14330 matches found
CVE-2023-53378
Summary (CVE-2023-53378): A Linux kernel issue in the i915 driver where the DPT backing object (DPT BO) for a framebuffer was not treated as a framebuffer by i915_gem_object_is_framebuffer(). This allowed the shrinker to evict the DPT BO while the actual FB BO remained bound, potentially causing ...
CVE-2023-53384
CVE-2023-53384 affects the Linux kernel wifi driver (mwifiex). The vulnerability is a possible NULL pointer dereference in mwifiex_handle_uap_rx_forward due to not verifying skb_copy() result, potentially dereferencing skb in mwifiex_uap_queue_bridged_pkt. The patch adds a check for skb_copy() re...
CVE-2023-53385
The CVE-2023-53385 issue relates to the Linux kernel: media: mdp3: Fix resource leaks in of_find_device_by_node. The fix adds release of the object obtained via of_find_device_by_node using put_device to prevent leaks. Public references point to upstream commits implementing this change. If explo...
CVE-2023-53393
CVE-2023-53393 affects the Linux kernel RDMA mlx5 subsystem. The root cause is incorrect port_num handling in mlx5_ib_get_hw_stats() for device (port_num = 0), with downstream code assuming port_num >= 1, which can trigger a page fault (oops) as shown in the provided trace. The fix sets port_n...
CVE-2023-53427
CVE-2023-53427 is a Linux kernel CIFS issue described in Unity Linux advisories. The vulnerability stems from not initializing MR recovery work when MR allocation fails, which can lead to a warning and use-after-free when releasing MRs. The advisory states the fix is to initialize the MR recovery...
CVE-2023-53432
CVE-2023-53432 : Linux kernel vulnerability in the FireWire net path (firewire: net: fix use after free in fwnet_finish_incoming_packet()). The netif_rx() path frees the skb, so dereferencing skb->len could use freed memory. The incident is reported as resolved in the provided description; no ...
CVE-2023-53438
CVE-2023-53438 : In the Linux kernel, the AMD Zen IF poison error path could misclassify context due to non-synchronous delivery of poison by the IF unit. The issue is mitigated by adding a quirk to always save the Code Segment (CS) register when poison is consumed from the IF unit banks, ensurin...
CVE-2023-53446
CVE-2023-53446 is a Linux kernel issue affecting PCI/ASPM handling for multi-function devices (MFD). The root cause is a use-after-free: pcie_link_state->downstream pointed to the function’s pci_dev and was not cleared when function 0 was removed, leading to dereference during ASPM policy chan...
CVE-2023-53488
CVE-2023-53488 (Linux kernel) : The vulnerability affects the IB/hfi1 InfiniBand driver. During hotplug removal, a pending update-counters work could run after memory is freed, causing a possible kernel panic. The fix cancels the update-counters work before freeing memory. Evidence in the securit...
CVE-2023-53491
CVE-2023-53491 affects the Linux kernel: start_kernel now uses the __no_stack_protector attribute to control per-function stack-protector omission. The issue arises because boot_init_stack_canary must be compiled with stack protector unless -fno-stack-protector is used; otherwise the canary in th...
CVE-2023-53515
CVE-2023-53515 affects the Linux kernel virtio-mmio subsystem. The issue stems from allocating vm_dev with devres, which breaks the vm_dev lifecycle tied to a struct device; when the platform_device is removed, the memory is freed before vm_dev release, causing a use-after-free when the release c...
CVE-2023-53523
Technical details for CVE-2023-53523 are not publicly provided in the connected documents; no specific affected products, versions, risks, or fixes are listed beyond the initial description. Monitor for updates.
CVE-2023-53626
CVE-2023-53626 : In the Linux kernel, the vulnerability is in the ext4 code and is caused by a possible double unlock when moving a directory. Affected component is ext4 within the kernel, with fixes committed in the upstream kernel (see references to stable kernel patches). The EulerOS/OSS advis...
