14062 matches found
CVE-2026-31392
CVE-2026-31392 concerns the Linux kernel SMB client and Kerberos username handling. The issue was fixed by ensuring the username mount option is respected when sec=krb5 is used, preventing reuse of an SMB session across mounts with different usernames. Connected OSV records show Debian/Ubuntu/roo...
CVE-2026-23166
CVE-2026-23166 pertains to the Linux kernel ice driver. The issue arises from a NULL dereference in ice_vsi_set_napi_queues when rings[q_idx]->q_vector is NULL during resume from suspend. The fix adds NULL pointer checks for both the ring pointer and its q_vector in ice_vsi_set_napi_queues, en...
CVE-2026-23169
CVE-2026-23169 is a Linux kernel vulnerability where a race in mptcp_pm_nl_flush_addrs_doit() could crash the kernel. Root cause: list_splice_init() is not RCURED and cannot be called while holding pernet->lock spinlock; list_splice_init_rcu() was misusefully invoked in that context. The issue...
CVE-2026-23184
CVE-2026-23184 concerns a Linux kernel use-after-free in binder_netlink_report() triggered by a BR_TRANSACTION_PENDING_FROZEN path in binder_proc_transaction(). A one-way transaction to a frozen target could be treated as successful, leading to unsafe access to a transaction structure after a pen...
CVE-2026-23185
In the Linux kernel vulnerability CVE-2026-23185, the issue is in the wifi: iwlwifi: mld: cancel mlo_scan_start_wk. The work mlo_scan_start_wk is not canceled on disconnection and is not canceled elsewhere except in restart cleanup. This can cause an init-after-queue issue if the work was queued ...
CVE-2026-23187
CVE-2026-23187 is tied to the Linux kernel: a bug in pmdomain/imx8m-blk-ctrl could trigger an out-of-range access to bc->domains in imx8m_blk_ctrl_remove(), potentially leading to memory corruption. The issue is acknowledged and listed in SUSE-SU-2026:1661-1 as CVE-2026-23187, with the fix des...
CVE-2026-23190
Mode C: CVE-2026-23190 affects the Linux kernel ASoC/amd driver; the issue is a memory leak in acp3x PDM DMA ops. Public advisories (Mageia, SUSE/OpenSUSE, Oracle Linux, Debian) confirm upstream fix in kernel. Remediation is applying the upstream patch (memory leak in acp3x pdm dma ops) or upgrad...
CVE-2026-23230
CVE-2026-23230 is a Linux kernel local race in the SMB/CIFS client code where cached_fid bitfields (is_open, has_lease, on_list) were updated via concurrent paths, causing read–modify–write races. The root cause is that these three flags shared a single byte, so an update to one could overwrite o...
CVE-2026-23257
CVE-2026-23257 is a Linux kernel off-by-one cleanup bug affecting PF setup_nic_devices() in the liquidio path, linked to a memory leak. Connected advisories indicate Root:Ubuntu:24.04 and Ubuntu:22.04 have patched this CVE in the rootio-linux package, with multiple fixed versions available. The p...
CVE-2026-23262
CVE-2026-23262 affects the Linux kernel gve driver when queue counts are changed. The NIC and driver share a region in memory for stats reporting; the NIC calculates its offset into this region using the total stats size and the NIC’s own stats size. When the queue count increases, the driver res...
CVE-2026-23276
CVE-2026-23276 fixes a recursion vulnerability in the Linux kernel networking stack. When a bonded interface in broadcast mode has GRE tunnel slaves, multicast/broadcast traffic could trigger infinite recursion between bond_xmit_broadcast() and ip_tunnel_xmit()/ip6_tnl_xmit(), risking a kernel st...
CVE-2026-23318
CVE-2026-23318 affects the Linux kernel ALSA USB-audio UAC3 header validation. The validator table for UAC3 AC header descriptors used UAC_VERSION_2 instead of UAC_VERSION_3, so real UAC3 devices were not validated and could trigger out-of-bounds reads when the driver accesses unvalidated descrip...
CVE-2026-23363
The CVE-2026-23363 issue affects the Linux kernel wifi driver stack, specifically the mt7925 component of the mt76 driver. A missing frame-length check in mt7925_mac_write_txwi_80211() could allow out-of-bounds access to management fields, potentially impacting system stability. The vulnerability...
CVE-2026-23381
CVE-2026-23381 – Linux kernel net/bridge nd_tbl NULL dereference when IPv6 is disabled . When booted with ipv6.disable=1, nd_tbl isn’t initialized because inet6_init() exits early, causing br_do_suppress_nd() to dereference a NULL ipv6_stub->nd_tbl and trigger a kernel NULL pointer dereference...
CVE-2026-23386
CVE-2026-23386 concerns the Linux kernel gve driver in QPL mode, where gve_tx_clean_pending_packets() could misinterpret the dma_addr_t array as buffer IDs, causing out-of-bounds/unmap errors. The root cause was an improper buffer cleanup path in gve_tx_clean_pending_packets() that could referenc...
