Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2026/01/25 2:36 p.m.25 views

CVE-2026-23010

CVE-2026-23010 is a Linux kernel use-after-free affecting inet6_addr_del() in IPv6 address deletion. The issue arises from the commit that moved ipv6_del_addr() for temporary addresses before reading the ifp->flags, causing a UAF in inet6_addr_del() when handling inet6_ifaddr during address de...

7.8CVSS5.2AI score0.00182EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.25 views

CVE-2026-23012

CVE-2026-23012 affects the Linux kernel (mm/damon/core): a use-after-free in damon_call_control handling when a DAMON context is inactive. If damon_call() runs against a non-running context, the call returns an error but the damon_call_control object remains linked to the context’s call_controls ...

7.8CVSS5.3AI score0.00151EPSS
CVE
CVE
added 2026/01/31 11:39 a.m.25 views

CVE-2026-23017

CVE-2026-23017 affects the Linux kernel idpf driver. Root cause: if init_task fails during driver load, vports/netdevs are not created and a reset can crash while service/mailbox tasks run. Fix: in the init_task error path, disable service/mailbox tasks and stop PTP callbacks; ensures proper clea...

5.5CVSS5.7AI score0.00132EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.25 views

CVE-2026-23063

CVE-2026-23063 pertains to the Linux kernel, specifically the UACCE accelerator framework. The issue arises in the queue release path for uacce_queue when resources could be freed concurrently (e.g., during poweroff -f with accelerators still active). The root cause is unsafe sequencing of operat...

5.5CVSS5.3AI score0.00123EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.25 views

CVE-2026-23067

CVE-2026-23067 centers on an integer signedness bug in the Linux kernel’s ARM IOMMU path (io-pgtable-arm). __arm_lpae_unmap() returned a size_t (unsigned) but could yield -ENOENT on error, turning into a large positive value on 64-bit systems and propagating through the call chain to __iommu_unma...

5.5CVSS5.3AI score0.00107EPSS
CVE
CVE
added 2026/02/04 4:7 p.m.25 views

CVE-2026-23068

CVE-2026-23068 (Linux kernel) : The spi-sprd-adi driver could double-free the spi_controller on probe failure due to using spi_alloc_host() with devm_spi_register_controller(), then falling through to spi_controller_put() when a restart handler registration failed. The fix switches to devm_spi_al...

7.8CVSS5.3AI score0.00129EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.25 views

CVE-2026-23085

CVE-2026-23085 affects the Linux kernel irqchip/gic-v3-its on 32-bit ARM with CONFIG_ARM_LPAE, where lowmem allocations could be backed by physical memory above 4 GB. The ITS driver stored a 32-bit address in an unsigned long, triggering truncation. The fix changes the itt_addr and related physic...

5.5CVSS5.1AI score0.00123EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.25 views

CVE-2026-23114

Summary (CVE-2026-23114) The Linux kernel arm64 FPSIMD/SVE state management vulnerability arises when SVE is supported but SME is not: a ptrace write to the NT_ARM_SVE regset can place the tracee in an invalid state, storing non-streaming SVE data in FP_STATE_SVE format while TIF_SVE is not set. ...

5.5CVSS5.3AI score0.001EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.25 views

CVE-2026-23206

Summary: CVE-2026-23206 affects the Linux kernel dpaa2-switch driver where zero interfaces (num_ifs == 0) caused a NULL-like ZERO_SIZE_PTR allocation and a kernel panic during probe. The issue stems from allocating arrays with kcalloc() using ethsw->sw_attr.num_ifs and dereferencing ports[0] i...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/03/04 2:36 p.m.25 views

CVE-2026-23232

The CVE-2026-23232 entry pertains to the Linux kernel and the f2fs file system. According to the connected data, a patch intended to enable a block cache/DIO write during f2fs_enable_checkpoint() was reverted because the original patch could cause a deadlock. The revert sequence involves lock ord...

5.5CVSS5.8AI score0.00104EPSS
CVE
CVE
added 2026/03/04 2:38 p.m.25 views

CVE-2026-23238

CVE-2026-23238 (Linux kernel — romfs): The romfs implementation in the kernel failed to honor the return value of sb_set_blocksize(), continuing a mount when the requested ROMBSIZE (e.g., 4096) was incompatible with the device’s logical_block_size (e.g., 32768). This could occur by using LOOP_SET...

