (sip_help_tcp). The issue arises from parsing the SIP Content-Length header: the code uses simple_strtoul() return value (unsigned long) but stores it in an unsigned int clen, allowing truncation on 64-bit systems when Cont...

8.6CVSS5.7AI score0.00375EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.28 views

CVE-2026-23472

Summary: A Linux kernel vulnerability in the serial core (CVE-2026-23472) arises when handling PORT_UNKNOWN with a NULL transmit buffer, where uart_write_room() can report available space inconsistently with uart_write() , causing an infinite loop in drivers that rely on tty_write_room() to decid...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.28 views

CVE-2026-31394

CVE-2026-31394 concerns the Linux kernel mac80211 path where AP_VLAN (4addr) stations can trigger a NULL pointer dereference in __ieee80211_sta_cap_rx_bw() due to sta->sdata pointing to VLAN sdata, which may not participate in chanctx reservations. The root cause is that link->reserved.oper...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/04/03 3:16 p.m.28 views

CVE-2026-31396

Summary: CVE-2026-31396 affects the Linux kernel’s net/macb and PTP clock subsystem. The root cause is a use-after-free in ptp_clock_index() when the PTP clock is accessed via get_ts_info while the interface’s PTP clock object has been deregistered. This allows a local attacker to trigger a crash...

7.8CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.28 views

CVE-2026-31426

Summary: CVE-2026-31426 concerns the Linux kernel ACPI EC handling. When ec_install_handlers() defers probing on reduced‑hardware platforms, the error path could leave a dangling EC space handler context if acpi_ec_setup() propagates the error, leading to use‑after‑free when AML accesses an OpReg...

7CVSS5.7AI score0.00111EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.28 views

CVE-2026-31462

CVE-2026-31462 concerns the Linux kernel DRM/AMDGPU PASID reuse issue where a process reusing a PASID could leave pending page faults in the IH ring buffer after exit. The fix uses an idr cyclic allocator to prevent immediate PASID reuse. Connected OSV entries show Root has patched this CVE in ro...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.28 views

CVE-2026-31474

The CVE-2026-31474 issue affects the Linux kernel’s CAN ISO-TP (isotp) path. The bug is a use-after-free involving isotp_sendmsg() and the so->tx.buf buffer: if a signal interrupts wait_event_interruptible() inside close() while tx.state is ISOTP_SENDING, the release path may free so->tx.bu...

7.8CVSS5.6AI score0.00104EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.28 views

CVE-2026-31660

The CVE-2026-31660 entry concerns the Linux kernel NFC pn533 driver. The root cause is that pn532_receive_buf() may hand a complete frame to pn533_recv_frame() before allocating a fresh receive buffer; if alloc_skb() fails, the callback returns 0 while bytes have already been consumed, leaving re...

5.5CVSS5.4AI score0.00114EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.28 views

CVE-2026-31673

The connected sources describe a Linux kernel vulnerability CVE-2026-31673 in the af_unix/UNIX_DIAG_VFS path. A race condition can occur when reading inode and device numbers for UNIX_DIAG_VFS without holding unix_state_lock consistently while u->path may be cleared by unix_release_sock(). The...

7.8CVSS5.3AI score0.00121EPSS
CVE
CVE
added 2026/04/27 5:30 p.m.28 views

CVE-2026-31686

CVE-2026-31686 concerns the Linux kernel kasan double-free in kasan_remove_zero_shadow related to kasan_free_pxd() handling of pxd_page() vs start of the pxd table on architectures like PowerPC with 64K pages. The issue arises when the PUD table is not page-aligned, risking double-free during mem...

7.8CVSS5.3AI score0.00122EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.28 views

CVE-2026-43025

CVE-2026-43025 affects the Linux kernel netfilter component. A local attacker can trigger a slab-out-of-bounds read when creating new expectations by supplying a non-master conntrack helper, potentially enabling information disclosure from kernel memory. The issue is described across multiple sou...

7.3CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/05 3:17 p.m.28 views

CVE-2026-43062

CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...

7.1CVSS5.8AI score0.00215EPSS
CVE
CVE
added 2026/05/05 3:23 p.m.28 views

CVE-2026-43066

CVE-2026-43066: In Linux kernel ext4_fc_replay_inode(), iloc.bh leak could occur on error paths due to missing brelse at several failure points. The patch adds an out_brelse label before the existing out label to ensure iloc.bh is released, and also makes ext4_fc_replay_inode() propagate errors i...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/05 3:29 p.m.28 views

CVE-2026-43072

CVE-2026-43072 affects the Linux kernel drm/vc4 code path: platform_get_irq_byname() may return a negative error value, which was previously passed directly to devm_request_threaded_irq() without proper checking. The issue has been resolved in updated kernel code, and multiple OS-specific advisor...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.28 views

CVE-2026-43109

The CVE-2026-43109 issue concerns Linux kernel x86 shadow stacks where shstk_pop_sigframe() did not check errors from mmap_read_lock_killable(), and related __must_check annotations were missing. The connected OSV entries confirm patches in rootio-linux for Ubuntu/Debian releases (e.g., Ubuntu 22...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.28 views

CVE-2026-43211

CVE-2026-43211 – Linux kernel PCI slot lock handling fix The issue arises in PCI lock management: pci_slot_trylock() incorrectly handled unlocking when nested locks fail, due to an extra pci_dev_unlock(dev) on the failure path after delegating to pci_bus_trylock(). This could trigger a warning ab...

7.8CVSS5.9AI score0.00107EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.28 views

CVE-2026-43254

CVE-2026-43254: Linux kernel openvpn TCP stream handling corrected. Ovpn_tcp_recv now allocates a separate skb per packet and uses skb_copy_bits to copy only the packet payload, skipping the 2-byte length prefix; length checks guard allocation to prevent invalid skbs. This resolves header offset ...

7.5CVSS5.7AI score0.00451EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.28 views

CVE-2026-43276

Summary: CVE-2026-43276 is a Linux kernel issue in the mana network driver causing a use-after-free during PCI service rescan. The crash occurs when mana_serv_reset() calls mana_gd_suspend(), mana_gd_cleanup() frees gc->service_wq, and a subsequent resume path leads to a second removal via man...

7.8CVSS5.8AI score0.00118EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.28 views

CVE-2026-43315

CVE-2026-43315 involves the Linux kernel KVM nSVM warning path. Technical details across connected docs show that a user-triggerable WARN is raised in svm_set_nested_state() when nested_svm_load_cr3() succeeds, and the patch removes this WARN. The rationale is that userspace can easily trigger th...

5.5CVSS5.8AI score0.0013EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.28 views

CVE-2026-43333

CVE-2026-43333 (Linux kernel BPF): The vulnerability arises from direct dereference of nullable PTR_TO_BUF pointers in check_mem_access(), where PTR_TO_BUF is matched via base_type() after PTR_MAYBE_NULL stripping, allowing NULL dereferences in map iterators ctx->key/value (NULL on stop callba...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 1:37 p.m.28 views

CVE-2026-43340

Summary (CVE-2026-43340): The Linux kernel COMEDI subsystem contains a spinlock (dev->spinlock) in struct comedi_device that can be reinitialized when a COMEDI device is reattached to different low-level drivers via COMEDI_DEVCONFIG. This race can occur if multiple drivers with different lockd...

5.5CVSS5.8AI score0.00114EPSS
Total number of security vulnerabilities14330