CVE-2023-53647
The CVE-2023-53647 issue in the Linux kernel arises from an ACPI namespace traversal in the Hyper-V VMBus driver (hv_vmbus). If Hyper-V MMIO ranges cannot be found, the code may dereference the ACPI namespace root object (which has an all-ones handle), causing a NULL pointer dereference and an oo...
CVE-2023-53680
CVE-2023-53680 affects the Linux kernel NFSD component: nfsd4_decode_compound may call OPDESC() with opnum == OP_ILLEGAL (10044), leading to out-of-bounds access in nfsd4_ops[]. The vulnerability has been resolved by a kernel fix (commits referenced in the advisory). Connected advisories from Eul...
CVE-2025-38357
CVE-2025-38357 concerns the Linux kernel fuse implementation emitting a runtime warning during truncate_folio_batch_exceptionals(). Public details indicate the WARN_ON_ONCE path was added in truncate_folio_batch_exceptionals() and that fixes were already applied to xfs and ext4 via commit 0e2f80a...
CVE-2025-38596
The CVE-2025-38596 entry concerns a Linux kernel UAF in the panthor_gem_create_with_handle() debugfs path. The issue stems from handling drm_gem_object life cycle where an object could be considered initialized or added to debugfs after it was potentially released via drm_gem_object_put(). The fi...
CVE-2025-38599
CVE-2025-38599 : The connected records confirm a Linux kernel vulnerability in the wifi/mt76 stack for the mt7996 device family. Affected component: kernel networking stack (mt7996_tx function). Root cause: Out-of-bounds access in mt7996_tx() when link_id is set to IEEE80211_LINK_UNSPECIFIED. Imp...
CVE-2025-38600
CVE-2025-38600 : In the Linux kernel, a vulnerability in wifi/mt76/mt7925 was fixed: an off-by-one error in mt7925_mcu_hw_scan() where the ssid->ssids[] and sreq->ssids[] arrays (MT7925_RNR_SCAN_MAX_BSSIDS) could trigger an out-of-bounds access. The root cause is the comparison (>=) whic...
CVE-2025-38607
CVE-2025-38607 relates to the Linux kernel BPF_JSET conditional jump; verifier.c:can_jump() could miscompute live registers and SCC during CFG analysis, potentially affecting correctness of analysis. The issue was resolved by handling jset jumps in CFG computation. Affected component: BPF/JSET ha...
CVE-2025-39674
CVE-2025-39674 affects the Linux kernel scsi: ufs: ufs-qcom path. Root cause: a regression from removing MSI descriptor abuse caused a NULL pointer dereference when Platform MSI allocation fails while configuring ESI, due to cleanup using __free() on resources that were never allocated. The issue...
CVE-2025-39695
CVE-2025-39695 affects the Linux kernel RDMA/rxe path. The issue arises when skb packets that depend on RXE resources (e.g., QP, sk) are destroyed while RXE resources are being released, causing call traces. The patch adds a timestamp when skb packets are created to avoid skb packets hanging in s...
CVE-2025-39722
The CVE-2025-39722 issue is in the Linux kernel crypto/caam suspend path for iMX8QM/iMX8ULP SoCs. Root cause: CAAM register access during suspend is reserved by SECO/OPTEE, causing suspend-time crashes unless page 0 is protected; a new state variable no_page0 tracks external reservations, and sus...
CVE-2025-39736
CVE-2025-39736 : In the Linux kernel, a deadlock can occur in kmemleak when netpoll is enabled because pr_warn_once() may be called while holding kmemleak_lock, potentially triggering netpoll and reacquiring the lock. The fix moves the pr_warn_once() call out of the locked region by setting a fla...
CVE-2025-39745
CVE-2025-39745 relates to the Linux kernel rcutorture code path in PREEMPT_RT builds. The issue manifests as a splat in rcutorture_one_extend_check() during RT testing due to an interaction with preempt_count/softirq handling; Debian/OSS and OSV/NVD records indicate the vulnerability has been res...
