14330 matches found
CVE-2026-46101
CVE-2026-46101 — Linux kernel netfilter nft_bitwise : The issue arises in the carry-propagation for 32-bit words when a zero shift operand is used in nft_bitwise left/right shift expressions, causing undefined behaviour. The fix rejects zero shift operands during initialization and extends the ex...
CVE-2023-53224
CVE-2023-53224 details (Linux kernel): The issue arises in ext4 where the release handler was set to kfree, which had an incompatible function prototype under clang KFIs. A wrapper with the correct prototype fixes the mismatch. The root cause is a function-prototype mismatch surfaced by Clang’s -...
CVE-2026-43333
CVE-2026-43333 (Linux kernel BPF): The vulnerability arises from direct dereference of nullable PTR_TO_BUF pointers in check_mem_access(), where PTR_TO_BUF is matched via base_type() after PTR_MAYBE_NULL stripping, allowing NULL dereferences in map iterators ctx->key/value (NULL on stop callba...
CVE-2026-43340
Summary (CVE-2026-43340): The Linux kernel COMEDI subsystem contains a spinlock (dev->spinlock) in struct comedi_device that can be reinitialized when a COMEDI device is reattached to different low-level drivers via COMEDI_DEVCONFIG. This race can occur if multiple drivers with different lockd...
CVE-2026-43379
CVE-2026-43379 affects ksmbd (Linux kernel) with a use-after-free in smb_lazy_parent_lease_break_close. The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is accessed after rcu_read_unlock(), creating a race where the memory could be freed by a concurrent writer before subsequent de...
CVE-2026-43453
CVE-2026-43453 is a Linux kernel issue in the netfilter nft_set_pipapo path. The bug is a stack out-of-bounds read in pipapo_drop(), where rulemap[i+1].n is passed to pipapo_unmap() on every iteration, including the last when i == m->field_count-1. This reads past the end of the stack-allocate...
CVE-2026-43480
In CVE-2026-43480, the Linux kernel ASoC driver for the amd acp3x-rt5682-max9836 (acp3x_5682_init) failed to check the return value of clk_get(), risking dereferencing an error pointer in rt5682_clk_enable(). The fix is to switch to device-managed devm_clk_get() and add IS_ERR() checks for both c...
CVE-2026-43484
CVE-2026-43484 – Linux kernel MMC core : The vulnerability stems from concurrent updates to bitfield flags (claimed and retune_now) sharing a word, enabling write–overwrite of other bits in async contexts and triggering spurious WARN_ON(!host->claimed). The fix moves claimed, can_retune, retun...
CVE-2026-45853
The CVE-2026-45853 issue is in the Linux kernel drm/amdgpu component. The function amdgpu_discovery_get_nps_info() allocates memory for ranges with kvcalloc() (potentially vmalloc), but frees it with kfree(), which may corrupt vmalloc memory. The documented fix is to use kvfree() to safely handle...
CVE-2026-45886
CVE-2026-45886: In the Linux kernel, a patch fixes the bpf_xdp_store_bytes prototype for read-only arguments. The issue caused the verifier to treat the third argument as a BPF_WRITE target when NATed map memory was read-only, resulting in a forbidden write to a read-only map. The patch adjusts t...
CVE-2026-45893
CVE-2026-45893 (Linux kernel/AppArmor issue) is addressed by patches in various OS branches. The vulnerability stems from creating tables from user-provided data that may be unaligned in memory, risking unaligned memory accesses when AppArmor builds tables. Connected OSV entries indicate patches ...
CVE-2026-45908
The CVE-2026-45908 issue affects the Linux kernel’s accel/amdxdna component, specifically amdxdna_ubuf_map. The function allocates memory for sg and internal sg table structures but does not free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, resulting in a mem...
CVE-2026-45911
CVE-2026-45911 affects the Linux kernel USB3 (cdns3) driver. When a USB role switch to host occurs during resume, the host path can dereference an uninitialized xhci-hcd device, causing a NULL pointer dereference. The fixed behavior is to skip the resume operation for the newly chosen role if a r...
CVE-2026-45914
CVE-2026-45914 affects the Linux kernel hwmon ibmpex driver, where a race during sensor deletion can race with userspace access to a freed sensor data structure, causing a use-after-free and potential crash. The description notes that the patch reverting the previous fix (6946c726…) may introduce...
CVE-2026-45969
The CVE concerns the Linux kernel HID PlayStation driver. In ps_gamepad_create(), the call to input_ff_create_memless() is made without verifying its return value, which can cause incorrect behavior or crashes when Force Feedback effects are triggered. Multiple connected sources indicate the issu...
CVE-2026-45985
CVE-2026-45985 affects the Linux kernel/ext4: during within-EOF direct I/O and writeback with dioread_nolock, unwritten extents could be converted incorrectly when splitting before submitting I/O, potentially exposing stale data. Root cause: EXT4_GET_BLOCKS_CONVERT was set during ext4_split_conve...
