14062 matches found
CVE-2025-71090
CVE-2025-71090 describes a Linux kernel NFS daemon leak in nfsd4_add_rdaccess_to_wrdeleg(). The function overwrites fp->fi_fds[O_RDONLY] with a new nfsd_file even when a SHARE_ACCESS_READ is already open, thereby orphaning the prior reference. It previously stored the same nfsd_file pointer in...
CVE-2023-53339
CVE-2023-53339 : In the Linux kernel’s Btrfs code, a race between pausing and balancing can cause a BUG_ON panic in btrfs_cancel_balance due to an unaccounted race. The race has no other side effects, and a fix has been applied in the upstream patch set. The vulnerability affects local attackers ...
CVE-2023-53341
CVE-2023-53341 refers to a Linux kernel memory initialization fix: the function early_init_dt_scan_memory now returns 1 when memory is found and 0 if none, allowing other memory setup paths to run. This changes the control flow after the ramips plat_mem_setup call, addressing scenarios where memo...
CVE-2023-53342
In CVE-2023-53342, the Linux kernel vulnerable path is in net: marvell: prestera handling IPv4 routes that reference a nexthop via its id. The root cause is calling fib_info_nh() for nexthop lookups instead of fib_info_nhc(), which triggers warnings when adding routes that use nhid (for example: ...
CVE-2023-53348
The CVE-2023-53348 issue affects the Linux kernel's Btrfs relocation workflow. Specifically, when relocating a block group, the scrub operation is paused during relocation and may deadlock if a transactional commit enters the critical section with a paused scrub. The vulnerability is resolved by ...
CVE-2023-53378
Summary (CVE-2023-53378): A Linux kernel issue in the i915 driver where the DPT backing object (DPT BO) for a framebuffer was not treated as a framebuffer by i915_gem_object_is_framebuffer(). This allowed the shrinker to evict the DPT BO while the actual FB BO remained bound, potentially causing ...
CVE-2023-53387
The CVE-2023-53387 issue affects the Linux kernel SCSI/UFS stack. In the UFS error handling flow, when a device management NOP OUT times out and doorbell clearing also fails, the dev_cmd.complete pointer is not NULL, causing __ufshcd_transfer_req_compl() to call complete() on a stack-allocated st...
CVE-2023-53388
Summary of CVE-2023-53388 : In the Linux kernel, the DRM/Mediatek driver had a dangling pointer in the error path of the bind sequence. When mtk_drm_bind() fails, the code previously called drm_dev_put() to destroy the drm_device, but a private object still held a pointer to that device. If a sus...
CVE-2023-53437
CVE-2023-53437 affects the Linux kernel media: uvcvideo driver. The vulnerability arises when handling cameras with invalid descriptors, potentially enabling local attacker access due to improper link handling when a source entity has no pads. Public docs (OpenVAS/Nessus summaries) list updates t...
CVE-2023-53474
CVE-2023-53474 affects the Linux kernel’s AMD/Intel x86 Machine Check Architecture (MCA) handling. Root cause: bank_map was an unsigned int, causing shift-out-of-bounds when bank indices reached 32, triggering UBSAN. Resolution: changed bank_map to a 64-bit type and used BIT_ULL() for bit operati...
CVE-2023-53488
CVE-2023-53488 (Linux kernel) : The vulnerability affects the IB/hfi1 InfiniBand driver. During hotplug removal, a pending update-counters work could run after memory is freed, causing a possible kernel panic. The fix cancels the update-counters work before freeing memory. Evidence in the securit...
CVE-2023-53492
The CVE-2023-53492 entry describes a Linux kernel nf_tables issue: when adding a rule that refers to a chain by ID, Genmask was ignored if the chain had been deleted in the same batch, causing the rule to reference a deleted chain and trigger a warning. The root cause is nf_tables_lookup_byid ign...
CVE-2023-53519
CVE-2023-53519 affects the Linux kernel media/v4l2-mem2mem path. The issue is a data race in v4l2_m2m_buf_queue when reading the parameter num_rdy, mitigated by introducing a lock to protect that parameter (as described in the OSV and SUSE advisories). Affected component: media: v4l2-mem2mem. Roo...
CVE-2023-53523
Technical details for CVE-2023-53523 are not publicly provided in the connected documents; no specific affected products, versions, risks, or fixes are listed beyond the initial description. Monitor for updates.
CVE-2023-53524
CVE-2023-53524 involves an integer overflow in the Linux kernel’s iwl_write_to_user_buf() used by iwl_dbgfs_monitor_data_read() in iwlwifi PCIe. The bug computes buf_size_left from count and *bytes_copied, then reduces it and may pass a negative value to copy_to_user, causing a heap overflow. It ...
CVE-2023-53535
CVE-2023-53535 is a Linux kernel issue in the bcmgenet driver. It patches a vulnerability where some hardware could deliver packets larger than the 2 KiB SKB buffer, introducing a risk of skb_over_panic. The fix adds an early length check to drop oversized packets and proceed with the next frame,...
