14088 matches found
CVE-2026-43209
CVE-2026-43209 – minix filesystem sanity check in Linux kernel : The minix filesystem implementation lacked proper sanity checks in minix_check_superblock(), notably for s_log_zone_size, which the patch now enforces (only 0 is supported). The update also adds sanity checks for other superblock fi...
CVE-2026-43219
CVE-2026-43219 concerns the Linux kernel networking code in cpsw_new. The issue arises when register_netdev() fails for the first MAC in cpsw_register_ports() but cpsw->slaves[1].ndev remains set, allowing cpsw_unregister_ports() to later try to unregister the second MAC. The root cause is not...
CVE-2026-43234
CVE-2026-43234 concerns the Linux kernel team driver. The issue arises when unregistering a slave from a team interface while a NETDEV_CHANGEMTU event is pending, potentially causing a deadlock/resource exhaustion and system unresponsiveness as shown by reproduction steps involving creating a tea...
CVE-2026-43238
CVE-2026-43238 is a Linux kernel issue in the net/sched act_skbedit module. The bug arises in tcf_skbedit_hash() when calculating mapping_mod = queue_mapping_max - queue_mapping + 1, which could reach 65536 for full u16 queue ranges. This value cannot fit in a u16 and previously wrapped to 0, cau...
CVE-2026-43241
CVE-2026-43241 affects the Linux kernel component ntb_hw_switchtec. The root cause is an array-index-out-of-bounds access related to the number of MW LUTs (dependent on NTB configuration) which can access mw_sizes incorrectly. A patch was applied to guard against invalid index accesses and to pri...
CVE-2026-43244
CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...
CVE-2026-43245
CVE-2026-43245 affects the Linux kernel NTFS driver. The root cause is that ntfs: ->d_compare() could block, with related memory-allocation issues in names_cachep. The authenticated fixes switch critical paths to non-blocking allocations: use kmalloc(PATH_MAX, GFP_NOWAIT) for the path/name han...
CVE-2026-43280
CVE-2026-43280 is a Linux kernel vulnerability in the drm/xe module where a malicious user can supply a malformed pat_index via the madvise IOCTL, triggering an out-of-bounds read from xe->pat.table due to missing bounds checking in xe_pat_index_get_coh_mode() (validated only by a call in madv...
CVE-2026-43283
The CVE-2026-43283 issue is in the Linux kernel's ec_bhf Ethernet driver where error-path handling used priv->rx_buf.alloc_len as the DMA handle in dma_free_coherent(), risking improper unmapping and potential memory corruption or DoS. The fix changes the DMA handle to priv->rx_buf.alloc_ph...
CVE-2026-43289
CVE-2026-43289 relates to the Linux kernel kexec flow. The patch fixes kexec_load_purgatory() so image->start is derived from the purgatory_start symbol when present, rather than blindly locating e_entry within an SHF_EXECINSTR section. This prevents the entrypoint check from matching multiple...
CVE-2026-43294
The CVE-2026-43294 entry concerns Linux kernel’s MIPI-DSI driver for Renesas rz-du/rzg2l panels. Root cause: in reboot/unprepare paths, the MIPI-DSI interface could be stopped too late, causing a kernel panic via rzg2l_mipi_dsi_host_transfer(). Fix: move rzg2l_mipi_dsi_stop() to the new callback ...
CVE-2026-43301
CVE-2026-43301 relates to the Linux kernel driver for the wave5 media component. The issue arises when the driver’s remove path unconditionally calls pm_runtime_put_sync(), which can underflow the PM usage count if autosuspend was already activated during probe. This mismatch prevents proper refe...
CVE-2026-43308
CVE-2026-43308 affects the Linux kernel’s Btrfs code path, where an unexpected delayed ref type could previously trigger a BUG() in run_one_delayed_ref(). The issue could enable a local attacker to induce a system crash/DoS by triggering the faulty delay path. The advisory notes that the code can...
CVE-2026-43310
The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...
CVE-2026-43317
CVE-2026-43317 affects the Linux kernel under the internal module path described as the “most: core” component. The issue is a resource leak that occurs during early registration failures, where resources associated with the interface are not properly released. A recent commit fixes a leak in the...
CVE-2026-43325
Summary: The Linux kernel iwlwifi mvm driver must not send MCC_ALLOWED_AP_TYPE_CMD to devices that don’t support 6E. The firmware erroneously advertised 6E support for AX201, causing a firmware crash and potential DoS. The entry is resolved in the provided references; no exploit details or active...
CVE-2026-43331
Summary of details (CVE-2026-43331): In the Linux kernel, a KCOV instrumentation issue in the x86/kexec path is resolved by disabling KCOV for the affected areas. The root cause is that load_segments() changes segment registers and invalidates the GS base KCOV relies on for per-CPU data, causing ...
