Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/02/14 4:1 p.m.27 views

CVE-2026-23149

Summary: CVE-2026-23149 affects the Linux kernel DRM subsystem, specifically drm_gem_change_handle_ioctl(). The vulnerability arises because GEM buffer object handles are u32 in the user API while internal idr_alloc() uses int ranges, causing a kernel warning (WARN_ON_ONCE) when a handle larger t...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2025/08/22 4:3 p.m.26 views

CVE-2025-38672

CVE-2025-38672 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable over a GEM object’s lifetime, leading to NULL-pointer dereference when the final GEM handle is released. The fix reverts the earlier change by reverting drm/gem-dma: Use dma_buf from GEM ob...

5.5CVSS6.7AI score0.00121EPSS
CVE
CVE
added 2025/09/04 3:33 p.m.26 views

CVE-2025-38722

CVE-2025-38722: Linux kernel HABANA Labs export_dmabuf() UAF due to race between descriptor table fd_install() and object destruction in ->release(). Root cause: a descriptor in dma_buf_fd() may be installed and used while the referenced file/object could be freed, leading to use-after-free. M...

7.8CVSS5.7AI score0.00142EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.26 views

CVE-2025-38731

CVE-2025-38731: In the Linux kernel, the drm/xe driver fixes a double-free in xe_vm_bind_ioctl when an array bind argument check fails. The bug freed bind_ops twice; the fix nulls bind_ops after freeing to prevent a second free. Root cause: double-free in xe_vm_bind_ioctl+0x1b2/0x21f0 (KASAN repo...

7.8CVSS5.9AI score0.00143EPSS
CVE
CVE
added 2025/09/05 5:21 p.m.26 views

CVE-2025-39719

CVE-2025-39719 reports a Linux kernel vulnerability in iio: imu: bno055 where an out-of-bounds access could occur due to iterating the hw_xlate array with the length of vals instead of hw_xlate. The fix adds a hw_xlate_len field to the bno055_sysfs_attr to ensure correct bounds during bno055_get_...

7.1CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.26 views

CVE-2025-39750

Technical details for CVE-2025-39750 are not provided in the supplied documents. No affected products, root cause, or fixes are disclosed here. Monitor for updates in forthcoming advisories or vendor bulletins.

7.1CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.26 views

CVE-2025-39779

Summary: CVE-2025-39779 is a Linux kernel vulnerability in btrfs subpage handling. The issue occurs when btrfs_subpage_set_writeback() clears the PAGECACHE_TAG_TOWRITE tag on a folio that still has dirty blocks, breaking WB_SYNC_ALL/ordering guarantees and potentially causing a failure (e.g., an ...

5.5CVSS6AI score0.00134EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.26 views

CVE-2025-39834

CVE-2025-39834 : In the Linux kernel, a memory leak occurs in the mlx5 HWS path under the error flow of hws_action_get_shared_stc_nic when an invalid stc_type is provided. The function allocates memory for shared_stc but jumps to unlock_and_out without freeing it, causing a leak. The patch fixes ...

5.5CVSS6.1AI score0.00119EPSS
CVE
CVE
added 2025/09/23 6:0 a.m.26 views

CVE-2025-39882

CVE-2025-39882 affects the Linux kernel DRM/mediatek path. The issue originated from for_each_child_of_node() handling that drops a node reference during iteration, leading to a use-after-free when an extra reference decrement was applied on each loop iteration. The fix removes this bogus referen...

7.8CVSS6.1AI score0.00138EPSS
CVE
CVE
added 2025/10/01 7:42 a.m.26 views

CVE-2025-39891

CVE-2025-39891 (Linux kernel) affects the wifi: mwifiex driver. The chan_stats[] memory is allocated with vmalloc() and not zeroed, and the array is only partially initialized in mwifiex_update_chan_statistics(). This can allow an information leak if data hasn’t been filled before a user query vi...

7.1CVSS5.9AI score0.00152EPSS
CVE
CVE
added 2025/10/01 7:44 a.m.26 views

CVE-2025-39914

CVE-2025-39914 affects the Linux kernel tracing subsystem. The issue occurs when a fault injection triggers a failure during chunk allocation in trace_pid_list_alloc, causing trace_pid_list_set to fail and potentially trigger a double registration of the same tracepoint (tracepoint_add_func). The...

