13804 matches found
CVE-2025-38599
CVE-2025-38599 : The connected records confirm a Linux kernel vulnerability in the wifi/mt76 stack for the mt7996 device family. Affected component: kernel networking stack (mt7996_tx function). Root cause: Out-of-bounds access in mt7996_tx() when link_id is set to IEEE80211_LINK_UNSPECIFIED. Imp...
CVE-2025-38682
The CVE-2025-38682 entry details a Linux kernel vulnerability in i2c core: i2c_unregister_device() could double-free a fwnode when the i2c_client has a software-node as its primary fwnode. The root cause was unconditional fwnode_handle_put() on the i2c_client, which, if a software fwnode is prima...
CVE-2025-39796
CVE-2025-39796 affects the Linux kernel (net: lapbether: ignore ops-locked netdevs). According to connected sources, Syzkaller-triggered lock dependency via xsk_notify and register_netdevice could occur for notifier chains, with the fix skipping lapbeth for ops-locked devices to break the depende...
CVE-2025-39820
CVE-2025-39820 affects the Linux kernel DRM MSM DPU path (drm/msm/dpu). Root cause: drm_atomic_get_new_connector_state() may return NULL if the connector isn’t part of the atomic state, risking a NULL pointer dereference. The fix adds a NULL check in dpu_encoder_needs_modeset (mirroring the patte...
CVE-2025-39855
Summary: CVE-2025-39855 concerns the Linux kernel ICE driver (notably the E810’s low-latency TX timestamp interface). The bug occurs in ice_ptp_ts_irq() where the Tx timestamp tracker ice_ptp_tx is used before being initialized, risking NULL dereference or use-after-free if a TX timestamp interru...
CVE-2025-39858
The CVE-2025-39858 entry concerns a Linux kernel issue in mlx4_en_create_rx_ring where a NULL check after page_pool_create() could dereference an invalid pointer, since page_pool_create() returns ERR_PTR values. The fix replaces the NULL check with an IS_ERR() check to properly handle error point...
CVE-2025-39878
CVE-2025-39878 involves a Linux kernel issue related to ceph code: move_dirty_folio_in_page_array() incorrectly returns 0 (PTR_ERR(NULL)) after NULLing the pointer, causing errors to be silently ignored and leaving NULL entries in the page array, potentially crashing the kernel. The documented fi...
CVE-2025-39887
CVE-2025-39887 concerns a Linux kernel issue in tracing/osnoise where bitmap_parselist() could dereference a NULL pointer when handling a cpulist input in osnoise_cpus_write() (e.g., writing "0-2" to /sys/kernel/debug/tracing/osnoise/cpus with count=0). The vulnerability affected the kernel path ...
CVE-2025-39891
CVE-2025-39891 (Linux kernel) affects the wifi: mwifiex driver. The chan_stats[] memory is allocated with vmalloc() and not zeroed, and the array is only partially initialized in mwifiex_update_chan_statistics(). This can allow an information leak if data hasn’t been filled before a user query vi...
CVE-2025-39895
CVE-2025-39895: Linux kernel sched_numa_find_nth_cpu() could dereference a null pointer when the CPU mask used by sched_domains_numa_masks does not intersect with the cpus offline. The fix makes the function bail out when bsearch returns NULL instead of dereferencing, preventing a kernel Oops. Af...
CVE-2025-39909
CVE-2025-39909 concerns the Linux kernel’s DAMON module (mm/damon/lru_sort). The issue arises during the calculation of hot_thres and cold_thres when either sample_interval or aggr_interval is used as a divisor, risking division-by-zero. The fix adds validation and directly returns -EINVAL in suc...
CVE-2025-39912
This CVE (CVE-2025-39912) affects the Linux kernel nfs/localio path. The issue occurs when the nfsd filecache code releases the nfsd_file before creds are properly handled, triggering a BUG_ON in __put_cred via current->cred. The vulnerability is resolved by restoring credentials before releas...
