13804 matches found
CVE-2025-39774
CVE-2025-39774 affects the Linux kernel driver iio: adc: rzg2l_adc. The issue arises when a loop unbinds/binds the ADC (which may serve another device like a thermal block) and the ADC is resumed by runtime PM before drvdata is set, causing a crash in runtime PM callbacks that rely on drvdata. Th...
CVE-2025-39785
CVE-2025-39785 is a Linux kernel vulnerability affecting the drm/hisilicon/hibmc path. The issue arises from using a local irq name variable in irq_request(); it is passed to request_irq() and can lead to a use-after-free, causing request_irq to fail. The fixes switch to using a global irq name i...
CVE-2025-39791
The vulnerability CVE-2025-39791 affects Linux kernel dm-crypt targets (zoned devices) where BIOs can be split to respect max_read_size/max_write_size. For zoned targets, splitting could cause a deadlock or data corruption if a splitBIO reminder re-enters the queue or if zone-append processing is...
CVE-2025-39855
Summary: CVE-2025-39855 concerns the Linux kernel ICE driver (notably the E810’s low-latency TX timestamp interface). The bug occurs in ice_ptp_ts_irq() where the Tx timestamp tracker ice_ptp_tx is used before being initialized, risking NULL dereference or use-after-free if a TX timestamp interru...
CVE-2025-39870
Mode C: The CVE-2025-39870 is a Linux kernel vulnerability in dmaengine: idxd, where a double free could occur in idxd_setup_wqs() due to error handling paths (conf_dev uninitialized when max_wqs
CVE-2025-39872
Summary (CVE-2025-39872) : The vulnerability affects the Linux kernel’s hsr code path. The bug arises in hsr_get_port_ndev, where hsr_for_each_port requires an RCU lock while the caller later needs a valid device reference, creating a UaF risk. Documents from Red Hat, Debian, and OSS/OSV portals ...
CVE-2025-39882
CVE-2025-39882 affects the Linux kernel DRM/mediatek path. The issue originated from for_each_child_of_node() handling that drops a node reference during iteration, leading to a use-after-free when an extra reference decrement was applied on each loop iteration. The fix removes this bogus referen...
CVE-2025-39903
The CVE-2025-39903 issue affects the Linux kernel and relates to NUMA memory initialization. The root cause was that memory-only NUMA nodes (nodes without CPUs) were not properly initialized, causing a NULL pointer dereference in free_area_init when NODE_DATA() is accessed for these uninitialized...
CVE-2025-39922
CVE-2025-39922 : In the Linux kernel, the ixgbe driver fixed an incorrect map used in EEE linkmode population. The code previously used ixgbe_lp_map in loops that should populate the supported and advertised EEE linkmodes based on ixgbe_ls_map, causing incorrect bit settings and potential out-of-...
CVE-2025-39929
CVE-2025-39929 affects the Linux kernel SMB client code, specifically a leak in smbdirect_recv_io within smbd_negotiate() error path. The vulnerability is mapped to a LOCAL attack, with MEDIUM overall CVSS (base 5.5) and HIGH impact on availability. The description in the initial document notes t...
CVE-2025-39933
CVE-2025-39933 affects the Linux kernel SMB client: recv_done verification of data_offset, data_length and remaining_data_length (a local‑vector issue). The vulnerability is acknowledged in multiple advisories (e.g., RHSA-2026:1727, ALSA-2026:0793, RLSA advisories) and is linked to kernel fixes i...
CVE-2025-39934
CVE-2025-39934: Linux kernel drm: bridge: anx7625 fixes a NULL pointer dereference when an IRQ fires before resource initialization, potentially accessing uninitialized I2C tcpc_client data. The NVD entry notes a MEDIUM base score (5.5) with LOCAL attack vector and LOW PR, HIGH impact on availabi...
CVE-2025-39942
CVE-2025-39942 is a Linux kernel vulnerability affecting the ksmbd smbdirect component. The issue, described as: “verify remaining_data_length respects max_fragmented_recv_size,” is a refinement inspired by the existing check for data_offset + data_length. The connected sources identify this CVE ...
CVE-2025-39943
CVE-2025-39943 affects the Linux kernel’s ksmbd smb_direct_data_transfer path. The vulnerability arises if data_offset or data_length in smb_direct_data_transfer are invalid, enabling an out-of-bounds condition. The cited patch adds validation in recv_done to guard against invalid offsets/lengths...
CVE-2025-39945
The CVE-2025-39945 entry concerns a race in the Linux kernel cnic subsystem where a use-after-free can occur if a delayed work item (delete_task) remains active during cnic_dev deallocation. The root cause is that cancel_delayed_work() does not guarantee the delayed work item has finished if it i...
CVE-2025-39956
Mode C: The CVE-2025-39956 entry concerns the Linux kernel igc driver: if igc_led_setup() fails during igc_probe(), the probe previously failed and could trigger a kernel panic in free_netdev() due to unregister_netdev() not being called. The published fixes treat LED setup failures as non-fatal,...
