Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/09/11 4:56 p.m.27 views

CVE-2025-39775

CVE-2025-39775: In the Linux kernel, mm/mremap: fix WARN with uffd that has remap events disabled. Root cause: during an mremap recovery, recursion recurses on the original page-table move but not the recovery move, triggering a WARN in mremap.c. The fix adds a double-VMAs PMD/PUD level check (be...

5.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.27 views

CVE-2025-39877

The CVE-2025-39877 issue is a Linux kernel use-after-free in mm/damon/sysfs: state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock, allowing a UAF when damon_ctx is freed under damon_sysfs_lock. A fix mirrors pid_show() by taking damon_sysfs_lock before dereferencing the conte...

7.8CVSS6.1AI score0.0014EPSS
CVE
CVE
added 2025/10/01 7:44 a.m.27 views

CVE-2025-39907

Technical details about CVE-2025-39907 are not publicly provided in the supplied connected documents. Monitor for updates from vendors/security advisories; the initial description mentions a Linux kernel fix related to overlapping ECC buffer mappings in stm32_fmc2.

5.5CVSS6.1AI score0.0014EPSS
CVE
CVE
added 2025/10/01 7:44 a.m.27 views

CVE-2025-39912

This CVE (CVE-2025-39912) affects the Linux kernel nfs/localio path. The issue occurs when the nfsd filecache code releases the nfsd_file before creds are properly handled, triggering a BUG_ON in __put_cred via current->cred. The vulnerability is resolved by restoring credentials before releas...

5.5CVSS6.4AI score0.00134EPSS
CVE
CVE
added 2025/10/01 8:7 a.m.27 views

CVE-2025-39927

CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...

4.7CVSS5.8AI score0.001EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.27 views

CVE-2025-39953

CVE-2025-39953 (Linux kernel) : The issue arises in cgroup destruction where root destruction can hang during repeated perf_event/net_prio unmounts with systemd.unified_cgroup_hierarchy=1. Root cause shows root destruction enqueues, while offline work is blocked by the same wq, causing a hang. Th...

5.5CVSS6.2AI score0.00137EPSS
CVE
CVE
added 2025/10/13 1:48 p.m.27 views

CVE-2025-39965

CVE-2025-39965 concerns the Linux kernel where xfrm_alloc_spi incorrectly treated 0 as a valid SPI. A state with x->id.spi == 0 was added to the byspi list, and __xfrm_state_delete failed to remove such states, leading to a use-after-free vulnerability on list traversal. The issue is resolved ...

5.5CVSS6.1AI score0.00174EPSS
CVE
CVE
added 2025/10/15 7:55 a.m.27 views

CVE-2025-39966

CVE-2025-39966 (Linux kernel, iommufd) : A race during abort for file descriptors could cause a use-after-free when the object is freed while a file’s private_data references it. The bug arises because fput() defers release() to a workqueue; ifAbort allocation fails before installing the file, th...

7CVSS6.2AI score0.00101EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.27 views

CVE-2025-71098

The CVE CVE-2025-71098 affects the Linux kernel’s IP6_GRE path. Syzbot crashes were caused by ip6gre_header() relying on dynamic dev->needed_headroom/dev->hard_header_len, enabling skb underflow when an skb with insufficient headroom was used (e.g., during mld_sendpack/mld_finish_output pat...

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2026/01/14 3:7 p.m.27 views

CVE-2025-71143

CVE-2025-71143 concerns a Linux kernel issue in clk: samsung: exynos-clkout where .num was initialized after .hws[] was accessed, triggering UBSAN_BOUNDS warnings. The fix moves the .num initialization before the first access of .hws[] (as noted in commit f316cdff8d67 and related annotations) to ...

7.8CVSS6AI score0.00122EPSS
CVE
CVE
added 2026/01/31 11:42 a.m.27 views

CVE-2025-71189

Technical details for CVE-2025-71189 are not provided in the connected documents; the available sources only reference the vulnerability and fix at a high level. Monitor for updates.