5.5CVSS6.3AI score0.00154EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.26 views

CVE-2025-39943

CVE-2025-39943 affects the Linux kernel’s ksmbd smb_direct_data_transfer path. The vulnerability arises if data_offset or data_length in smb_direct_data_transfer are invalid, enabling an out-of-bounds condition. The cited patch adds validation in recv_done to guard against invalid offsets/lengths...

7.1CVSS6.2AI score0.0014EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.26 views

CVE-2025-39952

CVE-2025-39952: In the Linux kernel, the wifi wilc1000 driver had a buffer overflow in WID string configuration (wlan_cfg.c:184) due to __memcpy() with 512 vs 65537. The patch adds length checks before memory access, basing limits on the WID data type from firmware (struct wilc_cfg_str_vals/struc...

7.8CVSS6.6AI score0.00158EPSS
CVE
CVE
added 2025/10/09 12:13 p.m.26 views

CVE-2025-39963

CVE-2025-39963 is a Linux kernel vulnerability related to io_uring: in io_link_skb, prev_notif could be computed using the wrong value (nd instead of prev_nd), causing a context validation check to compare the current notification with itself. The issue is fixed by using the correct prev_nd when ...

7.8CVSS6AI score0.00141EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.26 views

CVE-2025-71086

Technical details for CVE-2025-71086 are not publicly available in the provided documents. Monitor for updates from official advisories; the initial description mentions a Linux kernel fix in net rose_kill_by_device but no product/version specifics are provided here.

7.8CVSS5.9AI score0.0012EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.26 views

CVE-2025-71093

Technical details for CVE-2025-71093 are not provided in the connected documents. The Initial Description mentions an OOB read in e1000_tbi_should_accept() and a fix. Monitor for updates.

7.1CVSS6AI score0.00117EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.26 views

CVE-2025-71099

Technical details for CVE-2025-71099 are not publicly available in the provided documents; monitor for updates.

7.8CVSS5.8AI score0.00115EPSS
CVE
CVE
added 2026/01/14 3:6 p.m.26 views

CVE-2025-71116

CVE-2025-71116 is a Linux kernel issue affecting libceph: the decoding of osdmap envelopes (decode_pool) could perform out-of-bounds reads if the encoded length is too short for the encoding version. The connected sources indicate the fix adds explicit bounds checks for each decoded/skipped field...

7.1CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2026/01/31 11:38 a.m.26 views

CVE-2025-71182

CVE-2025-71182 is a Linux kernel vulnerability in the CAN j1939 subsystem where j1939_session_activate() could succeed after a netdevice unregister, due to race conditions around NETDEV_UNREGISTER handling. The issue is addressed by a kernel patch that ensures ndev->reg_state is checked with t...

5.5CVSS5.8AI score0.00156EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.26 views

CVE-2025-71220

Technical details about CVE-2025-71220 (affected product/component/version, root cause, impact, fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

7.8CVSS5.2AI score0.0013EPSS
CVE
CVE
added 2026/05/27 12:14 p.m.26 views

CVE-2025-71305

The provided connected sources confirm a concrete fix for CVE-2025-71305 in the Linux kernel DRM MST path. The vulnerability arose in drm/display/dp_mst_topology where, on timeslot release after a DP 2.1 monitor disconnect, the VCPI can become 0 and code could compute a payload mask as ~BIT(vcpi-...

5.5CVSS5.8AI score0.00156EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.26 views

CVE-2026-23000

CVE-2026-23000 concerns the Linux kernel mlx5e driver. The issue occurs when mlx5e_netdev_change_profile fails to attach a new profile and then cannot rollback to the old one, leaving a dangling netdev with a reset priv. A second change-profile attempt (e.g., via switchdev) can crash when derefer...

5.5CVSS5.3AI score0.0015EPSS
CVE
CVE
added 2026/01/31 11:38 a.m.26 views

CVE-2026-23015

CVE-2026-23015 relates to the Linux kernel gpio_mpsse driver: a reference leak in gpio_mpsse_probe() error paths due to usb_get_dev() not being released. The fix uses device-managed helper functions and removes the usb_put_dev() call in the disconnect path, allowing automatic release of the refer...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/01/31 11:39 a.m.26 views

CVE-2026-23020

CVE-2026-23020 is a Linux kernel issue affecting the 3com 3c59x driver. The vulnerability stems from a potential NULL dereference in vortex_probe1(), where a null pdev could lead to a NULL dereference and later calls to free_ring. The vulnerability was fixed in the upstream kernel as part of the ...

