14330 matches found
CVE-2025-71235
CVE-2025-71235 : Linux kernel, scsi: qla2xxx driver. The issue arises when a module unload is issued while a fabric scan is in progress, causing a crash due to freeing memory in interrupt context (dma_free_attrs) after the UNLOADING flag is set and a scheduled work item cannot be allocated. Root ...
CVE-2025-71315
The CVE-2025-71315 vulnerability concerns the Linux kernel’s drm/vkms path. Connected sources confirm a concrete fix: vkms’ vblank timer was replaced with DRM’s vblank timer implementation, removing the hrtimer from vkms_output and delegating to the DRM vblank timeout path via handle_vblank_timeo...
CVE-2026-22980
The CVE-2026-22980 issue is confirmed to affect the Linux kernel and is addressed by a patch that fixes a race between v4_end_grace writes and server shutdown. The fix introduces two new fields in the nfsd network context: client_tracking_active (protected by nn->client_lock) and grace_end_for...
CVE-2026-23014
The CVE-2026-23014 issue concerns the Linux kernel perf subsystem, specifically the swevent hrtimer. The root cause is that after changing hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer(), the hrtimer could remain active when the event is freed. The fix adds a full hrtimer_cancel() on the...
CVE-2026-23016
The CVE concerns the Linux kernel’s conntrack/frag handling (inet: frags: drop fraglist conntrack references). A bug allows reassembled skb fragments to retain nf_conn references via frag_list, causing conntrack cleanup to block (hangs up to ~60s) when fragmentation/reassembly occurs (UDP/TCP pat...
CVE-2026-23080
Technical details for CVE-2026-23080 are not provided in the connected documents. The sources reference the CVE in advisories (e.g., USN entries) but do not include product/vendor/component/version, root cause, impact, or fix specifics. Monitor for updates.
CVE-2026-23088
CVE-2026-23088 affects the Linux kernel tracing subsystem. The issue arises when a synthetic event reuses an existing synthetic event’s stacktrace field, leading to a kernel crash (crash/NULL pointer dereference) when enabling linked synthetic events. The root cause is how the stacktrace field is...
CVE-2026-23119
The CVE-2026-23119 issue in the Linux kernel concerns the bonding driver where a net pointer was not always provided to __skb_flow_dissect() after plumbing the network namespace. The lack of a valid net pointer (via skb->dev, skb->sk, or a user pointer) allowed a syzbot-created bare skb to...
CVE-2026-23130
CVE-2026-23130 pertains to the Linux kernel’s ath12k wireless driver and describes a deadlock in flushing management frames. The issue arises after a commit converted the management transmission work item into a wiphy work, which must run under wiphy lock protection; if a management frame is queu...
CVE-2026-23138
In CVE-2026-23138, the Linux kernel fixes an infinite recursion bug triggered when tracing the RCU events with the stack-trace trigger enabled. The patch expands ftrace recursion protection by adding a set of bits to protect events from recursion across contexts (normal, softirq, interrupt, and N...
CVE-2026-23141
CVE-2026-23141 affects the Linux kernel (btrfs subsystem) where btrfs: send: check for inline extents in range_is_hole_in_parent() failed to verify inline extents before accessing the disk_bytenr field. The bug could allow an invalid memory access when inline data is accessed, or when the inline ...
CVE-2026-23157
CVE-2026-23157 is a Linux kernel vulnerability affecting the btrfs metadata writeback path. The issue occurs in the balance between dirty pages and a cgroup/global dirty limit, where an internal 32 MiB threshold for btrfs btree inode writeback prevents progress when the cgroup’s dirty pages excee...
CVE-2026-23169
CVE-2026-23169 is a Linux kernel vulnerability where a race in mptcp_pm_nl_flush_addrs_doit() could crash the kernel. Root cause: list_splice_init() is not RCURED and cannot be called while holding pernet->lock spinlock; list_splice_init_rcu() was misusefully invoked in that context. The issue...
CVE-2026-23172
Technical details for CVE-2026-23172 are not publicly available in the provided documents; monitor for updates.
CVE-2026-23188
CVE-2026-23188 affects the Linux kernel’s net/usb rtl8152 driver. The issue arises on resume: rtl8152_resume triggers a device reset while holding tp->control mutex, and reset path re-enters rtl8152 and tries to acquire the same lock, creating a recursive mutex_deadlock. The result is a DPM ti...
CVE-2026-23192
Summary (CVE-2026-23192) : This is a use-after-free in the Linux kernel’s linkwatch subsystem. When a network device is deleted while linkwatch events are pending, the device reference may be freed prematurely (in linkwatch_do_dev), allowing __linkwatch_run_queue to access a freed device. The fix...
CVE-2026-23257
CVE-2026-23257 is a Linux kernel off-by-one cleanup bug affecting PF setup_nic_devices() in the liquidio path, linked to a memory leak. Connected advisories indicate Root:Ubuntu:24.04 and Ubuntu:22.04 have patched this CVE in the rootio-linux package, with multiple fixed versions available. The p...
