14330 matches found
CVE-2025-39775
CVE-2025-39775: In the Linux kernel, mm/mremap: fix WARN with uffd that has remap events disabled. Root cause: during an mremap recovery, recursion recurses on the original page-table move but not the recovery move, triggering a WARN in mremap.c. The fix adds a double-VMAs PMD/PUD level check (be...
CVE-2025-39877
The CVE-2025-39877 issue is a Linux kernel use-after-free in mm/damon/sysfs: state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock, allowing a UAF when damon_ctx is freed under damon_sysfs_lock. A fix mirrors pid_show() by taking damon_sysfs_lock before dereferencing the conte...
CVE-2025-39907
Technical details about CVE-2025-39907 are not publicly provided in the supplied connected documents. Monitor for updates from vendors/security advisories; the initial description mentions a Linux kernel fix related to overlapping ECC buffer mappings in stm32_fmc2.
CVE-2025-39912
This CVE (CVE-2025-39912) affects the Linux kernel nfs/localio path. The issue occurs when the nfsd filecache code releases the nfsd_file before creds are properly handled, triggering a BUG_ON in __put_cred via current->cred. The vulnerability is resolved by restoring credentials before releas...
CVE-2025-39927
CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...
CVE-2025-39953
CVE-2025-39953 (Linux kernel) : The issue arises in cgroup destruction where root destruction can hang during repeated perf_event/net_prio unmounts with systemd.unified_cgroup_hierarchy=1. Root cause shows root destruction enqueues, while offline work is blocked by the same wq, causing a hang. Th...
CVE-2025-39965
CVE-2025-39965 concerns the Linux kernel where xfrm_alloc_spi incorrectly treated 0 as a valid SPI. A state with x->id.spi == 0 was added to the byspi list, and __xfrm_state_delete failed to remove such states, leading to a use-after-free vulnerability on list traversal. The issue is resolved ...
CVE-2025-39966
CVE-2025-39966 (Linux kernel, iommufd) : A race during abort for file descriptors could cause a use-after-free when the object is freed while a file’s private_data references it. The bug arises because fput() defers release() to a workqueue; ifAbort allocation fails before installing the file, th...
CVE-2025-71098
The CVE CVE-2025-71098 affects the Linux kernel’s IP6_GRE path. Syzbot crashes were caused by ip6gre_header() relying on dynamic dev->needed_headroom/dev->hard_header_len, enabling skb underflow when an skb with insufficient headroom was used (e.g., during mld_sendpack/mld_finish_output pat...
CVE-2025-71143
CVE-2025-71143 concerns a Linux kernel issue in clk: samsung: exynos-clkout where .num was initialized after .hws[] was accessed, triggering UBSAN_BOUNDS warnings. The fix moves the .num initialization before the first access of .hws[] (as noted in commit f316cdff8d67 and related annotations) to ...
CVE-2025-71189
Technical details for CVE-2025-71189 are not provided in the connected documents; the available sources only reference the vulnerability and fix at a high level. Monitor for updates.
CVE-2025-71297
The provided CVE-2025-71297 stems from the Linux kernel wifi driver stack (rtw88/rtw8822b). The issue occurs when rtw8822b_set_antenna() is invoked from userspace while the wireless chip is powered off, causing rtw8822b_config_trx_mode() to read RF registers and trigger a WARNING. The patch ensur...
CVE-2025-71306
CVE-2025-71306 is a Linux kernel vulnerability affecting the Integrity Measurement Architecture (IMA). The issue is a stack-out-of-bounds access in the function ima_appraise_measurement when processing bprm_creds for exec, traced to an incorrect offset calculation caused by using container_of on ...
CVE-2026-22982
CVE-2026-22982 is a Linux kernel vulnerability in the net: mscc: ocelot driver. The issue causes a crash when adding an interface under a lag due to NULL pointer dereferences in the ocelot frontend (ocelot_vsc7514.c) where unused ports may be left as NULL. The fix updates the code to verify the p...
CVE-2026-22994
CVE-2026-22994 in the Linux kernel is due to a reference-count leak in the bpf_prog_test_run_xdp path (bpf: Fix reference count leak in bpf_prog_test_run_xdp()). The issue arises from refcount handling between xdp_convert_md_to_buff() and xdp_convert_buff_to_md() and may affect the bpf_prog_test_...
CVE-2026-23006
The CVE-2026-23006 issue in the Linux kernel ASoC: tlv320adcx140 driver was fixed by correcting a null pointer dereference in adcx140_priv when snd_soc_component is only used for dev access. The fix removes the null pointer path by properly initializing/handling snd_soc_component. Public updates ...
CVE-2026-23098
CVE-2026-23098 affects the Linux kernel component related to NET/ROM handling in nr_route_frame(). The issue is a double-free: old_skb is freed unconditionally, and if nr_neigh->ax25 is NULL the caller may free old_skb again. The root cause is freeing old_skb without validating the ax25 pointe...