5.5CVSS5.8AI score0.00189EPSS
CVE
CVE
added 2026/03/18 5:44 p.m.25 views

CVE-2026-23266

CVE-2026-23266 : In the Linux kernel fbdev rivafb driver, nv3_arb() can divide by state->mclk_khz (derived from PRAMDAC MCLK PLL) if an attacker exposes a zero value, causing a divide error and kernel crash. The fix adds a zero-check for state->mclk_khz before division. Affected: fbdev/riva...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.25 views

CVE-2026-23312

CVE-2026-23312 concerns the Linux kernel: the net: usb: kaweth driver did not validate USB endpoint counts/types when probing a device. The root cause is lack of validation before binding, which could allow a malicious device to cause a crash by accessing endpoints that aren’t present or correctl...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.25 views

CVE-2026-23318

CVE-2026-23318 affects the Linux kernel ALSA USB-audio UAC3 header validation. The validator table for UAC3 AC header descriptors used UAC_VERSION_2 instead of UAC_VERSION_3, so real UAC3 devices were not validated and could trigger out-of-bounds reads when the driver accesses unvalidated descrip...

7.1CVSS5.6AI score0.00132EPSS
CVE
CVE
added 2026/03/25 10:28 a.m.25 views

CVE-2026-23386

CVE-2026-23386 concerns the Linux kernel gve driver in QPL mode, where gve_tx_clean_pending_packets() could misinterpret the dma_addr_t array as buffer IDs, causing out-of-bounds/unmap errors. The root cause was an improper buffer cleanup path in gve_tx_clean_pending_packets() that could referenc...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/04/01 8:36 a.m.25 views

CVE-2026-23404

CVE-2026-23404 affects the Linux kernel AppArmor profile management. The issue arises from recursive profile removal in the AppArmor code path; nested profiles could trigger deep recursion, risking kernel stack exhaustion and system crashes. The connected documents confirm the root cause is the r...

5.5CVSS5.8AI score0.00177EPSS
CVE
CVE
added 2026/04/01 8:36 a.m.25 views

CVE-2026-23409

The CVE-2026-23409 issue is in the Linux kernel AppArmor differential encoding verification. It describes two bugs: (1) mixing states that have already been verified with those currently being checked, which can cause loops in the current chain to be treated as verified, and (2) an incorrect bail...

5.5CVSS5.7AI score0.00177EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.25 views

CVE-2026-23427

Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...

9.8CVSS5.8AI score0.0029EPSS
CVE
CVE
added 2026/04/03 3:16 p.m.25 views

CVE-2026-31403

CVE-2026-31403 is a Linux kernel vulnerability affecting NFSD where a proc entry (/proc/fs/nfs/exports) captured the caller’s network namespace without holding a reference. If the namespace is torn down after opening the exports fd (e.g., container destruction with setns), nfsd_net_exit() may fre...

7.8CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/04/08 1:6 p.m.25 views

CVE-2026-31411

CVE-2026-31411: Linux kernel ATM signaling path (net/atm) allowed forged user pointers via sendmsg(), leading to potential memory safety risks. A fix adds find_get_vcc() to validate the vcc pointer against the vcc_hash and uses sock_hold() to keep the object alive during processing of signaling o...

5.5CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.25 views

CVE-2026-31450

CVE-2026-31450 describes a race in ext4 where ei->jinode was published to concurrent readers before jbd2_journal_init_jbd_inode() completed, allowing a non-NULL jinode to be observed with i_vfs_inode still NULL. The mitigated issue could lead to a crash when a reader passes jinode to jbd2_wait...

8.8CVSS5.6AI score0.00469EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.25 views

CVE-2026-31489

This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.25 views

CVE-2026-31491

In the Linux kernel’s RDMA/irdma component, CVE-2026-31491 stems from depth calculation functions that fail to properly guard against U32_MAX inputs for SQ/RQ/SRQ sizes. The issue can cause integer overflow and truncation, leading to the function returning success when it should fail. Public repo...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/04/24 2:30 p.m.25 views

CVE-2026-31536

The vulnerability CVE-2026-31536 affects the Linux kernel SMB direct server implementation. In smb: server: let send_done handle a completion without IB_SEND_SIGNALED, during smbdirect_send_batch processing requests may be processed without IB_SEND_SIGNALED and could be destroyed in the final req...

