14330 matches found
CVE-2026-43302
CVE-2026-43302 affects the Linux kernel with the drm/v3d DMA API debug path. A vulnerability was resolved by ensuring max_seg_size is set to the maximum, preventing debug_dma_map_sg() warnings about SG segment lengths (len=8290304, max=65536) when V3D rendering is used with CONFIG_DMA_API_DEBUG e...
CVE-2026-43409
CVE-2026-43409 affects the Linux kernel kprobes subsystem: when ftrace is disabled due to errors, removing a module that uses kprobes can crash the system because kprobes_ftrace_disabled is not correctly handled. Root cause: kprobe_ftrace_disabled flag mishandling in __disarm_kprobe_ftrace(). Mit...
CVE-2026-43487
The CVE-2026-43487 entry concerns the Linux kernel (ata: libata-core) and the ST1000DM010-2EP102 drive. A user report indicated that Link Power Management (LPM) on this drive caused random system freezes. The fix implemented in the kernel disables LPM for this device, addressing the issue. The af...
CVE-2026-43488
CVE-2026-43488 : Linux kernel xHCI driver vulnerability where a Host Controller Error (HCE) on UAS storage plug/unplug could trigger an interrupt storm. The issue occurred as xhci_irq() logged a warning and assumed activity would stop, but storms persisted on some hosts. Mitigation implemented by...
CVE-2026-45846
CVE-2026-45846 affects the Linux kernel bareudp code path. The vulnerability arises in bareudp_fill_metadata_dst(), which passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. If the bareudp device is down (socket not created or already NULLed in bareudp_stop)...
CVE-2026-45860
CVE-2026-45860 affects the Linux kernel netfilter nf_conncount, where tracking more than eight new connections per jiffy could cause the connection list to not be cleaned up promptly, potentially exhausting the connection limit and enabling denial of service. The issue is mitigated by a fix that ...
CVE-2026-45864
CVE-2026-45864 – ntfs3 loop mitigation in Linux kernel Concrete details across connected documents show that the vulnerability stems from the ntfs3 implementation in the Linux kernel, where processing the valid range could loop indefinitely if the next valid value could not be retrieved (e.g., th...
CVE-2026-45871
CVE-2026-45871 affects the Linux kernel TPM subsystem (st33zp24 driver). A failure in get_burstcount() can return -EBUSY on timeout, causing st33zp24_send() to exit without releasing the previously acquired locality, risking resource exhaustion and local DoS by making the TPM device unavailable. ...
CVE-2026-45876
CVE-2026-45876 affects the Linux kernel (arm64 architecture) in the arch_set_shadow_stack_status flow. The bug arises from error handling in alloc_gcs(), which can return an error-encoded pointer from do_mmap() instead of NULL. A NULL-based check fails to detect these errors, risking use of an in...
CVE-2026-45881
The CVE-2026-45881 issue affects the Linux kernel’s MediaTek SVS driver (svs_enable_debug_write). The bug is a memory leak where a buffer allocated by memdup_user_nul() is not freed if kstrtoint() fails. The cited fix changes the cleanup to use __free(kfree) to automatically free the buffer, elim...
CVE-2026-45905
CVE-2026-45905 is a Linux kernel networking vulnerability in the xfrm/icmp_route_lookup reverse path. The race occurs during ICMP error handling when a concurrent address change may cause ip_route_input() to return a LOCAL route with a dst that can trigger a WARN_ON in ip_rt_bug. The fix checks t...
CVE-2026-45909
CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...
CVE-2026-45934
CVE-2026-45934 covers a Linux kernel btrfs issue where non-consecutive gaps in chunk allocation can create overlapping chunk maps, leading to aborts of filesystem operations (e.g., insert_dev_extents in btrfs_create_pending_block_groups) and a DoS-like effect. Public records describe the root cau...
CVE-2026-45948
CVE-2026-45948 (Linux kernel): The issue is a memory leak in ext4_ext_shift_extents() where a NULL extent in the while loop causes an early return without releasing the ext4_find_extent() path. The fix adds a jump to the out label to ensure proper path release, preventing leaked memory. Affected ...
CVE-2026-45975
CVE-2026-45975 is a Linux kernel vulnerability in the ublk subsystem where a race condition can occur reading struct ublksrv_ctrl_cmd from userspace-mapped memory in the io_uring_sqe. The fix uses READ_ONCE() to copy ublksrv_ctrl_cmd from the io_uring_sqe to a local stack copy and then operates o...
CVE-2026-46007
CVE-2026-46007 targets the Linux kernel hwmon: powerz code, where a DMA transfer buffer may accidentally share a cacheline with a mutex, enabling a cacheline sharing risk for DMA. The issue is mitigated by using the high‑level DMA helpers to ensure no cacheline sharing occurs, and by removing the...
CVE-2026-46016
CVE-2026-46016 is a Linux kernel remoteproc issue for the xlnx driver where the receive callback does not guard against NULL messages, potentially enabling a crash scenario and requiring a fix. The publicly referenced OSV entries indicate patches have been released/applied in some distributions (...