CVE-2025-39821
CVE-2025-39821 (Linux kernel perf - UBSAN risk) The issue is a logic flaw in perf event throttling where a group’s disabled member in PERF_EVENT_STATE_OFF could be throttle-started/stoppped, causing PMU drivers to receive an event with hw.idx = -1. This negative index is used as a shift exponent ...
CVE-2025-39827
CVE-2025-39827 concerns the Linux kernel net/rose subsystem: the rose_neigh refcounting used two separate counters (count from rose_node and use from rose_sock). The patch merges these into a single refcount (use) and updates rose_rt_free(), rose_rt_device_down(), and rose_clear_route() to releas...
CVE-2025-39829
CVE-2025-39829 is a Linux kernel issue in the trace/fgraph path. The vulnerability arises from a notifier that is not unregistered after a failed start_graph_tracing, causing a repeated warning when writing to function_profile_enabled. The connected Nessus entries confirm the concrete details: th...
CVE-2025-39839
CVE-2025-39839 (Linux kernel) : In batman-adv network-coding decode, batman-adv NC code decodes skb data by XORing with coded_len without verifying the source skb length, only checking payload against destination skb length. This can produce a local out-of-bounds read and a small out-of-bounds wr...
CVE-2025-39846
CVE-2025-39846 : In the Linux kernel, a NULL pointer dereference could occur in PCMCIΑ code during resource allocation. Specifically, __iodyn_find_io_region() assigns pcmcia_make_resource() to res and uses it in pci_bus_alloc_resource(); if pcmcia_make_resource() fails, a dereference of res could...
CVE-2025-39905
The CVE-2025-39905 issue affects the Linux kernel phylink path: the race arises from phylink_resolve() manipulating pl->phydev under pl->state_mutex, creating a lock-order inversion with pl->phydev->lock. The fix introduces an explicit lock to serialize concurrent writes to pl->phy...
CVE-2025-39918
CVE-2025-39918 is a Linux kernel issue affecting the wifi mt76 driver: fix for linked list corruption caused by not leaving scheduled wcid entries on the temporary on-stack list. Multiple advisories (AlmaLinux/Rocky/Oracle Linux) reference this CVE among kernel issues; the available documents des...
CVE-2025-39967
CVE-2025-39967 affects the Linux kernel, specifically a vulnerability in fbcon_do_set_font where integer overflow in font size calculations could occur when processing user-controlled parameters. The issue stems from unsafe size calculations in CALC_FONTSZ(h, pitch, charcount) and related allocat...
CVE-2025-40090
CVE-2025-40090 concerns ksmbd in the Linux kernel. The vulnerability stems from a recursive locking issue: ksmbd_session_rpc_method() attempts to lock sess->rpc_lock, while a caller may already hold it for a write, causing a deadlock with ksmbd_rpc_open and related paths when a client opens a ...
CVE-2025-40149
CVE-2025-40149 affects the Linux kernel TLS path: get_netdev_for_sock() could trigger a use-after-free if sk_dst_get(sk)->dev is used during setsockopt(). The fix replaces sk_dst_get() with __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(), and notes that the only user of ->ndo_sk_g...
CVE-2025-68351
The CVE-2025-68351 issue is in the Linux kernel exfat code, specifically a refcount leak in exfat_find. The root cause is that exfat_get_dentry_set increments es->bh on success but the corresponding exfat_put_dentry_set may not be consistently invoked, leading to leaks. The patch relocates two...
CVE-2025-71068
CVE-2025-71068 concerns the Linux kernel: svcrdma path bound-check bug in inline path when indexing rqstp->rq_pages[rc_curpage] without ensuring rc_curpage is within allocated bounds. The description notes that guards were added before first use and after advancing to a new page, addressing th...