9.8CVSS5.4AI score0.00442EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.25 views

CVE-2026-31593

CVE-2026-31593 is a Linux kernel KVM SEV SNP issue. The vulnerability arises when updating an already-launched and encrypted vCPU state: attempting to sync the vCPU's VMSA can trigger an SEV-SNP cryptographic memory protection (RMP) violation, causing a host panic/DoS. Technical details across mu...

5.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.25 views

CVE-2026-31595

CVE-2026-31595 affects the Linux kernel PCI endpoint driver for the vntb (pci-epf-vntb) where the cleanup path epf_ntb_epc_cleanup does not disable the delayed work before clearing BAR mappings and doorbells. The referenced details describe that if the delayed work isn’t disabled, the cmd_handler...

5.5CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.25 views

CVE-2026-31668

The CVE-2026-31668 issue affects the Linux kernel’s seg6 lwtunnel, where a single dst_cache was shared between input and output paths. This allowed the post-encap SID lookup to be performed in different routing contexts, with the second path potentially reusing the first path’s cached data and by...

9.8CVSS5.4AI score0.00443EPSS
CVE
CVE
added 2026/05/01 1:55 p.m.25 views

CVE-2026-31699

Technical details about CVE-2026-31699 are not publicly available in the provided documents. Monitor for updates from OSV, Red Hat, SUSE, Debian and other trackers for affected products and fixes.

7.1CVSS6AI score0.00126EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.25 views

CVE-2026-31707

The CVE-2026-31707 issue affects the Linux kernel ksmbd component. The overflow vulnerability in ipc_validate_msg() arises from arithmetic on attacker-controlled fields when computing per-response message sizes, allowing wraparound in three cases (RPC_REQUEST, SHARE_CONFIG_REQUEST, LOGIN_REQUEST_...

7.1CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.25 views

CVE-2026-43027

The CVE-2026-43027 vulnerability in the Linux kernel arises from nf_conntrack_helper_unregister() freeing a helper while expectations still reference it due to NULL data in nf_ct_expect_iterate_destroy(), leading to use-after-free when later access occurs. The fix is to pass the actual helper poi...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.25 views

CVE-2026-43036

Summary (CVE-2026-43036) : The issue resides in the Linux kernel networking path, where gso_features_check() read IPv4 header offsets (iph->frag_off) in a way that could dereference uninitialized data when packets are injected via PF_PACKET paths. The root cause is unsafe header dereferencing ...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.25 views

CVE-2026-43049

CVE-2026-43049 affects the Linux kernel HID logitech-hidpp driver (Logitech G920 force feedback). If force feedback init fails, resources may be torn down inconsistently, enabling a use-after-free (UAF) if userspace still references dangling objects. The fixed approach chose to warn but return su...

7.8CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.25 views

CVE-2026-43080

Summary of CVE-2026-43080 (Linux kernel) : The issue resides in the L2TP/PPP over L2TP code path where an oversized PPPoL2TP packet sent with UDP encapsulation can trigger an overflow of the 16‑bit UDP length field, causing the length to be trimmed and potentially sending malformed packets. The p...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.25 views

CVE-2026-43093

CVE-2026-43093 is a Linux kernel issue in the xsk (AF_XDP) subsystem where headroom validation for UMEM was tightened in xdp_umem_reg(), addressing potential memory corruption of skb_shared_info and insufficient space for minimum-sized Ethernet frames. The fix accounts for 128-byte alignment as a...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.25 views

CVE-2026-43205

CVE-2026-43205 affects the Linux kernel's dpaa2-switch handling. The defect arises from the driver obtaining sw_attr.num_ifs from firmware without validating it against DPSW_MAX_IF (64). This allows an out-of-bounds write in dpaa2_switch_fdb_get_flood_cfg() when num_ifs can reach 64, as it writes...

7.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.25 views

CVE-2026-43206

Summary: CVE-2026-43206 affects the Linux kernel’s drm/amdkfd component. The function kfd_event_page_set() writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes using memset without validating the destination buffer size, allowing an unprivileged local user to trigger an out-of-bounds memory write and potentia...

7.8CVSS5.9AI score0.00139EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.25 views

CVE-2026-43258

CVE-2026-43258 concerns the Linux kernel: on Alpha systems, memory compaction can trigger user-space crashes and heap corruption due to insufficient TLB shootdown during page migration. Root cause involves ASN rollover and stale instruction translations surviving migration. The fix introduces a m...