5.5CVSS5.8AI score0.00183EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.27 views

CVE-2025-71297

The provided CVE-2025-71297 stems from the Linux kernel wifi driver stack (rtw88/rtw8822b). The issue occurs when rtw8822b_set_antenna() is invoked from userspace while the wireless chip is powered off, causing rtw8822b_config_trx_mode() to read RF registers and trigger a WARNING. The patch ensur...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/27 12:14 p.m.27 views

CVE-2025-71306

CVE-2025-71306 is a Linux kernel vulnerability affecting the Integrity Measurement Architecture (IMA). The issue is a stack-out-of-bounds access in the function ima_appraise_measurement when processing bprm_creds for exec, traced to an incorrect offset calculation caused by using container_of on ...

7.1CVSS5.8AI score0.0015EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.27 views

CVE-2026-22982

CVE-2026-22982 is a Linux kernel vulnerability in the net: mscc: ocelot driver. The issue causes a crash when adding an interface under a lag due to NULL pointer dereferences in the ocelot frontend (ocelot_vsc7514.c) where unused ports may be left as NULL. The fix updates the code to verify the p...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.27 views

CVE-2026-22994

CVE-2026-22994 in the Linux kernel is due to a reference-count leak in the bpf_prog_test_run_xdp path (bpf: Fix reference count leak in bpf_prog_test_run_xdp()). The issue arises from refcount handling between xdp_convert_md_to_buff() and xdp_convert_buff_to_md() and may affect the bpf_prog_test_...

5.5CVSS5.2AI score0.00119EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.27 views

CVE-2026-23006

The CVE-2026-23006 issue in the Linux kernel ASoC: tlv320adcx140 driver was fixed by correcting a null pointer dereference in adcx140_priv when snd_soc_component is only used for dev access. The fix removes the null pointer path by properly initializing/handling snd_soc_component. Public updates ...

5.5CVSS5.2AI score0.00186EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.27 views

CVE-2026-23098

CVE-2026-23098 affects the Linux kernel component related to NET/ROM handling in nr_route_frame(). The issue is a double-free: old_skb is freed unconditionally, and if nr_neigh->ax25 is NULL the caller may free old_skb again. The root cause is freeing old_skb without validating the ax25 pointe...

8.8CVSS5.2AI score0.00177EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.27 views

CVE-2026-23099

CVE-2026-23099 (bonding: limit BOND_MODE_8023AD to Ethernet devices) is addressed in the Linux kernel, preventing use of BOND_MODE_8023AD on non-Ethernet devices. The issue, observed in bonding/low-level MAC address handling, can cause out-of-bounds memory access when enslaving or configuring net...

7.1CVSS5.2AI score0.00152EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.27 views

CVE-2026-23106

CVE-2026-23106 concerns the Linux kernel timekeeping subsystem. The root cause is in __do_adjtimex(), which incorrectly references the core timekeeper’s tk_core when adjusting leap second state for an auxiliary timekeeper. This leads to a seqlock protocol violation where the timekeepers sequence ...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.27 views

CVE-2026-23116

CVE-2026-23116 : On i.MX8MQ, the VPUMIX domain’s 8mq VPU block controller had no separate reset and clock enable bits, causing a potential system hang when G1/G2 reset could not be performed independently. The Linux kernel fix removes the separate rst_mask and clk_mask for imx8mq_vpu_blk_ctl_doma...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.27 views

CVE-2026-23125

CVE-2026-23125 (Linux kernel SCTP) : A null-pointer dereference in the SCTP transmit path could occur when SCTP-AUTH key initialization fails during INIT_ACK processing. The issue arises because SCTP_CMD_ASSOC_SHKEY is executed after PEER_INIT and can leave asoc->shkey NULL if key setup fails,...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.27 views

CVE-2026-23153

CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...

4.7CVSS5.2AI score0.00074EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.27 views

CVE-2026-23159

CVE-2026-23159 is a Linux kernel vulnerability related to perf: sched crashing when tracing user-space tasks. The issue arose from an unsafe test for user-space task memory access: older checks relied on task_struct.mm, newer code attempted PF_KTHREAD checks and is_user_task() but not all kernel ...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.27 views

CVE-2026-23162

CVE-2026-23162 relates to the Intel Xe GPU driver in the Linux kernel (drm/xe/nvm). A double-free vulnerability occurs during initialization: after auxiliary_device_init() succeeds, if auxiliary_device_add() then fails, the memory may be freed twice (via the device release path and a premature fr...