CVE-2026-23404
CVE-2026-23404 affects the Linux kernel AppArmor profile management. The issue arises from recursive profile removal in the AppArmor code path; nested profiles could trigger deep recursion, risking kernel stack exhaustion and system crashes. The connected documents confirm the root cause is the r...
CVE-2026-23408
The CVE-2026-23408 issue affects the Linux kernel AppArmor module. The root cause was a double free of ns_name in aa_replace_profiles(): ns_name could be NULLed after it had been transferred from ent->ns_name, but ent->ns_name was freed later, and then freed again when kfree(ns_name). The p...
CVE-2026-31417
The CVE-2026-31417 issue affects the Linux kernel’s net/x25 implementation. Affected component: x25_sock.fraglen can overflow during packet accumulation, with the root cause involving missing overflow checks and an incorrect fraglen reset when fragment_queue is purged in x25_clear_queues(). The p...
CVE-2026-31423
The CVE-2026-31423 issue affects the Linux kernel’s net/sched sch_hfsc; rtsc_min() can divide by a value derived from the difference of large u64 slopes, risking a divide-by-zero when the difference equals 2^32. The fix widens the internal counter to u64 and replaces do_div() with div64_u64() to ...
CVE-2026-31436
Summary of CVE-2026-31436 : The Linux kernel’s dmaengine idxd driver contains a bug in the llist_abort_desc() function where the code completes the wrong descriptor (the variable “found” rather than the traversal cursor “d”) as the function unwinds a doubly linked list. This can lead to NULL poin...
CVE-2026-31451
CVE-2026-31451: In the Linux kernel ext4_read_inline_folio, BUG_ON was replaced with proper error handling when inline data size exceeds PAGE_SIZE. The fix prevents kernel panics, logs the filesystem corruption via ext4_error_inode(), releases the buffer head to avoid leaks, and returns -EFSCORRU...
CVE-2026-31503
CVE-2026-31503 concerns a Linux kernel UDP hash2-based wildcard-bind conflict check that can miss an in-use port when many sockets bind to the same port. The issue arises because UDP uses two hashes (hash and hash2) for collision detection and switches to hash2 only when hslot->count > 10, ...
CVE-2026-31523
In the Linux kernel NVMe PCI driver, CVE-2026-31523 is a race condition: a running change to the polled queue count can create a brief window during reset where a hipri task poll occurs before queue maps are updated, risking double completions when the interrupt-driven path takes over. The issue ...
CVE-2026-31587
Summary (based on provided sources): CVE-2026-31587 affects the Linux kernel ASoC qcom q6apm component. The issue arises when the q6apm registers DAIs dynamically from ASoC topology using device-managed APIs for both the component and the DAIs, which can lead to an incorrect free ordering and a u...
CVE-2026-31619
The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...
CVE-2026-31628
CVE-2026-31628 concerns the Linux kernel on Zen1 CPUs, where the x86/CPU FPDSS issue could allow a local attacker to leak partial results from prior operations via the hardware divider. Patches fix the vulnerability by applying a kernel change (the “chicken bit”) to prevent leakage. Connected adv...
CVE-2026-31637
The CVE-2026-31637 vulnerability lies in the Linux kernel rxrpc subsystem. Specifically, rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without confirming that crypto_skcipher_decrypt() succeeded. A malformed RXKAD response could use a non-block-...
CVE-2026-31666
CVE-2026-31666 affects the Linux kernel’s btrfs filesystem. A defect in lookup_extent_data_ref() caused an incorrect return value when transitioning between leaves, due to merged err/ret handling: if btrfs_next_leaf() returns 0, ret could be overwritten from -ENOENT to 0, making a non-matching ke...
CVE-2026-31675
CVE-2026-31675 — Linux kernel netem out-of-bounds in packet corruption The issue arises in net/sched: sch_netem where the packet corruption logic selects an index into skb->data using get_random_u32_below(skb_headlen(skb)). For AF_PACKET TX_RING sending fully non-linear packets over an IPIP tu...
CVE-2026-31676
The CVE-2026-31676 issue concerns the Linux kernel’s rxrpc subsystem. A flaw allowed duplicate or late RESPONSE packets to be processed outside the intended RXRPC_CONN_SERVICE_CHALLENGING state. The fix enforces state-checking under a state_lock before performing response verification and securit...
CVE-2026-31718
The CVE-2026-31718 entries describe a use-after-free in ksmbd (Linux kernel in-kernel SMB3 server) triggered when a durable file handle survives a session disconnect. The root cause is an asymmetric cleanup of lock state: byte-range locks left on a freed conn->lock_list after fp->conn is nu...
CVE-2026-31719
CVE-2026-31719 concerns the Linux kernel crypto/krb5enc async decrypt path where the skcipher completion could bypass the hash verification, bypassing integrity checks. The root cause is krb5enc_dispatch_decrypt() signaling completion without invoking krb5enc_dispatch_decrypt_hash(). The fix adds...
CVE-2026-31758
The CVE-2026-31758 entry affects the Linux kernel usbtmc implementation. The vulnerability arises when releasing USB Test & Measurement Channels: pending anchored URBs are not flushed or killed during usbtmc_release, allowing use-after-free conditions (notably in the Host Controller Driver giveba...