7.8CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.25 views

CVE-2026-43309

The CVE-2026-43309 issue affects the Linux kernel’s md raid and device-mapper (dm-raid) components. When stopping a RAID array managed by dm-raid, the system could hang because md_stop() attempted to flush the write-intent bitmap to metadata sub-devices that were already suspended. The fix preven...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.25 views

CVE-2026-43328

Root cause: in the Linux kernel cpufreq governor, the error path in cpufreq_dbs_governor_init() could trigger a double free when kobject_init_and_add() fails. The kobject release path previously attempted cleanup via gov->exit(dbs_data) and kfree(dbs_data) twice. The fix keeps a direct kfree(d...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/08 1:39 p.m.25 views

CVE-2026-43345

Summary: The CVE concerns the Linux kernel IPA driver. For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to CH_C_CNTXT_1. The register definition intended to define this field in CH_C_CNTXT_1 but used the old identifier ERINDEX instead of CH_ERINDEX, causing an incorrect event rin...

7.5CVSS5.7AI score0.00353EPSS
CVE
CVE
added 2026/05/08 1:41 p.m.25 views

CVE-2026-43349

The CVE-2026-43349 entry concerns the Linux kernel’s Flash-Friendly File System (f2fs). The issue arises when f2fs_finish_read_bio() may access uninitialized data in a folio if a read from the device fails, triggering an uninitialized-value access in f2fs_sanity_check_node_footer. The root cause,...

5.5CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.25 views

CVE-2026-43357

The CVE-2026-43357 entry concerns the Linux kernel iio: gyro: mpu3050-core driver. The root cause is incorrect PM runtime error handling: pm_runtime_get_sync() return value isn’t checked and the device usage count is incremented unconditionally, potentially allowing access to hardware that failed...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.25 views

CVE-2026-43361

CVE-2026-43361 affects the Linux kernel Btrfs subsystem. The issue arises when snapshotting a previously received subvolume can overflow BTRFS_UUID_KEY_RECEIVED_SUBVOL, causing a transaction abort and putting the filesystem into read-only mode. The vulnerability can be triggered by repeatedly sna...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.25 views

CVE-2026-43403

CVE-2026-43403 concerns the Linux kernel nsfs component. The issue arises from insufficient permission checks in ns iteration ioctls, potentially allowing a privileged service to view information from other privileged services and perform information disclosure. Multiple sources (Red Hat, Debian,...

8.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43430

The issue CVE-2026-43430 affects the Linux kernel USB driver for yurex. A race condition occurs in the probe path where the bbu field is not initialized before the URB completion handler uses it, creating a window during which descriptor data can be overwritten by concurrent probing. This can lea...

4.7CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43432

CVE-2026-43432 relates to the Linux kernel USB xHCI driver. The error path in usb/xhci_disable_slot() previously freed only the command structure (via kfree), leaking the associated completion structure. The patch changes the code to call xhci_free_command() , which frees both the command structu...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43436

The CVE-2026-43436 vulnerability affects the Linux kernel ALSA USB-audio driver (Scarlett2 mixer quirk). A malformed USB descriptor can trigger a NULL dereference in scarlett2_find_fc_interface() due to assuming an endpoint exists. The patch adds a sanity check for bNumEndpoints and skips invalid...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43472

The CVE describes a Linux kernel unshare(2) bug: when CLONE_NEWNS is requested and current->fs wasn’t previously shared, copy_mnt_ns() could receive a non-private fs_struct. If copy_mnt_ns() succeeds but a subsequent copy_cgroup_ns() fails, the destroyed namespace can leave current->fs->...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/05/13 3:8 p.m.25 views

CVE-2026-43489

The CVE-2026-43489 issue concerns the Linux kernel liveupdate code path for LUO files, specifically luo_file.retrieve_status. The bug arises because on a failed retrieve, luo_retrieve_file() returns an error without recording that a retrieve was attempted or its error code. This can cause an erro...

5.5CVSS5.6AI score0.00102EPSS
CVE
CVE
added 2026/05/21 12:12 p.m.25 views

CVE-2026-43497

The CVE-2026-43497 issue affects the Linux kernel fbdev path (udlfb/dlfb) where dlfb_ops_mmap maps vmalloc framebuffer pages without vm_ops, preventing mmap tracking. This allowed stale user PTEs to coexist with freed kernel pages after dlfb_realloc_framebuffer() via FBIOPUT_VSCREENINFO, causing ...

7.3CVSS5.9AI score0.00113EPSS
Total number of security vulnerabilities14330