CVE-2026-45994
The CVE-2026-45994 issue affects the Linux kernel ibmasm: command_file_write, where a kernel buffer is allocated with count bytes and user data copied without validating against the dot command header, enabling out-of-bounds reads via get_dot_command_size/timeout and memcpy_toio. Patches introduc...
CVE-2026-45996
The CVE-2026-45996 entry concerns a use-after-free in the Linux kernel SPI IMX driver (on unbind/deregistration). The root cause is that upon deregistering the SPI controller, driver data may be freed while still referenced, requiring an extra reference before deregistration to ensure data remain...
CVE-2026-45999
The CVE-2026-45999 issue affects the Linux kernel EROFS LZ4 inplace decompression path (z_erofs_lz4_handle_overlap). Crafted extents can trigger an unsigned underflow (outpages
CVE-2026-46006
The CVE-2026-46006 entry concerns the Linux kernel’s drm/nouveau driver. A 32‑bit overflow in nouveau_gem_pushbuf_reloc_apply() could cause incorrect relocation bounds checks: r->reloc_bo_offset + 4 is computed in 32‑bit space, wrapping before comparing to nvbo->bo.base.size. The fix casts ...
CVE-2026-46047
CVE-2026-46047: In the Linux kernel, net: qrtr: ns use-after-free in driver remove is fixed. The vulnerability arises if a packet arrives after destroy_workqueue() but before sock_release(), causing qrtr_ns_data_ready() to queue a work item that dereferences freed memory. Root and distro advisori...
CVE-2026-46053
CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...
CVE-2026-46062
In the Linux kernel ntfs3 driver, CVE-2026-46062 arises from an integer overflow in run_unpack() where the volume boundary check uses raw addition (lcn + len) against sbi->used.bitmap.nbits. This can wrap for large lcn/len values, bypassing validation. A fix uses check_add_overflow() (consiste...
CVE-2026-46066
CVE-2026-46066 pertains to a Linux kernel issue that surfaces as a panic in multi-folio encrypted writes when a bounce buffer allocation fails during fscrypt-enabled CephFS writes. The root cause, described in the CVE entry, is that move_dirty_folio_in_page_array() may fail after the batch has st...
CVE-2026-46074
CVE-2026-46074 is addressed in openSUSE openSUSE Tumbleweed via kernel-devel-7.0.11-1.1. The issue is in the Linux kernel SPI ch341 driver, where memory leaks occur on probe failures due to improper cleanup. The patch requests deregistration of the controller, disabling pins, and killing/freeing ...
CVE-2026-46106
CVE-2026-46106 concerns the Linux kernel eventfs remount race. The root cause is a race where eventfs_inodes are traversed while remounts are performed, due to mixing rcu_read_lock usage with SRCU and not holding eventfs_mutex during the critical walk. The fix (commit 340f0c7067a9) updates the ev...
CVE-2026-46128
The CVE-2026-46128 issue concerns the Linux kernel IPMI event message handling. The root cause is an insufficiently validated event message buffer/data size occurring when fetching events, with some BMCs returning an empty message instead of an error. This leads to a potential failure in processi...
CVE-2026-46138
The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i
CVE-2026-46184
CVE-2026-46184 relates to the Linux kernel sound/ua101 driver. The root cause is a missing sanity check for bNrChannels in detect_usb_format(), which can lead to a division by zero in playback_urb_complete() and capture_urb_complete() when a device reports bNrChannels = 0. The USB core does not v...
CVE-2026-46236
CVE-2026-46236 affects the Linux kernel media: rc Xbox remote driver, where the IO buffer was placed in the device structure, violating DMA coherency rules. This is a local, low-complexity issue with high availability impact. Publicly documented fixes are present in OSV entries for Root: Debian 1...
CVE-2026-46264
CVE-2026-46264 addresses a Linux kernel flaw in drm/xe/pf where an error in devm_add_action_or_reset() can cause a cleanup action to run on an uninitialized kobject during sysfs initialization. This use-after-free and kobject_put() on an uninitialized object is mitigated by ensuring proper initia...
CVE-2026-46267
CVE-2026-46267 affects the Linux kernel NFC HCI SHDLC subsystem. The root cause is that timers and state-machine work can remain active during llc_shdlc_deinit(), which purges SHDLC skb queues and frees the llc_shdlc structure while callbacks may still access SHDLC state and queues. If teardown r...
CVE-2026-52907
The CVE-2026-52907 entry concerns the Linux kernel component media: rockchip: rkcif. The root cause is off-by-one errors in array handling, where comparisons were made with > instead of >=, risking reads beyond the end of arrays. The fix updates comparisons to use proper bounds checks and s...
CVE-2026-52914
In the Linux kernel, the batman-adv component is affected by CVE-2026-52914. The root cause is an accounting bug where the accumulated fragment length used for validating queued fragment chains can be truncated during updates. This allows malformed fragment chains to bypass validation and drive r...