7.8CVSS5.2AI score0.00113EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.27 views

CVE-2026-23197

The CVE-2026-23197 issue affects the Linux kernel i2c_imx driver: when a block read returns an invalid length (not in range), the length handler sets IMX_I2C_STATE_FAILED, but i2c_imx_master_isr() overwrites it with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers a...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.27 views

CVE-2026-23199

CVE-2026-23199 : In the Linux kernel, procfs could deadlock by fetching the optional build ID while holding the VMA lock. The fix changes PROCMAP_QUERY to obtain the optional build ID only after dropping mmap_lock or after acquiring the per-VMA lock used to guard the VMA, preventing the cross-loc...

5.5CVSS5.2AI score0.0009EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.27 views

CVE-2026-23202

The CVE-2026-23202 issue is in the Linux kernel SPI driver for Tegra210-quad (tegra_qspi_combined_seq_xfer). The root cause is that curr_xfer is read by the IRQ handler without the spinlock, and is cleared without proper synchronization, allowing a race that could yield a NULL pointer dereference...

5.5CVSS5.2AI score0.00111EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.27 views

CVE-2026-23214

In CVE-2026-23214, the Linux kernel Btrfs implementation may start new transactions even when the filesystem is mounted with rescue options that mark it fully read-only. This can trigger a transaction during unmount when inodes are evicted, producing warnings like “Transaction aborted (error -22)...

5.5CVSS5.3AI score0.00112EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.27 views

CVE-2026-23215

CVE-2026-23215 affects the Linux kernel’s x86/vmware code. The issue arises from buggy QEMU VMware mouse emulation that clobbers the top 32 bits of the RDI/RSI state across hypercalls, causing page faults when dereferencing a saved kernel stack address. The kernel workaround marks RDI/RSI as clob...

5.5CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.27 views

CVE-2026-23217

CVE-2026-23217 relates to the Linux kernel on RISC-V where tracing the sbi_ecall functions can cause a deadlock in the snapshot path. The root cause is that sbi_ecall triggers a ringbuffer snapshot which may re-enter __sbi_ecall via an IPI, creating an endless loop when initial __sbi_ecall is pre...

5.5CVSS5.3AI score0.0008EPSS
Web
CVE
CVE
added 2026/02/18 2:21 p.m.27 views

CVE-2026-23218

CVE-2026-23218 affects the Linux kernel (loongson-64bit GPIO). The root cause is an incorrect NULL check in loongson_gpio_init_irqchip() after devm_kcalloc(), where chip->parent was checked instead of chip->irq.parents. This mischeck can lead to a NULL dereference during IRQ chip init. The ...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/03/18 5:41 p.m.27 views

CVE-2026-23255

The connected Amazon Linux advisory confirms CVE-2026-23255 is a Linux kernel vulnerability where /proc/net/ptype lacked proper RCU protection. The fix adds an explicit device pointer tracking and ensures RCU-compliant reads in ptype_seq_show(), with full READ_ONCE protection in ptype_seq_next() ...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.27 views

CVE-2026-23351

CVE-2026-23351 affects the Linux kernel netfilter nft_set_pipapo data type. The issue is a use-after-free in the pipapo set when many elements are expired and the commit-time garbage collection (GC) can run for a long time in a non-preemptible context, triggering soft lockups and RCU stalls. The ...

7.8CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.27 views

CVE-2026-23450

CVE-2026-23450 (Linux kernel): The issue stems from a race in the SMC TCP path (net/smc) where, during close of an SMC listen socket, sk_user_data can be NULL or the smc_sock freed, causing a NULL dereference or use-after-free in smc_tcp_syn_recv_sock() when accessed under rcu/protected context. ...

9.8CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.27 views

CVE-2026-31392

CVE-2026-31392 concerns the Linux kernel SMB client and Kerberos username handling. The issue was fixed by ensuring the username mount option is respected when sec=krb5 is used, preventing reuse of an SMB session across mounts with different usernames. Connected OSV records show Debian/Ubuntu/roo...

8.1CVSS5.7AI score0.00122EPSS
Web
CVE
CVE
added 2026/04/20 9:43 a.m.27 views

CVE-2026-31429

Summary (supported): CVE-2026-31429 affects the Linux kernel, specifically a KFENCE interaction that caused a cross-cache free of KFENCE-allocated skb heads. The root cause was that kfence_ksize() could return the exact allocation size, leading to skb_end_offset matching SKB_SMALL_HEAD_HEADROOM a...