5.5CVSS5.7AI score0.00115EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.26 views

CVE-2026-23062

The CVE-2026-23062 issue is in the Linux kernel platform/x86 hp-bioscfg code. The root cause is twofold: an off-by-one error in a loop using <= instead of

5.5CVSS5.3AI score0.00122EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.26 views

CVE-2026-23104

CVE-2026-23104 describes a Linux kernel ice driver issue where devlink reload can trigger a call trace due to mismatched cleanup of the internal hwmon state. The root cause is that ice_hwmon_init() is invoked during feature init and ice_hwmon_exit() was tied to ice_remove(), which could leave a d...

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.26 views

CVE-2026-23126

CVE-2026-23126 affects the Linux kernel netdevsim driver. It describes a race on the bpf_bound_progs list between nsim_bpf_create_prog() (list_add_tail) and nsim_bpf_destroy_prog() (list_del), which can corrupt the list and trigger a kernel crash (kernel BUG at lib/list_debug.c). The proposed rem...

4.7CVSS5.3AI score0.00086EPSS
CVE
CVE
added 2026/02/14 3:14 p.m.26 views

CVE-2026-23133

Technical details for CVE-2026-23133 are not publicly provided in the connected documents; the Ubuntu advisories reference it among others but do not expose affected product, impact, or patch specifics. Monitor for updates.

5.5CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2026/02/14 3:22 p.m.26 views

CVE-2026-23140

CVE-2026-23140 is a Linux kernel vulnerability resolved in kernel patches related to BPF/XDP handling. The issue arises in bpf_test_run where the metadata size isn’t constrained by the actual xdp_frame headroom, allowing a userspace-supplied metadata size that can exhaust headroom. In live packet...

5.5CVSS5.3AI score0.00122EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.26 views

CVE-2026-23161

CVE-2026-23161 affects the Linux kernel's mm/shmem, swap handling. The bug stems from a race between truncate and swap entry split: the code uses xa_get_order without lock protection to determine the swap entry order and then calls xa_cmpxchg_irq, which can use an outdated order if the entry was ...

7.3CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.26 views

CVE-2026-23173

CVE-2026-23173 affects the Linux kernel mlx5e driver (TC flow offload). The issue arises when deleting TC steering flows: the code previously iterated over all possible ports, potentially touching non-existent peers and risking a NULL pointer dereference. The fix ensures cleanup only occurs for d...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/03/18 5:41 p.m.26 views

CVE-2026-23259

CVE-2026-23259 affects the Linux kernel io_uring/rw path. The issue arises when a read/write request with an allocated iovec attached fails to be placed into rw_cache, leaving an unaccounted iovec pointer. The fix makes io_rw_recycle() return whether the request was recycled, and uses that result...

5.5CVSS5.7AI score0.001EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.26 views

CVE-2026-23313

CVE-2026-23313 : In the Linux kernel, a preempt-count leak was fixed in the i40e driver by replacing get_cpu() with smp_processor_id() in the napi poll tracepoint assignment. The leak occurred because put_cpu() was not invoked to undo the cpu reference, as illustrated by preempt_count traces. The...

5.5CVSS5.6AI score0.00122EPSS
CVE
CVE
added 2026/03/29 12:55 p.m.26 views

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

5.5CVSS5.8AI score0.0009EPSS
CVE
CVE
added 2026/04/01 8:36 a.m.26 views

CVE-2026-23405

CVE-2026-23405 concerns the Linux kernel AppArmor feature where policy namespaces could be nested arbitrarily deep, potentially exhausting system resources. The vulnerability arises because policy namespaces were not bounded by the user namespace depth, and are not strictly tied to user namespace...

5.5CVSS5.7AI score0.00181EPSS
CVE
CVE
added 2026/04/02 11:40 a.m.26 views

CVE-2026-23413

The CVE-2026-23413 entry concerns the Linux kernel: a use-after-free in the clsact qdisc during init/destroy rollback caused by asymmetrical initialization between ingress and egress sides. A failed replacement during clsact_init() (e.g., via tcf_block_get_ext()) could leave both ingress and egre...

7.8CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.26 views

CVE-2026-23440

CVE-2026-23440 is a Linux kernel vulnerability in the net/mlx5e IPSec ESN update path. A race condition could cause the ESN wrap event to be processed twice: after validating the event, the driver updates the kernel xfrm state and the lock is temporarily released, risking incorrect ESN high-order...