CVE-2023-53541
In CVE-2023-53541, the Linux kernel mtd: rawnand: brcmnand module had a potential out-of-bounds read during oob writes when the oob buffer length isn’t a multiple of word size. The fix adds a length check on the oob buffer read and fills the remainder with 0xff when the end of the buffer is reach...
CVE-2023-53548
CVE-2023-53548 affects the Linux kernel USB networking stack, specifically the usbnet driver. The issue arises when usbnet trusts the bulk endpoint addresses reported by the probe routine in the driver_info structure and does not verify that the endpoints exist and have the correct type/direction...
CVE-2023-53560
CVE-2023-53560 concerns the Linux kernel tracing subsystem, specifically the tracing/histograms feature. The issue arises when hist triggers reference variables that are not exposed as direct fields, such as when variables are added for trigger actions; in this case the new references may lack a ...
CVE-2023-53571
The CVE-2023-53571 entry concerns the Linux kernel DRM/I915: the fix changes intel_get_crtc_new_encoder() to fetch the dev pointer from the atomic state instead of relying on a potentially NULL encoder, avoiding a WARN that could lead to an oops when a connector for the CRTC isn’t found in the at...
CVE-2023-53589
CVE-2023-53589 affects the Linux kernel wifi driver (iwlwifi, mvm). The issue arises if the firmware returns a corrupted MCC response with n_channels larger than the command response, potentially causing out-of-bounds reads of uninitialized memory and a crash when n_channels is large enough. The ...
CVE-2023-53597
CVE-2023-53597 affects the Linux kernel CIFS code: after STATUS_IO_TIMEOUTs exceed NUM_STATUS_IO_TIMEOUT, reconnection could leak mids and corrupt server->in_flight; the patch relocates the MID-return/credit handling to after decrypting the response (including transform-header paths), and expa...
CVE-2023-53611
CVE-2023-53611 : In the Linux kernel’s ipmi_si driver, a memleak could occur in try_smi_init() when an error happens before shutdown_smi() is registered, causing a previously allocated si_sm to be leaked. The leak was detected by kmemleak (example shows an unreferenced object in try_smi_init). Th...
CVE-2023-53616
CVE-2023-53616 affects the Linux kernel’s JFS IMAP unmount path. The issue is a double-free during diUnmount in jfs_imap.c where JFS_IP(ipimap)->i_imap is freed but not nulled, risking a subsequent free if remounts fail at diMount. The root cause is i_imap not being set to NULL after free, pot...
CVE-2023-53620
The issue CVE-2023-53620 affects the Linux kernel md (mdadm) status_resync logic. status_resync() reads curr_resync and recovery_active concurrently, which can cause an overflow in the expression curr_resync - recovery_active and lead to an extremely long loop that results in a soft lockup. The f...
CVE-2023-53624
The CVE-2023-53624 issue affects the Linux kernel’s net/sched implementation, specifically sch_fq. It arises when the initial quantum (configured for sch_fq) exceeds INT_MAX, causing the first assignment to the credit field to overflow to a very negative value. This can trigger a CPU soft-lockup ...
CVE-2023-53648
The CVE CVE-2023-53648 fixes a NULL pointer dereference in ALSA: ac97 in snd_ac97_mixer() within the Linux kernel. The issue occurred because rac97 could be NULL; the patch removes a redundant assignment and returns an error if rac97 is NULL. The documented impact is a local denial of service due...
CVE-2023-53665
CVE-2023-53665 : Linux kernel vulnerability in md/mdadm handling where after export_rdev(), mddev may be dereferenced via rdev->kobject; if the last rdev is freed, mddev might be invalid. This is caused by mddev->kobject being referenced by rdev->kobject and using mddev after export_rdev...
CVE-2023-53681
CVE-2023-53681 concerns a bug in the Linux kernel’s bcache subsystem. According to connected sources, in some scenarios the return value of __bch_btree_node_alloc may be NULL, which could lead to a potential NULL pointer dereference in the caller chain (examples mention btree_split, __bch_btree_n...
CVE-2025-39804
CVE-2025-39804 pertains to the Linux kernel (arm64) where lib/crypto/poly1305 could corrupt SIMD/general-purpose registers in no-SIMD contexts, potentially producing incorrect MACs. The fix restores a safety check to ensure Poly1305 calls do not rely on unusable SIMD state, using may_use_simd() i...
CVE-2025-39896
CVE-2025-39896 (Linux kernel, open-source) The vulnerability affects the ivpu driver in the kernel’s accel path. It arises from recovery work being queued during device removal, potentially allowing use-after-free if recovery code accesses freed resources. The fix replaces cancel_work_sync() with...
CVE-2025-39903
The CVE-2025-39903 issue affects the Linux kernel and relates to NUMA memory initialization. The root cause was that memory-only NUMA nodes (nodes without CPUs) were not properly initialized, causing a NULL pointer dereference in free_area_init when NODE_DATA() is accessed for these uninitialized...