CVE-2026-23099
CVE-2026-23099 (bonding: limit BOND_MODE_8023AD to Ethernet devices) is addressed in the Linux kernel, preventing use of BOND_MODE_8023AD on non-Ethernet devices. The issue, observed in bonding/low-level MAC address handling, can cause out-of-bounds memory access when enslaving or configuring net...
CVE-2026-23106
CVE-2026-23106 concerns the Linux kernel timekeeping subsystem. The root cause is in __do_adjtimex(), which incorrectly references the core timekeeper’s tk_core when adjusting leap second state for an auxiliary timekeeper. This leads to a seqlock protocol violation where the timekeepers sequence ...
CVE-2026-23116
CVE-2026-23116 : On i.MX8MQ, the VPUMIX domain’s 8mq VPU block controller had no separate reset and clock enable bits, causing a potential system hang when G1/G2 reset could not be performed independently. The Linux kernel fix removes the separate rst_mask and clk_mask for imx8mq_vpu_blk_ctl_doma...
CVE-2026-23125
CVE-2026-23125 (Linux kernel SCTP) : A null-pointer dereference in the SCTP transmit path could occur when SCTP-AUTH key initialization fails during INIT_ACK processing. The issue arises because SCTP_CMD_ASSOC_SHKEY is executed after PEER_INIT and can leave asoc->shkey NULL if key setup fails,...
CVE-2026-23153
CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...
CVE-2026-23159
CVE-2026-23159 is a Linux kernel vulnerability related to perf: sched crashing when tracing user-space tasks. The issue arose from an unsafe test for user-space task memory access: older checks relied on task_struct.mm, newer code attempted PF_KTHREAD checks and is_user_task() but not all kernel ...
CVE-2026-23162
CVE-2026-23162 relates to the Intel Xe GPU driver in the Linux kernel (drm/xe/nvm). A double-free vulnerability occurs during initialization: after auxiliary_device_init() succeeds, if auxiliary_device_add() then fails, the memory may be freed twice (via the device release path and a premature fr...
CVE-2026-23197
The CVE-2026-23197 issue affects the Linux kernel i2c_imx driver: when a block read returns an invalid length (not in range), the length handler sets IMX_I2C_STATE_FAILED, but i2c_imx_master_isr() overwrites it with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers a...
CVE-2026-23199
CVE-2026-23199 : In the Linux kernel, procfs could deadlock by fetching the optional build ID while holding the VMA lock. The fix changes PROCMAP_QUERY to obtain the optional build ID only after dropping mmap_lock or after acquiring the per-VMA lock used to guard the VMA, preventing the cross-loc...
CVE-2026-23202
The CVE-2026-23202 issue is in the Linux kernel SPI driver for Tegra210-quad (tegra_qspi_combined_seq_xfer). The root cause is that curr_xfer is read by the IRQ handler without the spinlock, and is cleared without proper synchronization, allowing a race that could yield a NULL pointer dereference...
CVE-2026-23214
In CVE-2026-23214, the Linux kernel Btrfs implementation may start new transactions even when the filesystem is mounted with rescue options that mark it fully read-only. This can trigger a transaction during unmount when inodes are evicted, producing warnings like “Transaction aborted (error -22)...
CVE-2026-23215
CVE-2026-23215 affects the Linux kernel’s x86/vmware code. The issue arises from buggy QEMU VMware mouse emulation that clobbers the top 32 bits of the RDI/RSI state across hypercalls, causing page faults when dereferencing a saved kernel stack address. The kernel workaround marks RDI/RSI as clob...
CVE-2026-23217
CVE-2026-23217 relates to the Linux kernel on RISC-V where tracing the sbi_ecall functions can cause a deadlock in the snapshot path. The root cause is that sbi_ecall triggers a ringbuffer snapshot which may re-enter __sbi_ecall via an IPI, creating an endless loop when initial __sbi_ecall is pre...
CVE-2026-23218
CVE-2026-23218 affects the Linux kernel (loongson-64bit GPIO). The root cause is an incorrect NULL check in loongson_gpio_init_irqchip() after devm_kcalloc(), where chip->parent was checked instead of chip->irq.parents. This mischeck can lead to a NULL dereference during IRQ chip init. The ...
CVE-2026-23255
The connected Amazon Linux advisory confirms CVE-2026-23255 is a Linux kernel vulnerability where /proc/net/ptype lacked proper RCU protection. The fix adds an explicit device pointer tracking and ensures RCU-compliant reads in ptype_seq_show(), with full READ_ONCE protection in ptype_seq_next() ...