CVE-2026-43337
CVE-2026-43337 concerns the Linux kernel DRM/AMD display path, where a NULL pointer dereference can occur in dcn401_init_hw() when calling update_bw_bounding_box() without validating the callback pointer. The existing condition ((!fams2_enable && update_bw_bounding_box) || freq_changed) can evalu...
CVE-2026-43349
The CVE-2026-43349 entry concerns the Linux kernel’s Flash-Friendly File System (f2fs). The issue arises when f2fs_finish_read_bio() may access uninitialized data in a folio if a read from the device fails, triggering an uninitialized-value access in f2fs_sanity_check_node_footer. The root cause,...
CVE-2026-43352
This CVE concerns the Linux kernel i3c mipi-i3c-hci driver DMA ring abort handling. The root cause is flawed abort logic that could disrupt the controller state: the code could issue an abort even when the ring is stopped, the abort completion is not re-initialized, aborts could clear RING_CTRL_E...
CVE-2026-43360
CVE-2026-43360 affects the Linux kernel Btrfs file system. A hash-collision during multi-file creation can force multiple entries into a single dir item and, once a leaf size limit is reached, abort the transaction and leave the filesystem read-only, enabling a local DoS without admin privileges....
CVE-2026-43362
CVE-2026-43362 affects the Linux kernel SMB client by an in-place encryption flaw in SMB2_write(), where the write payload could be replaced with ciphertext during retries on unstable connections. The root cause is that smb3_init_transform_rq() shares rq_iov, causing crypt_message() to in-place-e...
CVE-2026-43368
The CVE-2026-43368 entry concerns the Linux kernel DRM/i915 component (GEM shmem objects). A overflow can occur in the unsigned int .length field of a scatterlist when a scatterlists table for a GEM shmem object of 4 GB or more is built from folio-allocated pages, causing the total byte length of...
CVE-2026-43372
CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...
CVE-2026-43374
Summary: CVE-2026-43374 affects the Linux kernel networking code (net: nexthop). The vuln arises when removing a nexthop from a group: remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() and then immediately frees the removed entry’s percpu stats with free_percpu(), while the s...
CVE-2026-43384
The CVE-2026-43384 issue concerns the Linux kernel TCP Authentication Option (TCP-AO) where MACs were compared without constant-time handling. The connected documents confirm a fix was applied to make MAC comparisons constant-time, mitigating timing-attack leakage of sensitive information. The vu...
CVE-2026-43390
The CVE-2026-43390 issue affects the Linux kernel nstree component, where listing permissions were tightened so that even privileged services may not be allowed to view other privileged namespaces. The root cause is insufficient information isolation between namespaces; the kernel now uses may_se...
CVE-2026-43400
CVE-2026-43400 affects the Linux kernel’s DRM/AMDGPU component. The vulnerability arises from missing upper-bound input validation in the amdgpu_userq_signal_ioctl handler, allowing huge input values to trigger an Out-Of-Memory (OOM) condition and thus a Denial of Service. The issue is mitigated ...
CVE-2026-43406
CVE-2026-43406 affects the Linux kernel libceph component. The issue is in process_message_header() where, if a message frame is corrupted or misrepresented, an out-of-bounds read may occur due to a missing explicit bounds check before decoding the header. The vulnerability can enable remote expl...
CVE-2026-43410
Summary: CVE-2026-43410 affects the Linux kernel firmware driver for Stratix 10 RSU. When RSU is not enabled in the FSBL, the driver can NULL-dereference via svc_normal_to_secure_thread(), causing a kernel panic. The root cause is rsu_send_async_msg() freeing the channel on failure, while the pro...
CVE-2026-43412
CVE-2026-43412 pertains to the Linux kernel ASoC Qualcomm qdsp6 driver. The root cause is an incorrect removal order during ADSP stop/start, where q6apm-audio teardown can delete RTDs containing q6apm DAI components before their removal pass, leaving components linked to the card and causing a cr...
CVE-2026-43421
The CVE affects the Linux kernel USB gadget for Network Control Model (NCM) where a net_device could outlive its parent gadget during disconnection, causing dangling sysfs links and potential null dereference. The root cause was lifecycle mismanagement of net_device during USB bind/unbind, addres...
CVE-2026-43431
In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...
CVE-2026-43443
CVE-2026-43443 involves the Linux kernel ASoC AMD ACP Mach common driver. The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not validate clk_get() returns, risking dereferencing invalid pointers and kernel crash. The patch changes clock acquisition to devm_clk_get() and adds IS...
CVE-2026-43451
Summary of CVE-2026-43451 (Linux kernel): The nfnetlink_queue entry leak occurs in the bridge verdict error path. When nfqnl_recv_verdict() dequeues an entry for PF_BRIDGE packets and nfqa_parse_bridge() returns an error (for example VLAN TCI missing when VLAN is present), the code returns withou...