CVE-2026-53205
The CVE-2026-53205 issue is in the Linux kernel Intel Versatile Processing Unit (IVPU) accelerator driver (accel/ivpu). It stems from insufficient validation of read/write indices in the firmware log buffer, allowing potential out-of-bounds access if firmware supplies invalid indices. Affected sy...
CVE-2022-50078
CVE-2022-50078 describes a resolved Linux kernel issue in the tracing subsystem (eprobes). The root cause is a NULL pointer dereference that occurs when event probes (eprobes) try to retrieve the instruction pointer (RIP) using registers, while eprobes do not use pt_regs. The fix, implemented in ...
CVE-2022-50119
The CVE-2022-50119 issue concerns the Linux kernel and a refcount leak in rpmsg_register_device_override. The root cause is that put_device was not invoked to free the vchan on a driver_set_override error path, risking a leak. The fix adds a put_device() in the error path to ensure proper resourc...
CVE-2022-50217
CVE-2022-50217 affects the Linux kernel’s fuse_release path. A race between write(2) and close(2) can cause pages to be dirtied after fuse_flush → write_inode_now(), potentially leaving writable pages unflushed and risking file state on release. The description across connected sources indicates ...
CVE-2022-50244
CVE-2022-50244 affects the Linux kernel code path in cxl_pci_init_afu|adapter() where a failed device_register() leaves a not-added device and leads to a potential null pointer dereference if device_unregister() is called in the error path. The fix splits unregister logic into device_del() and pu...
CVE-2022-50275
The CVE-2022-50275 issue affects the Linux kernel Radeon driver: the radeon_acpi_vfct_bios() path failed to call acpi_put_table() after ACPI BIOS parsing, causing an ACPI memory leak. The vulnerability is addressed by adding the missing acpi_put_table() call to release ACPI memory post-init, as d...
CVE-2022-50287
The CVE-2022-50287 entry pertains to the Linux kernel DRM/I915 path, where a memory leak/undefined behavior can occur in generate_lfp_data_ptrs. Specifically, ptrs is freed via kfree() when (size != 0 || ptrs->lvds_entries != 3) but ptrs was not allocated with kzmalloc(); it was obtained by po...
CVE-2022-50327
CVE-2022-50327 in the Linux kernel concerns ACPI: processor: idle where acpi_fetch_acpi_dev() could return NULL, causing a NULL pointer dereference in acpi_device_hid(). The connected Nessus/SUSE advisories confirm this CVE is addressed in kernel live patches for SUSE SLES15 SP5 (multiple patches...
CVE-2022-50372
CVE-2022-50372 pertains to the Linux kernel’s CIFS/SMB client: a memory leak occurs when building the ntlmssp negotiate blob during mount of CIFS shares. The issue manifests as an unreferenced object and can lead to a session setup leak if the negotiate blob construction fails. The vulnerability ...
CVE-2022-50375
CVE-2022-50375 affects the Linux kernel: the fix ensures that in lpuart_dma_shutdown the flags for lpuart_dma_tx_use and lpuart_dma_rx_use are set to false. Without this, lpuart_flush_buffer could access DMA APIs after DMA teardown, causing aborts. The patch prevents DMA access after relinquishme...
CVE-2022-50396
CVE-2022-50396 affects the Linux kernel’s net/sched tcindex code. The root cause is in tcindex_change when old_r is taken from p->perfect: the code allocates a new filter result via tcindex_alloc_perfect_hash() and then calls tcindex_filter_result_init() to clear the old result without destroy...
CVE-2022-50414
CVE-2022-50414 concerns the Linux kernel: during SCSI over FCoE, fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport). If fcoe_if_init() fails, the transport is not detached, leaving a freed fcoe_sw_transport on the fcoe_transports list. This causes a kernel panic when the module is reinse...
CVE-2023-53180
Technical specifics (affected versions, exploit details, patch) are not provided in the connected documents. Monitor for updates regarding CVE-2023-53180 and its kernel fix for ath12k NULL pointer handling in management transmit cleanup.
CVE-2023-53196
CVE-2023-53196 affects the Linux kernel USB subsystem (dwc3 on Qualcomm platforms). The issue was a memory leak in dwc3_qcom_probe(), where allocated memory for the resource structure pointed to by parent_res was not freed. The fix replaces that dynamic allocation with stack-allocated memory to p...
CVE-2023-53202
CVE-2023-53202 concerns the Linux kernel memory-leak issue from using debugfs_lookup() without releasing the acquired object. The mitigation implemented across connected advisories is to use debugfs_lookup_and_remove() (which handles the look-up and cleanup in one step) or to ensure dput() is cal...
CVE-2023-53211
The CVE-2023-53211 issue affects the Linux kernel’s driver core, where a struct acpi_pld_info *pld was not freed before returning on allocation failure, risking a memory leak. The fix adds ACPI_FREE() calls to release the allocated memory before the function exits. Connected documents confirm thi...