CVE-2025-39926
CVE-2025-39926 in the Linux kernel fixes a logic error in genetlink: in genl_bind(), bind() could be invoked after a failed capability check (-EPERM), letting callbacks run for unauthorized callers. The patch ensures bind() is called only after successful permission checks (after the “if (ret) br...
CVE-2025-39932
Summary of CVE-2025-39932 (Linux kernel) : The issue affects the SMB/CIFS path in the Linux kernel where smbd_destroy() could destroy memory if post_send_credits_work is still pending. The root cause is that rxe_post_recv could be invoked after rdma_destroy_qp() due to put_receive_buffer() trigge...
CVE-2025-39943
CVE-2025-39943 affects the Linux kernel’s ksmbd smb_direct_data_transfer path. The vulnerability arises if data_offset or data_length in smb_direct_data_transfer are invalid, enabling an out-of-bounds condition. The cited patch adds validation in recv_done to guard against invalid offsets/lengths...
CVE-2025-39949
CVE-2025-39949 is a Linux kernel vulnerability in the qed protection override dump path. The firmware could return more GRC elements than the allocated dump buffer, enabling a write past the end of the buffer and causing a kernel panic (BUG: unable to handle kernel paging request). The issue is f...
CVE-2025-39963
CVE-2025-39963 is a Linux kernel vulnerability related to io_uring: in io_link_skb, prev_notif could be computed using the wrong value (nd instead of prev_nd), causing a context validation check to compare the current notification with itself. The issue is fixed by using the correct prev_nd when ...
CVE-2025-68333
The CVE-2025-68333 issue affects the Linux kernel, specifically a potential deadlock in sched_ext deferred_irq_workfn() on PREEMPT_RT=y configurations. The root cause is that deferred_irq_workfn() could run in a non-disable-irq context, leading to a lock sequence like lock(&rq->__lock); interr...
CVE-2025-68725
CVE-2025-68725 affects the Linux kernel. A patch adds validation to gso_type in GSO handlers to prevent BPF test infra from emitting invalid GSO types to the stack (triggered via BPF programs, e.g., when redirecting to loopback). The issue could allow a local attacker using the BPF test infra to ...
CVE-2025-71075
CVE-2025-71075 is fixed in the Linux kernel SCSI AIC94XX driver. The root cause was a race condition during device removal where asd_pci_remove() could free the asd_ha structure while pending tasklets still existed, enabling a use-after-free vulnerability. The patch synchronizes with pending work...
CVE-2025-71083
CVE-2025-71083 affects the Linux kernel’s graphics subsystem (drm/ttm). A evicted BOs object can exist not currently tied to a resource; when devcoredump attempts to read all BOs, the code may dereference a NULL pointer. The result is an ENODATA outcome instead of buffer contents. The CVE is addr...
CVE-2025-71084
CVE-2025-71084 (Linux kernel) fixes a leak in the multicast GID table reference within RDMA/cm. If the CM ID is destroyed while the multicast creation event is queued, cancel_work_sync() can prevent the work from running and destroy ah_attr, causing a refcount leak and a WARN in kernel logs. Affe...
CVE-2025-71100
CVE-2025-71100 affects the Linux kernel wifi rtl8192cu (rtlwifi). The issue arises when tid values from ieee80211_get_tid() may exceed the bounds of sta_entry->tids[] (MAX_TID_COUNT), triggering an out-of-bounds access and UBSAN warning. The patched code adds a bounds check to ensure TID
CVE-2025-71111
CVE-2025-71111 (Linux kernel) : A TOCTOU race in hwmon w83791d caused by a macro, FAN_FROM_REG, evaluating arguments multiple times in lockless contexts, potentially triggering divide-by-zero. The fix converts the macro to a static function (arguments evaluated once, by-value). Additionally, stor...