5.5CVSS5.6AI score0.00259EPSS
CVE
CVE
added 2026/04/20 9:43 a.m.27 views

CVE-2026-31430

CVE-2026-31430 affects the Linux kernel: X.509 extensions parsing could read the first byte of an extension before checking length, causing out-of-bounds access. The vulnerability can be triggered by an unprivileged user submitting a crafted certificate via the keyrings(7) API. A PoC exists. The ...

7.1CVSS5.6AI score0.00081EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.27 views

CVE-2026-31504

The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...

7.8CVSS6.2AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.27 views

CVE-2026-31528

The CVE-2026-31528 issue affects the Linux kernel PMU subsystem in perf, specifically during handling of performance event groups. The root cause is an incorrect use of event pointers across group operations: when group_sched_in() fails, the code may rollback using the wrong PMU, risking an out-o...

7.8CVSS5.5AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:33 p.m.27 views

CVE-2026-31543

The CVE-2026-31543 entry concerns the Linux kernel. A vulnerability in crash_dump/logging: read_key_from_user_keying() incorrectly logged the first 8 bytes of the key payload when debug logging was enabled, partially exposing the dm-crypt key. The issue is resolved by stopping logging any key byt...

5.5CVSS5.3AI score0.00121EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.27 views

CVE-2026-31566

CVE-2026-31566 concerns the Linux kernel amdgpu driver (amdgpu_amdkfd_submit_ib). The issue arises when a fence reference is dma_fence_put()’ed before dma_fence_wait() completes, which can free the fence prematurely and trigger a use-after-free during job completion. Publicly documented fixes sho...

7.8CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.27 views

CVE-2026-31600

Summary of CVE-2026-31600 : Linux kernel arm64 memory management vulnerability where invalid large leaf mappings could cause a kernel panic due to mis-handling of cleared PTE_VALID bits. Publicly disclosed details describe the root cause in arm64 mm: handling invalid large leaf mappings and the o...

7.5CVSS5.5AI score0.0029EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.27 views

CVE-2026-31618

CVE-2026-31618 affects the Linux kernel fbdev subsystem, specifically the tdfxfb and udlfb drivers. The issue is a divide-by-zero crash in FBIOPUT_VSCREENINFO when the code uses pixclock for division, which can crash the system and lead to a DoS condition as described in the advisory. A fix has b...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.27 views

CVE-2026-31642

The CVE-2026-31642 entry concerns the Linux kernel rxrpc module, where a flaw in call removal was fixed by using list_del_rcu() instead of list_del_init() to prevent infinite loops when reading /proc/net/rxrpc/calls. The underlying issue is that improperly deleting calls could disrupt list handli...

5.5CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.27 views

CVE-2026-31669

The CVE-2026-31669 entry pertains to the Linux kernel MPTCP code. A use-after-free could occur in IPv6 subflow sockets due to premature copying of tcpv6_prot into tcpv6_prot_override during early init, before proto_register(&tcpv6_prot) and its SLAB_TYPESAFE_BY_RCU cache is established. Consequen...

9.8CVSS5.5AI score0.004EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.27 views

CVE-2026-31704

CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.27 views

CVE-2026-43056

Summary: CVE-2026-43056 affects the Linux kernel net: mana component. A use-after-free can occur in add_adev() when auxiliary_device_add() fails and control falls through to init_fail, accessing adev->id after the release callback frees the containing struct mana_adev. Root cause: the code fre...

7.8CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/05/02 6:11 a.m.27 views

CVE-2026-43058

The CVE covers a Linux kernel issue in media: vidtv where vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, triggering MSAN warnings for uninitialized data. The root cause is stack-copy of the structs; the patch changes the functions to accept them by ...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.27 views

CVE-2026-43078

The CVE-2026-43078 entry affects the Linux kernel crypto/af_alg component. A root-cause was an overflow in page reassignment within af_alg_pull_tsgl where the update to support page reallocation wasn’t fully reflected in the loop, allowing one extra page to be reassigned. The vulnerability is des...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.27 views

CVE-2026-43112

The CVE-2026-43112 issue affects the Linux kernel CIFS (Common Internet File System) client, specifically the function cifs_sanitize_prepath. The vulnerability occurs when processing an empty string or a string consisting only of delimiters (for example "/"); the code may dereference cursor2-1 be...

8.8CVSS5.8AI score0.00352EPSS
Total number of security vulnerabilities14330