7.5CVSS5.7AI score0.00206EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.26 views

CVE-2026-23444

CVE-2026-23444 has been addressed in the Linux kernel by fixing skb ownership handling in wifi/mac80211. The patch adds kfree_skb() in the ieee80211_tx_prepare_skb() failure path to ensure all error paths free the skb, and removes redundant frees in callers (ath9k, mt76, mac80211_hwsim). The func...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.26 views

CVE-2026-23458

The CVE-2026-23458 entry describes a Linux kernel netfilter use-after-free in ctnetlink_dump_exp_ct(). The code stores a conntrack pointer in cb->data for the netlink dump callback (ctnetlink_exp_ct_dump_table()) and drops the conntrack reference after netlink_dump_start(), so multi-round dump...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/04/03 3:16 p.m.26 views

CVE-2026-31397

CVE-2026-31397 relates to the Linux kernel memory management path mm/huge_memory move_pages_huge_pmd(), where the huge zero page branch used a NULL src_folio, causing a bogus PFN (or NULL dereference on some memory models) when constructing PMDs. The fix uses page_folio(src_page) to obtain a vali...

7.8CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.26 views

CVE-2026-31473

The CVE-2026-31473 affects the Linux kernel media subsystems (mc, v4l2). A race can occur when MEDIA_REQUEST_IOC_REINIT runs concurrently with VIDIOC_REQBUFS queue teardown, risking use-after-free of request objects. The root cause is lack of serialization across these paths; it is addressed by e...

7.8CVSS5.6AI score0.00126EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.26 views

CVE-2026-31480

CVE-2026-31480 concerns a Linux kernel deadlock in CPU hotplug when tracing with osnoise. The vulnerability arises from a lock-ordering issue: a mutex_lock on interface_lock is taken while osnoise_sleep() and subsequent actions hold cpu hotplug state, followed by cpus_read_lock(), which can cause...

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.26 views

CVE-2026-31495

The CVE-2026-31495 entry concerns the Linux kernel’s netfilter ctnetlink path. The issue stems from missing netlink policy range checks, allowing invalid values to slip through due to manual range validation in CTA_PROTOINFO_TCP_STATE, WSCALE, and related flags. The documented impact notes that c...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.26 views

CVE-2026-31527

The CVE-2026-31527 issue affects the Linux kernel’s driver core platform path, where during __driver_attach() the bus match() callback could access the driver_override field without proper locking, causing a Use-After-Free. Root cause: lack of locking around driver_override in match(); fix implem...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.26 views

CVE-2026-31576

CVE-2026-31576 affects the Linux kernel hackrf driver. A race condition allows use-after-free and double-free when memory for the hackrf device is freed on the error path after probe() has registered the device. Open file descriptors and in-flight I/O can still reference the device while v4l2/vid...

7.8CVSS5.5AI score0.00128EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.26 views

CVE-2026-31616

The CVE-2026-31616 entry concerns a Linux kernel USB gadget Phonet function vulnerability. A malicious USB host can overflow the skb_shared_info->frags[] array in the pn_rx_complete() path by sending an unbounded sequence of full-page OUT transfers. The host filling req->length with PAGE_SI...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.26 views

CVE-2026-31648

Summary of CVE-2026-31648 (Linux kernel) • Affects the kernel vulnerability in filemap handling: nr_pages overflow in filemap_map_pages() can cause set_pte_range() to map beyond the size of a large folio, potentially corrupting page metadata. • Root cause (as documented): race condition between f...

7.8CVSS5.5AI score0.0012EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.26 views

CVE-2026-31663

The CVE-2026-31663 vulnerability affects the Linux kernel xfrm subsystem, where a race between asynchronous crypto completion and device teardown could lead to using a freed dev reference. The fix changes the reference handling: the dev ref is no longer released on async resume entry and is inste...

7.8CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.26 views

CVE-2026-31667

CVE-2026-31667 concerns the Linux kernel’s uinput and ff-core, where a circular locking dependency could cause a local deadlock when a force-feedback gamepad is used. The concrete sequence involves four lock paths that form a cycle: ff->mutex, udev->mutex, input_mutex, dev->mutex, and ba...

7.8CVSS5.6AI score0.00096EPSS
CVE
CVE
added 2026/04/25 8:47 a.m.26 views

CVE-2026-31684

The CVE-2026-31684 issue is in the Linux kernel’s net/sched pathology (act_csum) where tcf_csum_act() reads nested VLAN headers directly from skb->data if the payload contains VLAN tags, and may read VLAN_HLEN bytes before guaranteeing the full header is present. The root cause is that the cod...

5.5CVSS5.5AI score0.00117EPSS
Total number of security vulnerabilities14330