CVE-2026-23351
CVE-2026-23351 affects the Linux kernel netfilter nft_set_pipapo data type. The issue is a use-after-free in the pipapo set when many elements are expired and the commit-time garbage collection (GC) can run for a long time in a non-preemptible context, triggering soft lockups and RCU stalls. The ...
CVE-2026-23450
CVE-2026-23450 (Linux kernel): The issue stems from a race in the SMC TCP path (net/smc) where, during close of an SMC listen socket, sk_user_data can be NULL or the smc_sock freed, causing a NULL dereference or use-after-free in smc_tcp_syn_recv_sock() when accessed under rcu/protected context. ...
CVE-2026-31392
CVE-2026-31392 concerns the Linux kernel SMB client and Kerberos username handling. The issue was fixed by ensuring the username mount option is respected when sec=krb5 is used, preventing reuse of an SMB session across mounts with different usernames. Connected OSV records show Debian/Ubuntu/roo...
CVE-2026-31429
Summary (supported): CVE-2026-31429 affects the Linux kernel, specifically a KFENCE interaction that caused a cross-cache free of KFENCE-allocated skb heads. The root cause was that kfence_ksize() could return the exact allocation size, leading to skb_end_offset matching SKB_SMALL_HEAD_HEADROOM a...
CVE-2026-31430
CVE-2026-31430 affects the Linux kernel: X.509 extensions parsing could read the first byte of an extension before checking length, causing out-of-bounds access. The vulnerability can be triggered by an unprivileged user submitting a crafted certificate via the keyrings(7) API. A PoC exists. The ...
CVE-2026-31504
The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...
CVE-2026-31528
The CVE-2026-31528 issue affects the Linux kernel PMU subsystem in perf, specifically during handling of performance event groups. The root cause is an incorrect use of event pointers across group operations: when group_sched_in() fails, the code may rollback using the wrong PMU, risking an out-o...
CVE-2026-31543
The CVE-2026-31543 entry concerns the Linux kernel. A vulnerability in crash_dump/logging: read_key_from_user_keying() incorrectly logged the first 8 bytes of the key payload when debug logging was enabled, partially exposing the dm-crypt key. The issue is resolved by stopping logging any key byt...
CVE-2026-31566
CVE-2026-31566 concerns the Linux kernel amdgpu driver (amdgpu_amdkfd_submit_ib). The issue arises when a fence reference is dma_fence_put()’ed before dma_fence_wait() completes, which can free the fence prematurely and trigger a use-after-free during job completion. Publicly documented fixes sho...
CVE-2026-31600
Summary of CVE-2026-31600 : Linux kernel arm64 memory management vulnerability where invalid large leaf mappings could cause a kernel panic due to mis-handling of cleared PTE_VALID bits. Publicly disclosed details describe the root cause in arm64 mm: handling invalid large leaf mappings and the o...
CVE-2026-31618
CVE-2026-31618 affects the Linux kernel fbdev subsystem, specifically the tdfxfb and udlfb drivers. The issue is a divide-by-zero crash in FBIOPUT_VSCREENINFO when the code uses pixclock for division, which can crash the system and lead to a DoS condition as described in the advisory. A fix has b...
CVE-2026-31642
The CVE-2026-31642 entry concerns the Linux kernel rxrpc module, where a flaw in call removal was fixed by using list_del_rcu() instead of list_del_init() to prevent infinite loops when reading /proc/net/rxrpc/calls. The underlying issue is that improperly deleting calls could disrupt list handli...
CVE-2026-31669
The CVE-2026-31669 entry pertains to the Linux kernel MPTCP code. A use-after-free could occur in IPv6 subflow sockets due to premature copying of tcpv6_prot into tcpv6_prot_override during early init, before proto_register(&tcpv6_prot) and its SLAB_TYPESAFE_BY_RCU cache is established. Consequen...
CVE-2026-31704
CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...
CVE-2026-43056
Summary: CVE-2026-43056 affects the Linux kernel net: mana component. A use-after-free can occur in add_adev() when auxiliary_device_add() fails and control falls through to init_fail, accessing adev->id after the release callback frees the containing struct mana_adev. Root cause: the code fre...
CVE-2026-43058
The CVE covers a Linux kernel issue in media: vidtv where vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, triggering MSAN warnings for uninitialized data. The root cause is stack-copy of the structs; the patch changes the functions to accept them by ...
CVE-2026-43078
The CVE-2026-43078 entry affects the Linux kernel crypto/af_alg component. A root-cause was an overflow in page reassignment within af_alg_pull_tsgl where the update to support page reallocation wasn’t fully reflected in the loop, allowing one extra page to be reassigned. The vulnerability is des...
CVE-2026-43112
The CVE-2026-43112 issue affects the Linux kernel CIFS (Common Internet File System) client, specifically the function cifs_sanitize_prepath. The vulnerability occurs when processing an empty string or a string consisting only of delimiters (for example "/"); the code may dereference cursor2-1 be...