CVE-2026-23272
CVE-2026-23272 affects the Linux kernel netfilter nf_tables component. The issue arises when inserting into a full set: the code increments set->nelems and publishes a new element before the RCU grace period, allowing an RCU reader to observe a partially updated element. The description notes ...
CVE-2026-23296
CVE-2026-23296 affects the Linux kernel SCSI core, specifically a refcount leak in tagset_refcnt that can cause a hang when tearing down a SCSI host (e.g., iscsid hang during SCSI scanning). The vulnerability is local in nature with a base score of 5.5 (MEDIUM); exploitation details are not provi...
CVE-2026-23321
CVE-2026-23321 relates to the Linux kernel MPTCP subsystem (mptcp: pm: in-kernel: always mark signal+subflow endp as used). The vulnerability was addressed in the upstream kernel by patching endp handling in the PM code, reducing warning/usage inconsistencies when signaling ADD_ADDRs and subflows...
CVE-2026-23354
CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...
CVE-2026-23363
The CVE-2026-23363 issue affects the Linux kernel wifi driver stack, specifically the mt7925 component of the mt76 driver. A missing frame-length check in mt7925_mac_write_txwi_80211() could allow out-of-bounds access to management fields, potentially impacting system stability. The vulnerability...
CVE-2026-23364
CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...
CVE-2026-23371
CVE-2026-23371 (Linux kernel SCHED_DEADLINE) details (from provided docs): The vulnerability arose when a SCHED_DEADLINE task (often a lock holder) moved to a lower class via sched_setscheduler() and failed to inherit the donor DEADLINE parameters, risking bandwidth accounting corruption because ...
CVE-2026-23408
The CVE-2026-23408 issue affects the Linux kernel AppArmor module. The root cause was a double free of ns_name in aa_replace_profiles(): ns_name could be NULLed after it had been transferred from ent->ns_name, but ent->ns_name was freed later, and then freed again when kfree(ns_name). The p...
CVE-2026-23419
CVE-2026-23419 affects the Linux kernel’ s RDS implementation. The issue is a circular locking dependency in net/rds: a memory allocation performed inside the socket lock during the call to sk_net_refcnt_upgrade() creates a deadlock with fs_reclaim. The root cause is that sk_net_refcnt_upgrade() ...
CVE-2026-23423
CVE-2026-23423 concerns memory management in the Linux kernel’s btrfs_uring_read_extent() path. The issue: the 'pages' object allocated during read operations is not freed in error scenarios, under the hopeful path that it will be reclaimed by btrfs_uring_read_finished() later. If errors occur (e...
CVE-2026-23461
CVE-2026-23461: In the Linux kernel Bluetooth L2CAP, l2cap_register_user() and l2cap_unregister_user() did not consistently acquire conn->lock, creating a race with l2cap_conn_del() that can access conn->users and conn->hchan concurrently. This caused use-after-free and list corruption. ...
CVE-2026-31422
CVE-2026-31422 affects the Linux kernel’s net/sched subsystem. The vulnerability occurs in flow_change() where tcf_block_q() dereferences q->handle to derive a default baseclass for shared blocks, while block->q can be NULL for shared blocks. The fix adds a check of tcf_block_shared() befor...
CVE-2026-31436
Summary of CVE-2026-31436 : The Linux kernel’s dmaengine idxd driver contains a bug in the llist_abort_desc() function where the code completes the wrong descriptor (the variable “found” rather than the traversal cursor “d”) as the function unwinds a doubly linked list. This can lead to NULL poin...
CVE-2026-31482
The CVE-2026-31482 issue affects the Linux kernel on s390, where r12 was not scrubbed on kernel entry due to an incomplete update in the s390 entry path. The root cause is that, after removing TIF_ISOLATE_BP, the register-clearing sequence failed to include the xgr %r12,%r12 scrub, leaving the cu...
CVE-2026-31492
The CVE-2026-31492 entry concerns the Linux kernel RDMA irdma driver. Root cause: in irdma_create_qp, if ib_copy_to_udata fails, irdma_destroy_qp cleanup waits on free_qp completion that has not been initialized yet. The fix is to initialize the free_qp completion before the ib_copy_to_udata call...
CVE-2026-31555
CVE-2026-31555 relates to a Linux kernel futex race in futex_lock_pi() retry path where a stale pointer to an exiting task is not cleared on retry. The issue can lead to a WARN_ON_ONCE when an old exiting pointer is used after a failed retry, potentially contributing to a DoS via kernel instabili...
CVE-2026-31562
Summary: CVE-2026-31562 affects the Linux kernel DRM/mediatek DSI driver. A local attacker could trigger a NULL pointer dereference due to an uninitialized drvdata being read during mipi_dsi_host_register, causing a crash in mediatek-drm probe and blocking subsequent DRM operations. The fixed beh...