CVE-2025-71091
The CVE-2025-71091 issue is in the Linux kernel: when a port is disabled but queue priority changes are processed, team_queue_override_port_prio_changed() could run a del on an already-removed list node, triggering a kernel bug. The fix adds an early return when the port is not enabled to avoid t...
CVE-2025-71116
CVE-2025-71116 is a Linux kernel issue affecting libceph: the decoding of osdmap envelopes (decode_pool) could perform out-of-bounds reads if the encoded length is too short for the encoding version. The connected sources indicate the fix adds explicit bounds checks for each decoded/skipped field...
CVE-2025-71190
CVE-2025-71190 refers to a Linux kernel vulnerability in the DMA Engine, specifically the bcm-sba-raid driver. The issue is a device reference leak that can occur during probe, leading to leaked mailbox device references if probe fails or driver is unbound. The fixed code drops the reference to t...
CVE-2026-22985
CVE-2026-22985 affects the Linux kernel idpf driver. The vulnerability causes a NULL pointer dereference when ethtool operations (e.g., rxhash) are invoked before the interface is up due to the RSS LUT not being initialized. The fix moves RSS LUT initialization from ndo_open to vport creation to ...
CVE-2026-23015
CVE-2026-23015 relates to the Linux kernel gpio_mpsse driver: a reference leak in gpio_mpsse_probe() error paths due to usb_get_dev() not being released. The fix uses device-managed helper functions and removes the usb_put_dev() call in the disconnect path, allowing automatic release of the refer...
CVE-2026-23064
CVE-2026-23064 affects the Linux kernel’s net/sched implementation, specifically the act_ife action. The vulnerability is a NULL pointer dereference in tcf_ife_encode()/ife_encode() that could trigger a general protection fault/oops when a NULL is encountered. The provided trace shows the fault p...
CVE-2026-23076
CVE-2026-23076 affects the Linux kernel ALSA ctxfi driver: a potential out-of-bounds access in the audio mixer handling due to using conj as a loop index and referencing it in amixer_index() and sum_index(). The issue stems from lack of proper re-initialization of conj, enabling OOB reads at ctam...
CVE-2026-23096
CVE-2026-23096 affects the Linux kernel UACCE accelerator framework (uacce). The issue is in the cleanup path: if cdev_device_add fails, the kernel releases the cdev memory, and later a cdev_device_del could hang. The fix adds a check on the return value of cdev_device_add and clears uacce->cd...
CVE-2026-23127
CVE-2026-23127 affects the Linux kernel perf subsystem. The issue is caused by a refcount warning in perf_mmap_rb() when updating event->mmap_count during group-member mmap creation with PERF_FLAG_FD_OUTPUT. Specifically, refcount_inc(&event->mmap_count) can run when mmap_count is 0, trigge...
CVE-2026-23129
Technical details for CVE-2026-23129 are not publicly available in the provided documents. The materials note a fix in Linux kernel dpll duplicate registrations and enforcing a single registration, but no further technical specifics are included. Monitor vendor advisories for updates.
CVE-2026-23131
CVE-2026-23131 : In the Linux kernel, hp-bioscfg registers kobjects for attributes read from WMI. If the HP BIOS returns attributes with empty names, the registration can trigger kobject warnings and parsing may fail. The fix adds validation in hp_init_bios_buffer_attribute() to skip registration...
CVE-2026-23140
CVE-2026-23140 is a Linux kernel vulnerability resolved in kernel patches related to BPF/XDP handling. The issue arises in bpf_test_run where the metadata size isn’t constrained by the actual xdp_frame headroom, allowing a userspace-supplied metadata size that can exhaust headroom. In live packet...
CVE-2026-23141
CVE-2026-23141 affects the Linux kernel (btrfs subsystem) where btrfs: send: check for inline extents in range_is_hole_in_parent() failed to verify inline extents before accessing the disk_bytenr field. The bug could allow an invalid memory access when inline data is accessed, or when the inline ...
CVE-2026-23148
CVE-2026-23148 describes a race in the Linux kernel’s nvmet path where a completed bio can be re-submitted and dereferenced after bio_uninit() clears bio->bi_blkg, leading to a NULL pointer dereference in blk_cgroup_bio_start(). The race occurs when nvmet_bio_done() and nvmet_req_complete() in...
CVE-2026-23168
CVE-2026-23168 affects the Linux kernel (example: kernel6.12 lineage and Oracle/Amazon Linux advisories) where a race in the flexible proportions code (fprop_new_period) can cause a sequence counter write under softirq/hardirq interaction, potentially enabling a deadlock in certain writeout paths...
CVE-2026-23169
CVE-2026-23169 is a Linux kernel vulnerability where a race in mptcp_pm_nl_flush_addrs_doit() could crash the kernel. Root cause: list_splice_init() is not RCURED and cannot be called while holding pernet->lock spinlock; list_splice_init_rcu() was misusefully invoked in that context. The issue...
CVE-2026-23171
CVE-2026-23171 is a Linux kernel bonding driver use-after-free bug. It occurs when an enslave failure happens after a new slave is added to the bond’s slave array, risking use-after-free because the new slave could be used before cleanup frees it. The fixed sequence moves the slave-array update t...