CVE-2025-71137
CVE-2025-71137 relates to the Linux kernel, where the octeontx2-pf driver patch fixes a UBSAN shift-out-of-bounds error by ensuring the RX ring size (rx_pending) is not set below the permitted length. This prevents UBSAN faults when users pass small or zero ring sizes via ethtool -G. The fix is a...
CVE-2025-71147
Technical details (affected products, specific root cause, impact, and remediation) are not publicly available in the provided documents. Monitor official advisories for updates.
CVE-2025-71157
CVE-2025-71157 affects the Linux kernel: RDMA/core path ib_del_sub_device_and_put() bug where a device reference grabbed by nldev_deldev() (via ib_device_get_by_index()) wasn’t dropped before returning -EOPNOTSUPP. The fix is to always drop the device refcount before returning, effectively solvin...
CVE-2025-71162
CVE-2025-71162 describes a use-after-free in the Tegra ADMA driver within the Linux kernel, triggered when an audio DMA buffer is freed during XRUN handling before the vchan completion tasklet runs. The race occurs after a DMA transfer completes and schedules a completion tasklet, while tegra_adm...
CVE-2025-71188
CVE-2025-71188 affects the Linux kernel DMA engine path for the lpc18xx-dmamux component, where a reference leak to the platform device during route allocation could occur. The fix drops the reference after looking up the DMA mux platform device, mitigating the leak. OSV entries show Root:Ubuntu ...
CVE-2025-71227
The CVE-2025-71227 entry relates to the Linux kernel wifi/mac80211 warning handling for connections on invalid channels. The Connected OSV records show the vulnerability has been patched in the Root:Rootio-Linux family (Root Debian/Ubuntu variants), with multiple fixed versions available across D...
CVE-2025-71229
CVE-2025-71229 is a Linux kernel vulnerability affecting the rtw88 Wi‑Fi driver (rtw_core_enable_beacon). The issue arises when the function reads 4 bytes from a non-4-byte-aligned address, which can trigger an alignment fault and crash the kernel on some systems. The fixed patch changes the acce...
CVE-2026-22987
CVE-2026-22987 concerns the Linux kernel net/sched subsystem. The issue arises when tcf_idrinfo_destroy() can pass an ERR_PTR(-EBUSY) as a tc_action pointer during netns teardown, leading to a dereference of an error pointer in tc_act_in_hw(). The fix adds a guard to skip ERR_PTR entries while it...
CVE-2026-23010
CVE-2026-23010 is a Linux kernel use-after-free affecting inet6_addr_del() in IPv6 address deletion. The issue arises from the commit that moved ipv6_del_addr() for temporary addresses before reading the ifp->flags, causing a UAF in inet6_addr_del() when handling inet6_ifaddr during address de...
CVE-2026-23019
CVE-2026-23019 describes a NULL dereference in the Linux kernel’s net: marvell: prestera code. The root cause is that prestera_devlink_alloc() calls devlink_priv() on the pointer returned by devlink_alloc() without verifying that the pointer is non-NULL; if allocation fails, this leads to a NULL ...
CVE-2026-23020
CVE-2026-23020 is a Linux kernel issue affecting the 3com 3c59x driver. The vulnerability stems from a potential NULL dereference in vortex_probe1(), where a null pdev could lead to a NULL dereference and later calls to free_ring. The vulnerability was fixed in the upstream kernel as part of the ...
CVE-2026-23021
CVE-2026-23021 affects the Linux kernel component: net: usb: pegasus. The memory leak occurs in update_eth_regs_async() when usb_submit_urb() fails, failing to release resources allocated up to that point. Public advisories indicate upstream kernel fixes (e.g., 6.6.130 lineage and related patches...
CVE-2026-23025
CVE-2026-23025 : In the Linux kernel, drain_page_zone() could corrupt per-CPU pages (pcp) when an interrupt occurs and code path uses spin_lock(&pcp->lock) with SMP=n, because spin_trylock() may fail. The issue enables potential pcp structure corruption. The fix adds local wrappers that conver...