CVE-2025-71088
CVE-2025-71088 affects the Linux kernel’s mptcp implementation. Syzkaller reported a simult-connect race in net/mptcp/subflow.c where a TCP subflow can process a simult-ack after transitioning to TCP_FIN1, bypassing the MPTCP fallback check and leaving the socket in an inconsistent state; this ca...
CVE-2025-71137
CVE-2025-71137 relates to the Linux kernel, where the octeontx2-pf driver patch fixes a UBSAN shift-out-of-bounds error by ensuring the RX ring size (rx_pending) is not set below the permitted length. This prevents UBSAN faults when users pass small or zero ring sizes via ethtool -G. The fix is a...
CVE-2025-71141
CVE-2025-71141 (Linux kernel) affects the DRM tilcdc path. The root cause was that drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() were invoked unconditionally in tilcdc_fini(), even when the device failed to register, causing probe-time warnings. The fix rewrites the failed probe cle...
CVE-2025-71150
CVE-2025-71150 relates to a Linux kernel KSMD (ksmbd) refcount leak: when a session is found during session lookup but SMB2_SESSION_VALID is not set, the reference count for that session is not decremented. The patch fixes this by explicitly calling ksmbd_user_session_put to release the reference...
CVE-2025-71285
Summary of the CVE-2025-71285 cluster: The Linux kernel’s net/qrtr MHI auto_queue feature for IPCR DL channels is being removed. The race occurs when the MHI stack can call the DL path callback before the QRTR client driver is fully initialized, risking NULL pointer dereferences. The fix disables...
CVE-2025-71311
The CVE-2025-71311 entry affects the Linux kernel fs/ntfs3 subsystem. The vulnerability arises when new folios (memory pages) are allocated for NTFS3 without being marked uptodate, and ni_read_frame() is skipped because the caller expects a frame to be fully overwritten; this can leave parts of f...
CVE-2026-22988
CVE-2026-22988 affects the Linux kernel’s arp handling, specifically the assumption that skb->head remains unchanged after dev_hard_header() in arp_create(). The issue arises when a recent commit altered skb->head, breaking that assumption. The publicly provided description and OpenVAS/Ness...
CVE-2026-23007
CVE-2026-23007 affects the Linux kernel: the auto-generated integrity buffer for writes could leave the non-PI portion of metadata uninitialized when PI is generated and the metadata size exceeds the PI tuple. This could allow reading uninitialized memory from userspace or via physical access to ...
CVE-2026-23010
CVE-2026-23010 is a Linux kernel use-after-free affecting inet6_addr_del() in IPv6 address deletion. The issue arises from the commit that moved ipv6_del_addr() for temporary addresses before reading the ifp->flags, causing a UAF in inet6_addr_del() when handling inet6_ifaddr during address de...
CVE-2026-23012
CVE-2026-23012 affects the Linux kernel (mm/damon/core): a use-after-free in damon_call_control handling when a DAMON context is inactive. If damon_call() runs against a non-running context, the call returns an error but the damon_call_control object remains linked to the context’s call_controls ...
CVE-2026-23017
CVE-2026-23017 affects the Linux kernel idpf driver. Root cause: if init_task fails during driver load, vports/netdevs are not created and a reset can crash while service/mailbox tasks run. Fix: in the init_task error path, disable service/mailbox tasks and stop PTP callbacks; ensures proper clea...
CVE-2026-23063
CVE-2026-23063 pertains to the Linux kernel, specifically the UACCE accelerator framework. The issue arises in the queue release path for uacce_queue when resources could be freed concurrently (e.g., during poweroff -f with accelerators still active). The root cause is unsafe sequencing of operat...
CVE-2026-23067
CVE-2026-23067 centers on an integer signedness bug in the Linux kernel’s ARM IOMMU path (io-pgtable-arm). __arm_lpae_unmap() returned a size_t (unsigned) but could yield -ENOENT on error, turning into a large positive value on 64-bit systems and propagating through the call chain to __iommu_unma...