13804 matches found
CVE-2025-39775
CVE-2025-39775: In the Linux kernel, mm/mremap: fix WARN with uffd that has remap events disabled. Root cause: during an mremap recovery, recursion recurses on the original page-table move but not the recovery move, triggering a WARN in mremap.c. The fix adds a double-VMAs PMD/PUD level check (be...
CVE-2025-39784
CVE-2025-39784 is a Linux kernel PCIe issue resolved by masking non-speed bits in PCIE_LNKCTL2_TLS2SPEED() (and PCIE_LNKCAP_SLS2SPEED()) when retraining a PCIe link. The bug caused incorrect speed values to be interpreted from the Link Control 2 register, producing PCI_SPEED_UNKNOWN (0xff) and tr...
CVE-2025-39804
CVE-2025-39804 pertains to the Linux kernel (arm64) where lib/crypto/poly1305 could corrupt SIMD/general-purpose registers in no-SIMD contexts, potentially producing incorrect MACs. The fix restores a safety check to ensure Poly1305 calls do not rely on unusable SIMD state, using may_use_simd() i...
CVE-2025-39821
CVE-2025-39821 (Linux kernel perf - UBSAN risk) The issue is a logic flaw in perf event throttling where a group’s disabled member in PERF_EVENT_STATE_OFF could be throttle-started/stoppped, causing PMU drivers to receive an event with hw.idx = -1. This negative index is used as a shift exponent ...
CVE-2025-39856
CVE-2025-39856 concerns the Linux kernel network driver for TI am65 CPSW-NUSS (CPSW2G) where, in the TX completion path, the variable ndev may be accessed before initialization if no TX packets have been processed. This can cause a null pointer dereference and kernel crash. Affected component: ne...
CVE-2025-39879
CVE-2025-39879 pertains to the Linux kernel Ceph code path. The issue revolves around ceph_process_folio_batch() leaving folio_batch entries as NULL, an illegal state that could lead to crashes if folio_batch_release() dereferences them. The documented root cause describes that earlier code inten...
CVE-2025-39910
CVE-2025-39910 affects the Linux kernel (mm/vmalloc, mm/kasan) where kasan_populate_vmalloc() and helpers ignore the caller’s GFP mask and always allocate with GFP_KERNEL, diverging from vmalloc() which supports GFP_NOFS/GFP_NOIO. Page table allocations during shadow population also ignore the ex...
CVE-2025-39940
CVE-2025-39940 concerns the Linux kernel’s dm-stripe component. A potential integer overflow can occur in stripe_io_hints when the chunk size is too large. The fix tests for an overflow and, if detected, avoids setting limits->io_min and limits->io_opt. This mitigates a local-privilege vect...
CVE-2025-39958
CVE-2025-39958 concerns the Linux kernel IOMMU on s390: when a PCI device is surprise-removed, teardown may still attempt to attach to the default domain, causing zpci_register_ioat() to fail and s390_iommu_attach_device() to error out. The fix changes the attach path to proceed as if registratio...
CVE-2025-39963
CVE-2025-39963 is a Linux kernel vulnerability related to io_uring: in io_link_skb, prev_notif could be computed using the wrong value (nd instead of prev_nd), causing a context validation check to compare the current notification with itself. The issue is fixed by using the correct prev_nd when ...
CVE-2025-71080
CVE-2025-71080 involves a race in the Linux kernel on PREEMPT_RT where rt6_get_pcpu_route() may return NULL and allow another task on the same CPU to install a pcpu_rt entry, causing a later cmpxchg() failure and a BUG_ON(prev). The fix makes the cmpxchg() failure graceful by freeing the allocati...
CVE-2025-71090
CVE-2025-71090 describes a Linux kernel NFS daemon leak in nfsd4_add_rdaccess_to_wrdeleg(). The function overwrites fp->fi_fds[O_RDONLY] with a new nfsd_file even when a SHARE_ACCESS_READ is already open, thereby orphaning the prior reference. It previously stored the same nfsd_file pointer in...
CVE-2025-71092
Summary : The CVE-2025-71092 entry corresponds to a Linux kernel issue in RDMA/bnxt_re where an OOB write occurred during hw_stats allocation in bnxt_re_copy_err_stats(). The root cause was that three counters (BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, BNXT_RE_RESP_REMOTE_ACCESS_ERRS) were a...
CVE-2025-71095
CVE-2025-71095 concerns a crash in the Linux kernel’s net: stmmac path when using zero-copy XDP_TX. The root cause is that stmmac_xdp_xmit_back() always treated the xdp_buff as a page-pool memory type, regardless of whether the xdp_buff originated from a page pool or a zero-copy XSK pool, leading...
CVE-2025-71096
Summary (CVE-2025-71096) : The Linux kernel RDMA core netlink path handling RDMA_NL_LS_OP_IP_RESOLVE could return a DGID-less response, risking an uninitialized read on the stack. The fix ensures the LS_NLA_TYPE_DGID attribute is present, uses nla_parse_deprecated() to populate nlattrs, and then ...