CVE-2026-43460
In the Linux kernel rockchip-sfc driver, CVE-2026-43460 is caused by a double-free of an SPI controller: the driver uses devm_spi_register_controller(), which auto-unregisters on device removal, but remove() also calls spi_unregister_controller(), creating a double-free. The mitigation implemente...
CVE-2026-43472
The CVE describes a Linux kernel unshare(2) bug: when CLONE_NEWNS is requested and current->fs wasn’t previously shared, copy_mnt_ns() could receive a non-private fs_struct. If copy_mnt_ns() succeeds but a subsequent copy_cgroup_ns() fails, the destroyed namespace can leave current->fs->...
CVE-2026-43478
The CVE-2026-43478 issue affects the Linux kernel ASoC codecs rt1011 path. The root cause is using an incorrect helper to obtain the DAPM context in spk_mode_put; the correct function is snd_soc_component_to_dapm() and relying on the kcontrol flow can yield a NULL pointer. Provided connected sour...
CVE-2026-45861
CVE-2026-45861 refers to a Linux kernel vulnerability in the GFS2 file system. The root cause is a slab-use-after-free: during filesystem shutdown, quota data objects were freed without being removed from the LRU list due to the change in the a475c5dd16e5 sequence. As a result, the shrinker (gfs2...
CVE-2026-45877
CVE-2026-45877 concerns the Linux kernel HID driver for Intel ISH. The issue is a NULL-pointer dereference in ishtp_bus_remove_all_clients during a warm reset when cl->device may be NULL while clients are enumerated, leading to a kernel panic. Multiple sources (NVD, Red Hat, SUSE, Debian/OSV, ...
CVE-2026-45888
In the Linux kernel md/raid1 subsystem, CVE-2026-45888 describes a memory leak in raid1_run(): when setup_conf() registers a thread via md_register_thread(), a subsequent failure in raid1_set_limits() may leave the thread registered, leaking the md_thread structure and the thread resource. The fi...
CVE-2026-45900
The CVE-2026-45900 issue is in the Linux kernel crypto: caam module. During dpaa2_caam_probe, netdevs allocated for DPIO setup could leak if dpaa2_dpseci_dpio_setup() fails and the cleanup path in dpaa2_dpseci_free() did not consider previously allocated nets. The fix preserves the CPU mask of al...
CVE-2026-45906
The CVE-2026-45906 issue affects the Linux kernel power supply driver (pf1550). It describes a race where requesting IRQs with devm_ before the power_supply handle is allocated/unregistered can lead to a use-after-free: an interrupt may fire after the power_supply handle is freed but before the I...
CVE-2026-45922
In CVE-2026-45922, the Linux kernel RDMA/mlx5 GET_DATA_DIRECT_SYSFS_PATH handler leaks memory: it allocates device-path memory with kobject_get_path() and, if the path length exceeds the output buffer, returns -ENOSPC without freeing, causing a memory leak. The fix adds a kfree() in the error pat...
CVE-2026-45925
CVE-2026-45925 affects the Linux kernel thermal subsystem. In thermal_of_cm_lookup(), a device node pointer (tr_np) obtained via of_parse_phandle() is not released, causing a reference leak. The documented fix is to release the node automatically using the __free(device_node) cleanup attribute to...
CVE-2026-45930
CVE-2026-45930 is a Linux kernel netlink issue in net: mctp where RTM_GETNEIGH could return uninitialised data in ndmsg pad bytes. The root cause is not fully detailed here beyond the description, but connected OSV entries indicate patches to fix nlmsg initialisation in link/addr/neigh responses....
CVE-2026-45931
The CVE-2026-45931 issue affects the Linux kernel’s accel/amdxdna module. A crash can occur in iommu_sva_unbind_device() when it accesses iommu_mm after the associated mm structure has been freed. The fix is to take an explicit reference to the mm structure after successfully binding the device a...
CVE-2026-45952
The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...
CVE-2026-45955
Summary (CVE-2026-45955): In the Linux kernel, the md/md-llbitmap path suffers a logic error where llbitmap_suspend_timeout() times out waiting for percpu_ref to reach zero and returns -ETIMEDOUT without resurrecting percpu_ref. This leaves the page control structure in a killed state, potentiall...
CVE-2026-45962
The CVE affects the Linux kernel ublk driver, where ublk_ctrl_cmd_dump() could access (header *)sqe->cmd before checking IO_URING_F_SQE128, enabling out-of-bounds memory access. The mitigation is to check the SQE128 flag earlier in ublk_ctrl_uring_cmd() and return -EINVAL if not set. Several s...