CVE-2026-46018
CVE-2026-46018 is a Linux kernel issue in ALSA: usb-audio (UAC2) where parse_uac2_sample_rate_range() capped at MAX_NR_RATES but only broke the inner loop; a malformed UAC2 RANGE could continue parsing and flood with "invalid uac2 rates". The fix stops the whole parse at the cap and returns the c...
CVE-2026-46021
The CVE-2026-46021 entry concerns the Linux kernel thermal subsystem. A defect in thermal_zone_device_register_with_trips() could leave a governor attached to a zone after failure, causing a memory leak, while thermal_zone_device_unregister() could race with governor updates via sysfs and trigger...
CVE-2026-46022
CVE-2026-46022 relates to the Linux kernel code in misc: ibmasm where an OOB MMIO read occurs in ibmasm_handle_mouse_interrupt due to unbounded queue index usage. The root cause is unbounded values from get_queue_reader()/get_queue_writer() fed into get_queue_entry(), producing a potentially inva...
CVE-2026-46049
CVE-2026-46049 concerns the Linux kernel ALSA ctxfi driver (S/PDIF path). The issue arises in spdif_passthru_playback_setup() when pll_rate is not updated (remains 0), causing the MSR calculation loop to spin if 32000 Hz is skipped. The fix adds a fallback: if atc->pll_rate is 0, use atc->r...
CVE-2026-46065
CVE-2026-46065 affects the Linux kernel framebuffer (fbdev) defio mechanism. The issue arises from disconnecting deferred I/O from the lifetime of struct fb_info, by holding state in struct fb_deferred_io_state and freeing the instance only after the final mapping closes. If fb_info/defio are fre...
CVE-2026-46075
CVE-2026-46075 concerns the Linux kernel crypto driver crypto: atmel-sha204a. The available details describe a fix for potential use-after-free (UAF) and a memory leak in the remove path. The remediation includes:Unregistering the hwrng to stop new read() calls and flushing the Atmel I2C workqueu...
CVE-2026-46084
CVE-2026-46084 : In the Linux kernel, the mana_ib driver fails to disable vPort RX steering when destroying RSS QP, leaving stale steering that may reference freed RX WQ objects. If traffic continues and a VF is brought up, the firmware can deliver completions using old CQ IDs, causing RX complet...
CVE-2026-46085
CVE-2026-46085 affects the Linux kernel rxrpc subsystem (rxkad crypto unalignment handling). The vulnerability arises from processing a packet with a misaligned crypto length and from handling non-ENOMEM decryption errors, with the WARN_ON_ONCE removal enabling remote triggering of issues. A remo...
CVE-2026-46109
The CVE-2026-46109 issue concerns the Linux kernel USB ULPI code. Specifically, memory allocated for the ulpi structure could be leaked if ulpi_of_register() or ulpi_read_id() failed before device_register() was invoked, despite a previous fix targeting a different error path. The authoritative m...
CVE-2026-46139
CVE-2026-46139 covers the Linux kernel SMB client: when building an ACL descriptor in build_sec_desc(), a kzalloc-based allocation fix was introduced to zero-initialize the security descriptor buffer, replacing a previous kmalloc path. The change splits struct smb_acl's __le32 num_aces into __le1...
CVE-2026-46140
CVE-2026-46140 affects the Linux kernel Bluetooth btmtk driver. The wmt event handling in btmtk_usb_hci_wmt_sync() casts SKB data to btmtk_hci_wmt_evt structures (7/9 bytes) without ensuring sufficient payload, risking out-of-bounds reads from SKB tailroom when a short firmware response is receiv...
CVE-2026-46146
CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...
CVE-2026-46168
The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...
CVE-2026-46187
CVE-2026-46187 – summary of documented fixes : In the Linux kernel, the wifi: rsi driver experienced a kthread lifetime race between self-exit and external-stop, causing a UAF if the exited thread is accessed after free. The confirmed remediation is to remove kthread_stop() and wait for the self-...
CVE-2026-46188
CVE-2026-46188 affects the Linux kernel in the octeon_ep_vf driver. The vulnerability arises because napi_build_skb() can return NULL on allocation failure and __octep_vf_oq_process_rx() uses the result without checking for NULL in both the single-buffer and multi-fragment paths, causing a NULL p...
CVE-2026-46213
The CVE-2026-46213 issue affects the Linux kernel HID Apple keyboard driver (appletb-kbd). A use-after-free (UAF) in the inactivity-timer cleanup path during driver tear-down was fixed by reordering teardown: (1) call hid_hw_close()/hid_hw_stop() before backlight cleanup to prevent late callbacks...
CVE-2026-46247
Summary: CVE-2026-46247 affects the Linux kernel gfx3d clock driver. The root cause was an incorrect parent map during GFX3D clock rate determination, which prevented the best_parent_hw from being provided, leading to a crash. The fix adds the missing field in the parent request mapping (in addit...