CVE-2026-31785
Summary: CVE-2026-31785 affects the Linux kernel DRM XE pagefault path. The issue was that the page fault handler could permit write/atomic access to read-only VMAs. Root cause: xe_pagefault_service did not reject writes to read-only VMAs after the VMA lookup. Impact (as described): restoration o...
CVE-2026-43058
The CVE covers a Linux kernel issue in media: vidtv where vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, triggering MSAN warnings for uninitialized data. The root cause is stack-copy of the structs; the patch changes the functions to accept them by ...
CVE-2026-43063
CVE-2026-43063 pertains to the Linux kernel XFS attribute recovery path. The vulnerability arises when xlog_recovery_iget* fails to yield a valid pointer and an ensuing irele operates on a dangling pointer, potentially enabling a local attacker to crash the system and cause a DoS. The Red Hat adv...
CVE-2026-43073
CVE-2026-43073 stems from a misnamed x86-64 kernel routine __copy_user_nocache(), a non-temporal destination copy with exception handling that is not actually a pure user-kernel copy and has complex alignment behavior. The fix renames the function and normalizes the prototype so callers perform p...
CVE-2026-43078
The CVE-2026-43078 entry affects the Linux kernel crypto/af_alg component. A root-cause was an overflow in page reassignment within af_alg_pull_tsgl where the update to support page reallocation wasn’t fully reflected in the loop, allowing one extra page to be reassigned. The vulnerability is des...
CVE-2026-43094
CVE-2026-43094 affects the Linux kernel ixgbevf driver on Hyper-V VMs. The root cause is a missing negotiate_features callback in the Hyper-V mac_ops table, causing ixgbevf_negotiate_api() to dereference a NULL hw->mac.ops.negotiate_features() during feature negotiation. This can lead to a NUL...
CVE-2026-43096
In the Linux kernel mshv component, CVE-2026-43096 patches an infinite fault loop caused by permission-denied GPA intercepts. The issue occurred when guest access to memory regions triggered remaps for all faults on movable regions, even if access type wasn’t permitted, causing a re-fault and vCP...
CVE-2026-43101
The CVE-2026-43101 entry refers to a Linux kernel IPv6 IOAM issue: __ioam6_fill_trace_data() could dereference NULL if __in6_dev_get() returns NULL. The fix replaces skb_dst_dev() with skb_dst_dev_rcu() and adds two missing READ_ONCE() checks; it also enforces that @dev cannot be NULL. Patches ar...
CVE-2026-43171
The CVE-2026-43171 described affects the Linux kernel EFI/CPER component where cper_print_fw_err() does not validate the error-record length against the given offset, allowing an underflow that can cause dumping of large memory regions. Consequences include potential data disclosure and system in...
CVE-2026-43203
The CVE covers a Linux kernel fore200e ATM driver use-after-free during device removal (PCA-200E/SBA-200E). Vulnerability arises when tx_tasklet/rx_tasklet run or pending after fore200e is freed, risking access to freed memory. The published fixes synchronize tasklets with device shutdown by addi...
CVE-2026-43209
CVE-2026-43209 – minix filesystem sanity check in Linux kernel : The minix filesystem implementation lacked proper sanity checks in minix_check_superblock(), notably for s_log_zone_size, which the patch now enforces (only 0 is supported). The update also adds sanity checks for other superblock fi...
CVE-2026-43219
CVE-2026-43219 concerns the Linux kernel networking code in cpsw_new. The issue arises when register_netdev() fails for the first MAC in cpsw_register_ports() but cpsw->slaves[1].ndev remains set, allowing cpsw_unregister_ports() to later try to unregister the second MAC. The root cause is not...
CVE-2026-43234
CVE-2026-43234 concerns the Linux kernel team driver. The issue arises when unregistering a slave from a team interface while a NETDEV_CHANGEMTU event is pending, potentially causing a deadlock/resource exhaustion and system unresponsiveness as shown by reproduction steps involving creating a tea...
CVE-2026-43238
CVE-2026-43238 is a Linux kernel issue in the net/sched act_skbedit module. The bug arises in tcf_skbedit_hash() when calculating mapping_mod = queue_mapping_max - queue_mapping + 1, which could reach 65536 for full u16 queue ranges. This value cannot fit in a u16 and previously wrapped to 0, cau...
CVE-2026-43241
CVE-2026-43241 affects the Linux kernel component ntb_hw_switchtec. The root cause is an array-index-out-of-bounds access related to the number of MW LUTs (dependent on NTB configuration) which can access mw_sizes incorrectly. A patch was applied to guard against invalid index accesses and to pri...
CVE-2026-43244
CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...
CVE-2026-43245
CVE-2026-43245 affects the Linux kernel NTFS driver. The root cause is that ntfs: ->d_compare() could block, with related memory-allocation issues in names_cachep. The authenticated fixes switch critical paths to non-blocking allocations: use kmalloc(PATH_MAX, GFP_NOWAIT) for the path/name han...