CVE-2026-23185
In the Linux kernel vulnerability CVE-2026-23185, the issue is in the wifi: iwlwifi: mld: cancel mlo_scan_start_wk. The work mlo_scan_start_wk is not canceled on disconnection and is not canceled elsewhere except in restart cleanup. This can cause an init-after-queue issue if the work was queued ...
CVE-2026-23208
CVE-2026-23208 — Linux kernel ALSA USB audio OOB write fix . The issue arose when user-provided ALSA USB audio parameters led to an out-of-bounds write: calculated frames (packsize[0] * packets) exceeded URB buffer, triggering KASAN slab-out-of-bounds in sound/usb/pcm.c. The patch adds a safety c...
CVE-2026-23220
CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...
CVE-2026-23245
CVE-2026-23245 (Linux kernel, net/sched) is resolved. The vulnerability allowed replacing a gate action’s parameters while the hrtimer callback or a dump path walked the schedule list. The fix converts gate parameter updates from plain pointers to an RCU-protected snapshot , swapping updates unde...
CVE-2026-23273
The CVE refers to a Linux kernel macvlan race: macvlan_common_newlink() can reveal a device before error handling under an RCU grace period, leading to a use-after-free as shown by a KASAN report. Connected OSV entries confirm patches in Rootio-Linux for Root:Debian/Ubuntu variants (Root-OS-DEBIA...
CVE-2026-23361
CVE-2026-23361 affects the Linux kernel PCIe design (dwc: ep) where a posted MSI-X write may race with ATU unmapping, potentially corrupting host memory or triggering IOMMU errors. The mitigation described in the public description is to flush the write by performing a readl() on the same address...
CVE-2026-23461
CVE-2026-23461: In the Linux kernel Bluetooth L2CAP, l2cap_register_user() and l2cap_unregister_user() did not consistently acquire conn->lock, creating a race with l2cap_conn_del() that can access conn->users and conn->hchan concurrently. This caused use-after-free and list corruption. ...
CVE-2026-31407
The CVE-2026-31407 entry covers a Linux kernel netfilter conntrack issue where missing netlink policy validations allow a local attacker to craft input that can cause a slab-out-of-bounds access in sctp/ctnetlink, via using unvalidated CTA_PROTOINFO_SCTP_STATE values and accessing ct->master-&...
CVE-2026-31412
The CVE-2026-31412 vulnerability exists in the Linux kernel USB gadget f_mass_storage implementation, where an unchecked left shift of data_size_from_cmnd by blkbits could overflow, truncating data size and enabling memory corruption or out-of-bounds access. The root cause is lack of overflow val...
CVE-2026-31429
Summary (supported): CVE-2026-31429 affects the Linux kernel, specifically a KFENCE interaction that caused a cross-cache free of KFENCE-allocated skb heads. The root cause was that kfence_ksize() could return the exact allocation size, leading to skb_end_offset matching SKB_SMALL_HEAD_HEADROOM a...
CVE-2026-31462
CVE-2026-31462 concerns the Linux kernel DRM/AMDGPU PASID reuse issue where a process reusing a PASID could leave pending page faults in the IH ring buffer after exit. The fix uses an idr cyclic allocator to prevent immediate PASID reuse. Connected OSV entries show Root has patched this CVE in ro...
CVE-2026-31554
The CVE-2026-31554 entry concerns a Linux kernel futex requeue issue: using sys_futex_requeue() with different flags could enable a use-after-free/UaF condition. To fix, the code now requires identical flags for sys_futex_requeue() (matching the behavior of old-style sys_futex() requeue). The vul...
CVE-2026-31557
Summary of CVE-2026-31557 (Linux kernel) : The issue affects the NVMe over Fabrics target (nvmet/nvmet_rdma) where flushing an asynchronous-event work item on nvmet-wq can recurse the same worker, risking a deadlock and DoS. The root cause is a potential re-entrant lock when nvmet_ctrl_free() flu...
CVE-2026-31623
The CVE-2026-31623 issue affects the Linux kernel net: usb: cdc-phonet driver. A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers in rx_complete(). The consequence described is a ...
CVE-2026-31669
The CVE-2026-31669 entry pertains to the Linux kernel MPTCP code. A use-after-free could occur in IPv6 subflow sockets due to premature copying of tcpv6_prot into tcpv6_prot_override during early init, before proto_register(&tcpv6_prot) and its SLAB_TYPESAFE_BY_RCU cache is established. Consequen...
CVE-2026-31684
The CVE-2026-31684 issue is in the Linux kernel’s net/sched pathology (act_csum) where tcf_csum_act() reads nested VLAN headers directly from skb->data if the payload contains VLAN tags, and may read VLAN_HLEN bytes before guaranteeing the full header is present. The root cause is that the cod...
CVE-2026-31687
The CVE-2026-31687 issue concerns the Linux kernel GPIO/omap driver: omap_mpuio_driver was registered from omap_gpio_probe() and could deadlock because a device lock may be held during probe, compounded by the driver core changes enforcing device_lock for driver_match_device(). The driver was als...