CVE-2026-46271
CVE-2026-46271 concerns the Linux kernel ath12k Wi‑Fi driver. When a multi‑link connection is active, WoW offloads were enabled on both the primary and secondary links, potentially crashing firmware on WCN7850 devices (denial of service). The fix changes WoW offloads to run only on the primary li...
CVE-2026-46272
The CVE-2026-46272 issue is a race in the Linux kernel CoreSight TMC ETR driver that occurs when sysfs and perf modes are enabled concurrently. A WARN_ON in tmc_etr_enable_hw() can trigger due to a race between the two critical regions (sysfs buffer allocation vs. hardware enablement). The fix ad...
CVE-2026-46327
In the Linux kernel dm subsystem, the vulnerability centers on dm_blk_report_zones checking for suspended state without holding locks, allowing a race where the device may be suspended immediately after the check. The fix moves the dm_suspended_md check to occur after dm_get_live_table, ensuring ...
CVE-2026-53152
CVE-2026-53152 affects the Linux kernel dw_mmc-rockchip driver. Older RK SoCs (rk2928, rk3066, rk3188) lacked required private data, leading to NULL-pointer dereferences when the init code accessed missing phase/driver data. The vulnerability is resolved by the commit ff6f0286c896, which adds the...
CVE-2026-53202
The CVE-2026-53202 issue affects the Linux kernel component accel/ivpu in IPC receive handling. It describes a signed integer truncation when data_size from firmware is cast to a signed int, leading to a potential unsigned wraparound with large values (≥ 0x80000000). This could enable oversized m...
CVE-2026-53245
CVE-2026-53245 affects the Linux kernel in net/802/mrp due to a parsing logic error in mrp_pdu_parse_vecattr. The vector-attribute event encoding and valen handling could cause out-of-sync FirstValue processing and misapplication of events, leading to corruption of offsets during PDU parsing and,...
CVE-2022-50063
CVE-2022-50063 is a Linux kernel issue affecting the DSA felix driver, where dsa_tree_notify handling can cause repeated tagging-protocol changes and lead to a kernel crash. The root cause is described as suppressing non-changes to the tagging protocol in felix_change_tag_protocol(), which can tr...
CVE-2022-50122
CVE-2022-50122 covers a Linux kernel vulnerability in the ASoC Mediatek MT8173-rt5650 driver. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount; the correct fix is to call of_node_put() when the reference is no longer needed. The provid...
CVE-2022-50242
CVE-2022-50242 pertains to the Linux kernel driver in the qlcnic SR-IOV path. The vulnerability arises in the function qlcnic_sriov_init() when allocating virtual ports (vp); if vp allocation fails, previously allocated vps are not freed, creating a potential memory leak. The connected advisories...
CVE-2022-50272
CVE-2022-50272 affects the Linux kernel’s media: dvb-usb az6027 driver. In az6027_i2c_xfer(), a null-ptr-deref can occur when an I2C message has addr 0x99 with len=0 and buf=NULL, allowing a kernel crash. The fix is to validate msg[i].len before accessing msg[i].buf. Unity Linux advisories (UTSA-...
CVE-2022-50276
CVE-2022-50276 is a Linux kernel issue: when kmalloc() fails in kasprintf(), propname becomes NULL and a strcmp() dereferences it in of_get_property(), causing a NULL pointer dereference. The fix is to return ENOMEM when kasprintf() returns NULL. The vulnerability affects the kernel's power suppl...
CVE-2022-50289
CVE-2022-50289 concerns the Linux kernel OCFS2 subsystem. The provided advisories describe a memory leak in ocfs2_stack_glue_init() where ocfs2_table_header must be freed if ocfs2_sysfs_init() fails, to prevent a kmemleak-detected memleak. The root cause is the missing free path during initializa...
CVE-2022-50310
Summary: CVE-2022-50310 affects the Linux kernel and describes a use-after-free (UAF) in ip6mr_sk_done() when addrconf_init_net() fails during net initialization. The vulnerability arises because devconf_all is freed during addrconf_init_net() failure, but ip6mr_sk_done() later accesses devconf-&...
CVE-2022-50317
CVE-2022-50317 affects the Linux kernel, specifically the DRM bridge driver for Megachips (stdp2690 and stdp4028). The issue is a null-pointer dereference that occurs when removing the module because the two bridges are not probed concurrently, causing ge_b850v3_register() not to be called for in...
CVE-2022-50319
CVE-2022-50319 affects the Linux kernel’s coresight/trbe path. The vulnerability stems from cpuhp_state_add_instance() and cpuhp_state_remove_instance() not being used in proper pairs, which can trigger a warning in cpuhp_remove_multi_state() due to a non-empty cpuhp_step list, potentially leavin...
CVE-2022-50325
CVE-2022-50325 (Linux kernel) is detailed in connected documents as an ASoC: Intel avs issue, where firmware may return an invalid RX size for LARGE_CONFIG_GET, causing memcpy_fromio() to copy too many bytes. Root cause: RX size handling overflow in the RX buffer due to missing bounds check. Miti...