CVE-2025-39958
CVE-2025-39958 concerns the Linux kernel IOMMU on s390: when a PCI device is surprise-removed, teardown may still attempt to attach to the default domain, causing zpci_register_ioat() to fail and s390_iommu_attach_device() to error out. The fix changes the attach path to proceed as if registratio...
CVE-2025-68725
CVE-2025-68725 affects the Linux kernel. A patch adds validation to gso_type in GSO handlers to prevent BPF test infra from emitting invalid GSO types to the stack (triggered via BPF programs, e.g., when redirecting to loopback). The issue could allow a local attacker using the BPF test infra to ...
CVE-2025-71076
Technical details for CVE-2025-71076 are not publicly provided in the supplied documents. Monitor for updates for affected products, versions, exploitability, and remediation specifics.
CVE-2025-71119
CVE-2025-71119 affects the Linux kernel. The vulnerability arises in powerpc/kexec where, if SMT is disabled or in partial SMT state, loading a new kernel image for kexec and rebooting can trigger a warning (Waking offline cpu) because add_cpu() fails when cpu_bootable() rejects CPUs due to cpu_s...
CVE-2025-71138
CVE-2025-71138 pertains to the Linux kernel DRM MSM DPU, where a missing NULL pointer check for the pingpong interface was fixed. The vulnerability is addressed by upstream patch 693860, with the issue occurring in dpu_encoder_phys_wb_setup_ctl() and related code paths. Affected environments refe...
CVE-2025-71147
Technical details (affected products, specific root cause, impact, and remediation) are not publicly available in the provided documents. Monitor official advisories for updates.
CVE-2025-71148
CVE-2025-71148 affects the Linux kernel networking code (net/handshake). The issue: handshake_req_submit() overwrites sk->sk_destruct on submission, but does not restore it if an error occurs before hashing, causing handshake_sk_destruct() to return early and leak the socket. The fix is to res...
CVE-2025-71163
CVE-2025-71163: In the Linux kernel DMA Engine idxd, the fix addresses device leaks by dropping the reference taken when looking up the idxd device during the compat bind/unbind sysfs interface. This is a kernel-level issue affecting the idxd component; the root cause is not detailed beyond the n...
CVE-2025-71200
The CVE-2025-71200 entry describes a Linux kernel vulnerability in mmc: sdhci-of-dwcmshc where in HS200/HS400 timing modes lowering the clock below 52MHz could break the link due to the Rockchip DWC MSHC controller requiring a 52MHz minimum. The fix adds a check to prevent illegal clock reduction...
CVE-2025-71286
The CVE-2025-71286 issue concerns the Linux kernel’s ALSA SOF ipc4-topology component, where memory allocation for bytes controls was miscalculated. This could allow local memory corruption due to under-allocating space behind scontrol->ipc_control_data; fixes request allocating additional mem...
CVE-2025-71301
CVE-2025-71301 affects the Linux kernel DRM shmem test code. The root cause is that the GEM object reservation lock was not consistently held during vmap and vunmap, which led to warnings and potential instability. The published fixes acquire and release the reservation lock around vmap and vunma...
CVE-2026-22985
CVE-2026-22985 affects the Linux kernel idpf driver. The vulnerability causes a NULL pointer dereference when ethtool operations (e.g., rxhash) are invoked before the interface is up due to the RSS LUT not being initialized. The fix moves RSS LUT initialization from ndo_open to vport creation to ...
CVE-2026-23023
CVE-2026-23023 concerns the Linux kernel, where a memory leak was fixed in the idpf driver. The vulnerability arises from not freeing vport->rx_ptype_lkup in idpf_vport_rel(), leading to leaked memory during a reset. The fix frees the memory as part of idpf_vport_rel(), preventing the unrefere...
CVE-2026-23067
CVE-2026-23067 centers on an integer signedness bug in the Linux kernel’s ARM IOMMU path (io-pgtable-arm). __arm_lpae_unmap() returned a size_t (unsigned) but could yield -ENOENT on error, turning into a large positive value on 64-bit systems and propagating through the call chain to __iommu_unma...
CVE-2026-23070
CVE-2026-23070 is an in-kernel issue affecting the Linux kernel (noted in Debian/SUSE advisories) related to Octeontx2-af hardware. The vulnerability stems from missing/insufficient checks for fwdata in the shared firmware structure accessed by the MAC block (CGX/RPM). On boards booted without MA...
CVE-2026-23087
CVE-2026-23087 affects the Linux kernel in the Xen-scsi scsiback subsystem. The root cause is a memory leak: memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove(), including error paths during probe. The approved patch frees this allocation in scsiback_re...
CVE-2026-23108
The CVE-2026-23108 issue concerns the Linux kernel CAN driver can: usb_8dev. The vulnerability arises from URBs used for USB in transfers in usb_8dev_open()/usb_8dev_start() being anchored to priv->rx_submitted, then re-submitted in usb_8dev_read_bulk_callback(), but the USB framework unanchor...
CVE-2026-23120
Technical details for CVE-2026-23120 are not provided in the connected documents. The Initial Description summarizes the race but does not specify affected products or fixes. Monitor vendor advisories for concrete remediation guidance.