CVE-2026-31573
The vulnerability CVE-2026-31573 affects the Linux kernel media: verisilicon hantro_vpu driver. When built as a module, incorrect use of the __initconst annotation frees data prematurely, and non-init probe code later accesses this freed data, causing a kernel panic (page fault) during hantro_pro...
CVE-2026-31578
CVE-2026-31578: Linux kernel as102_usb driver race leads to use-after-free/double-free when a device is deregistered while an open FD remains. The crash arises from freeing as102_dev_t after usb_register_dev() and before the final FD is closed; the fix defers freeing to the .release() path, ensur...
CVE-2026-31579
The CVE-2026-31579 issue affects the Linux kernel’s WireGuard integration where wg_netns_pre_exit() manually acquired rtnl_lock(), risking a hung task when another thread holds the RTNL mutex. The vulnerability is mitigated by moving the cleanup to the .exit_rtnl hook (which the framework already...
CVE-2026-31592
CVE-2026-31592 affects the Linux kernel KVM subsystem. The vulnerability arises when sev_mem_enc_register_region() is not protected by kvm->lock before sev_guest() is checked, risking state corruption if KVM_INIT{2} fails and an uninitialized sev->regions_list is touched, potentially causin...
CVE-2026-31610
CVE-2026-31610 affects ksmbd in the Linux kernel. The issue is a memory-leak in the SPNEGO decode path: during ksmbd_decode_negTokenInit, the code allocates conn->mechToken and may fail parsing later elements, leaving the previously allocated token. If the continuation path marks use_spnego fa...
CVE-2026-31619
The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...
CVE-2026-31675
CVE-2026-31675 — Linux kernel netem out-of-bounds in packet corruption The issue arises in net/sched: sch_netem where the packet corruption logic selects an index into skb->data using get_random_u32_below(skb_headlen(skb)). For AF_PACKET TX_RING sending fully non-linear packets over an IPIP tu...
CVE-2026-31711
CVE-2026-31711 concerns the Linux kernel ksmbd server where a leak of active_num_conn occurs during transport allocation failure. The issue lets an unauthenticated remote attacker exacerbate memory pressure by holding connections with large RFC1002 lengths, causing the max_connections pool to be ...
CVE-2026-31712
CVE-2026-31712 affects ksmbd in the Linux kernel. A crafted DACL with an undersized ACE can bypass validation in smb_check_perm_dacl(), causing an out-of-bounds read during a subsequent file CREATE. The issue arises when ace->size and the ACE layout permit reading access_req (offset 4) and sid...
CVE-2026-31729
CVE-2026-31729 affects the Linux kernel USB Type-C Unified Connector and Switch Interface (UCSI) path. A malicious or malfunctioning USB‑C device can report an out‑of‑range connector number in the CCI, which is used to index ucsi_connector_change(); the underlying array is allocated for the devic...
CVE-2026-31743
In the Linux kernel, CVE-2026-31743 affects the nvmem subsystem, specifically the zynqmp_nvmem module, where an incorrect buffer size is used during DMA allocation and memcpy. The resulting undersized DMA buffer access can cause memory corruption, potentially triggering system instability or deni...
CVE-2026-31788
The CVE-2026-31788 entry describes a vulnerability in the Linux kernel related to the Xen privcmd driver. The privcmd interface could allow a user-space process to issue hypercalls that affect other domains, which is normally restricted to root. In secure-boot scenarios, an unprivileged domU coul...
CVE-2026-43144
The CVE-2026-43144 entry concerns the Linux kernel brcmfmac Wi‑Fi SDIO driver. Concrete details from multiple sources show that during SDIO probe failure (e.g., missing firmware), sdiodev->bus could be set to a non-NULL error value twice (in brcmf_sdio_probe() and brcmf_sdiod_probe()), causing...
CVE-2026-43161
CVE-2026-43161 is a Linux kernel IOMMU VT-d vulnerability related to ATS invalidation when a PCIe endpoint loses connection. In scalable-mode-disabled/unsupported systems, an endpoint link drop can cause the IOMMU to wait indefinitely for an ATS invalidation, leading to a host hard-lock (notably ...
CVE-2026-43185
In Linux kernel ksmbd, a signedness bug in smb_direct_prepare_negotiation() casts unsigned __u32 values from sp->max_recv_size and req->preferred_send_size to signed int before min_t(). A crafted preferred_send_size of 0x80000000 can be treated as smaller than max_recv_size, enabling a subs...
CVE-2026-43197
CVE-2026-43197 concerns a Linux kernel netconsole vulnerability where messages from the console subsystem could be read out-of-bounds due to missing null-termination. The root cause is a netconsole write path that could access memory beyond the allocated buffer, observable as a slab-out-of-bounds...