CVE-2026-23063
CVE-2026-23063 pertains to the Linux kernel, specifically the UACCE accelerator framework. The issue arises in the queue release path for uacce_queue when resources could be freed concurrently (e.g., during poweroff -f with accelerators still active). The root cause is unsafe sequencing of operat...
CVE-2026-23070
CVE-2026-23070 is an in-kernel issue affecting the Linux kernel (noted in Debian/SUSE advisories) related to Octeontx2-af hardware. The vulnerability stems from missing/insufficient checks for fwdata in the shared firmware structure accessed by the MAC block (CGX/RPM). On boards booted without MA...
CVE-2026-23073
CVE-2026-23073 (Linux kernel) affects the wifi RSI driver. The root cause is memory corruption caused by not allocating space for the driver data in the trailing‑space field of struct ieee80211_vif. Specifically, RSI911x fails to set the vif driver data size, causing writes to vif->drv_priv to...
CVE-2026-23102
CVE-2026-23102 affects the ARM64/Linux kernel path arm64/fpsimd: signal, where restoring SVE signal context with SME enabled can put a task into an invalid state. The vulnerability allows out-of-bounds memory reads or a potential fatal fault, or task termination via SIGKILL, if SVE signal data is...
CVE-2026-23115
CVE-2026-23115 concerns the Linux kernel serial subsystem. The issue is a race where tty->port may not be linked before uart_configure_port is invoked, allowing user-space to open a console without a linked TTY and risking a crash. The fix notes that tty_port_link_device() is not redundant and...
CVE-2026-23128
CVE-2026-23128 affects the Linux kernel on ARM64, where the hibernation resume path swsusp_arch_resume() could trigger a Control-Flow Integrity (CFI) hash check mismatch during resume, leading to a DABT fault on Android-based devices. The root cause is that swsusp_arch_suspend_exit() is not accom...
CVE-2026-23146
Technical details for CVE-2026-23146 are not provided in the supplied connected documents; the materials only reference the vulnerability as part of Ubuntu/Mageia/Oracle advisories. Monitor for updates.
CVE-2026-23172
Technical details for CVE-2026-23172 are not publicly available in the provided documents; monitor for updates.
CVE-2026-23173
CVE-2026-23173 affects the Linux kernel mlx5e driver (TC flow offload). The issue arises when deleting TC steering flows: the code previously iterated over all possible ports, potentially touching non-existent peers and risking a NULL pointer dereference. The fix ensures cleanup only occurs for d...
CVE-2026-23184
CVE-2026-23184 concerns a Linux kernel use-after-free in binder_netlink_report() triggered by a BR_TRANSACTION_PENDING_FROZEN path in binder_proc_transaction(). A one-way transaction to a frozen target could be treated as successful, leading to unsafe access to a transaction structure after a pen...
CVE-2026-23187
CVE-2026-23187 is tied to the Linux kernel: a bug in pmdomain/imx8m-blk-ctrl could trigger an out-of-range access to bc->domains in imx8m_blk_ctrl_remove(), potentially leading to memory corruption. The issue is acknowledged and listed in SUSE-SU-2026:1661-1 as CVE-2026-23187, with the fix des...
CVE-2026-23196
CVE-2026-23196 affects the Linux kernel through the Intel THC HID driver, where a NULL pointer dereference can occur when reading a DMA buffer. The root cause is missing a DMA buffer readiness check before access, potentially crashing the kernel. Red Hat’s advisory explicitly cites this NULL dere...
CVE-2026-23200
CVE-2026-23200: In the Linux kernel, a bug in ipv6 ECMP handling occurred when clearing RTF_ADDRCONF during static route addition, causing a mismatch between the fib6_next chain and fib6_siblings list and triggering a kernel BUG. The fix (as described in the report) is to clear RTF_ADDRCONF only ...