CVE-2025-71121
CVE-2025-71121 relates to the Linux kernel’s parisc/ASP chip handling: attempting to reprogram CPU affinity on HP 730 hardware could crash with an HPMC because registers aren’t at the expected location. The fix avoids the crash by checking the sversion, and notes that reprogramming isn’t needed f...
CVE-2025-71122
CVE-2025-71122 concerns Linux kernel iommufd/selftest: overflow in IOMMU_TEST_OP_ADD_RESERVED, discovered by syzkaller and fixed by validating the user input length in the test ioctl. Affects test kernels with CONFIG_IOMMUFD_TEST; no exploitation details provided in the available documents.
CVE-2025-71127
Mode C: CVE-2025-71127 affects the Linux kernel’s wifi/mac80211 beacon handling: unicast Beacon frames sent to non-broadcast addresses could bypass beacon protection when Protected Frame bit is 1. The public description states that such frames can be dropped by a generic check on A1=unicast, prev...
CVE-2025-71128
CVE-2025-71128 is a Linux kernel vulnerability affecting GRE ERSPAN processing. The issue stems from the ip_tunnel_info structure’s flexible array member options, protected by a count options_len, where the counter must be initialized before first referencing options. The GRE ERSPAN code performe...
CVE-2025-71133
The CVE-2025-71133 entry concerns the Linux kernel RDMA/irdma path, where irdma_net_event could dereference neigh (ptr) data before confirming NETEVENT_NEIGH_UPDATE. The code fix moves neigh->dev access under the NETEVENT_NEIGH_UPDATE case, preventing a potential out-of-bounds read reported by...
CVE-2025-71145
CVE-2025-71145 (Linux kernel) fixes a use-after-free-like race by correcting usb: phy: isp1301 to increment the I2C device reference count for non-OF (Open Firmware) paths as well as OF paths. The bug was a device reference imbalance in isp1301_get_client() where non-OF callers could not reliably...
CVE-2025-71163
CVE-2025-71163: In the Linux kernel DMA Engine idxd, the fix addresses device leaks by dropping the reference taken when looking up the idxd device during the compat bind/unbind sysfs interface. This is a kernel-level issue affecting the idxd component; the root cause is not detailed beyond the n...
CVE-2025-71184
CVE-2025-71184 affects the Linux kernel’s btrfs subsystem. The issue is a NULL dereference in btrfs_evict_inode() when tracing inode eviction because the root may be NULL. The fix ensures root is treated as 0 or delays tracing until the root is non-NULL, preventing a NULL dereference during evict...
CVE-2025-71191
Technical details for CVE-2025-71191 are not publicly available in the provided documents; monitor for official advisories for affected products and fixes.
CVE-2025-71201
CVE-2025-71201 concerns the Linux kernel netfs subsystem, specifically a race/logic issue in buffered reads where read results could be collected beyond the intended EOF due to an end-check that used the file end rather than the folio end. The vulnerability manifests during asynchronous subreques...
CVE-2025-71202
CVE-2025-71202 affects the Linux kernel IOMMU SVA coherency. A new IOMMU interface flushes IOTLB paging cache entries for the CPU kernel address space, invoked from x86 code before freeing and reusing kernel page tables. The issue allows an unprivileged local user to trigger stale IOTLB translati...
CVE-2025-71203
CVE-2025-71203 concerns the Linux kernel where a user-controlled syscall number could be used to index the syscall table, enabling potential data leakage via cache side channels. The mitigation is to clamp the index with array_index_nospec() after the bounds check to prevent speculative out-of-bo...
CVE-2025-71236
CVE-2025-71236: Linux kernel fix for scsi: qla2xxx: Validate sp before freeing associated memory. Root cause was a NULL pointer dereference in the qla2xxx fabric scan/error handling path, leading to a kernel crash. The issue is addressed by checking that sp is non-NULL before freeing memory; mult...
CVE-2025-71268
The CVE-2025-71268 issue is a Linux kernel vulnerability in btrfs where a reservation leak can occur on some error paths when inserting an inline extent. The root cause is that __cow_file_range_inline() may exit without freeing reserved qgroup data if allocation of a path or join of a transaction...
CVE-2025-71313
Summary (CVE-2025-71313) : In the Linux kernel PCI endpoint driver, there is a missing NULL check after alloc_workqueue(), which can return NULL on memory allocation failure. If a NULL workqueue pointer is later passed to queue_work() in epf_ntb_epc_init(), this can cause a NULL pointer dereferen...
CVE-2026-23016
The CVE concerns the Linux kernel’s conntrack/frag handling (inet: frags: drop fraglist conntrack references). A bug allows reassembled skb fragments to retain nf_conn references via frag_list, causing conntrack cleanup to block (hangs up to ~60s) when fragmentation/reassembly occurs (UDP/TCP pat...
CVE-2026-23061
Summary (CVE-2026-23061) : The Linux kernel CAN subsystem can: kvaser_usb_read_bulk_callback() leak URBs in kvaser_usb, leading to a memory leak. Root cause: the URBs for USB-in transfers are anchored to dev->rx_submitted when created and submitted, but the USB framework unanchors URBs before ...
CVE-2026-23067
CVE-2026-23067 centers on an integer signedness bug in the Linux kernel’s ARM IOMMU path (io-pgtable-arm). __arm_lpae_unmap() returned a size_t (unsigned) but could yield -ENOENT on error, turning into a large positive value on 64-bit systems and propagating through the call chain to __iommu_unma...
CVE-2026-23078
Technical details for CVE-2026-23078 are not provided in the connected documents. The initial description summarizes the buffer overflow fix in ALSA scarlett2 in Linux kernel; no vendor/product-specific impact or patch versions are specified here. Monitor for updates.
CVE-2026-23081
Summary: CVE-2026-23081 affects the Linux kernel intel-xway PHY driver, where an OF node reference-count leakage could occur. The root cause is improper management of Open Firmware (OF) node refcounts when checking the presence of the 'leds' child node. The fix adds a correct refcount maintenance...
CVE-2026-23082
Public technical details about CVE-2026-23082 are not provided in the supplied documents. Monitor for updates from vendors; no specifics on affected components, impact, or fixes can be stated from the given materials.
CVE-2026-23090
The CVE-2026-23090 entry concerns a Slimbus core device reference leak in the Linux kernel. The root cause is improper handling of device references when processing report-present messages, allowing dynamic Slimbus device allocations without correctly dropping references for previously registered...
CVE-2026-23120
Technical details for CVE-2026-23120 are not provided in the connected documents. The Initial Description summarizes the race but does not specify affected products or fixes. Monitor vendor advisories for concrete remediation guidance.
CVE-2026-23142
CVE-2026-23142 affects the Linux kernel component mm/damon/sysfs-scheme. The root cause is in the cleanup path when a DAMOS-scheme DAMON sysfs directory setup fails after creating access_pattern/; subdirectories under access_pattern/ are not cleaned up, leaving the DAMON sysfs interface partially...
CVE-2026-23145
Technical details for CVE-2026-23145 are not publicly available in the provided documents. The entries reference the CVE but do not disclose the affected product/version, root cause, impact, or remediation. Monitor for updates.
CVE-2026-23166
CVE-2026-23166 pertains to the Linux kernel ice driver. The issue arises from a NULL dereference in ice_vsi_set_napi_queues when rings[q_idx]->q_vector is NULL during resume from suspend. The fix adds NULL pointer checks for both the ring pointer and its q_vector in ice_vsi_set_napi_queues, en...
CVE-2026-23167
Technical details (affected product, component, version, root cause, and fix) are not publicly available in the provided connected documents. Monitor for updates to CVE-2026-23167 as more information becomes available.
CVE-2026-23170
CVE-2026-23170 affects the Linux kernel's DRM IMX TVE path; the root cause is a device reference leak to the DDC device during probe (including probe deferral) and on driver unbind. The trusted sources show the issue resolved in kernel updates, with Ubuntu/rootio-root packages (e.g., ROOT-OS-UBUN...
CVE-2026-23186
CVE-2026-23186 pertains to the Linux kernel hwmon driver for the ACPI power meter. The issue arises when acpi_power_meter_notify() calls hwmon_device_unregister() while holding a lock also acquired by sysfs callbacks, creating potential deadlocks between sysfs access and device removal. Fixes inc...
CVE-2026-23230
CVE-2026-23230 is a Linux kernel local race in the SMB/CIFS client code where cached_fid bitfields (is_open, has_lease, on_list) were updated via concurrent paths, causing read–modify–write races. The root cause is that these three flags shared a single byte, so an update to one could overwrite o...
CVE-2026-23235
CVE-2026-23235 (Linux kernel, f2fs) is a local, in-kernel vulnerability where certain f2fs sysfs attributes permit out-of-bounds memory access and misinterpretation of integer sizes. The root causes are: __sbi_store() and f2fs_sbi_show() incorrectly treat all default values as unsigned int, causi...
CVE-2026-23255
The connected Amazon Linux advisory confirms CVE-2026-23255 is a Linux kernel vulnerability where /proc/net/ptype lacked proper RCU protection. The fix adds an explicit device pointer tracking and ensures RCU-compliant reads in ptype_seq_show(), with full READ_ONCE protection in ptype_seq_next() ...
CVE-2026-23257
CVE-2026-23257 is a Linux kernel off-by-one cleanup bug affecting PF setup_nic_devices() in the liquidio path, linked to a memory leak. Connected advisories indicate Root:Ubuntu:24.04 and Ubuntu:22.04 have patched this CVE in the rootio-linux package, with multiple fixed versions available. The p...
CVE-2026-23264
The CVE-2026-23264 issue was resolved in the Linux kernel by reverting the change that checked ASPM status from the PCIe subsystem for AMD GPUs. This reversal addressed crashes that occurred when two AMD GPUs were present but only one supported ASPM. The fix is tied to a specific revert of a prev...
CVE-2026-23290
CVE-2026-23290 affects the Linux kernel’s USB pegasus driver: it validates endpoints before bind, preventing binding if the device lacks expected URBs. Exploitation is LOCAL with LOW PRV requirement; impact is a potential crash/denial due to access to endpoints. The issue has been fixed upstream ...