Lucene search
K
LinuxLinux Kernel

14097 matches found

CVE
CVE
added 2025/10/04 7:30 a.m.20 views

CVE-2025-39933

CVE-2025-39933 affects the Linux kernel SMB client: recv_done verification of data_offset, data_length and remaining_data_length (a local‑vector issue). The vulnerability is acknowledged in multiple advisories (e.g., RHSA-2026:1727, ALSA-2026:0793, RLSA advisories) and is linked to kernel fixes i...

5.5CVSS6.2AI score0.0012EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.20 views

CVE-2025-39938

The CVE-2025-39938 issue is a NULL pointer dereference in ASoC/qcom: q6apm-lpass-dais when the source graph fails (e.g., ADSP/topology rejection). The bug can cause a crash during snd_soc_pcm_dai_prepare due to dai_data->graph[dai->id] being NULL. The Linux kernel has been updated to fix th...

5.5CVSS6AI score0.00136EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.20 views

CVE-2025-39948

The CVE-2025-39948 issue is in the Linux kernel ice driver’s RX path for multi-buffer/XDP frames. A zero-size descriptor could cause ice_put_rx_mbuf() to skip a buffer, preventing ice_put_rx_buf() and leaving a stale page in the RX ring. This could break page reuse/free logic (ice_reuse_rx_page) ...

5.5CVSS5.9AI score0.00135EPSS
CVE
CVE
added 2025/10/09 9:47 a.m.20 views

CVE-2025-39956

Mode C: The CVE-2025-39956 entry concerns the Linux kernel igc driver: if igc_led_setup() fails during igc_probe(), the probe previously failed and could trigger a kernel panic in free_netdev() due to unregister_netdev() not being called. The published fixes treat LED setup failures as non-fatal,...

5.5CVSS6AI score0.00151EPSS
CVE
CVE
added 2025/10/20 3:26 p.m.20 views

CVE-2025-40005

The CVE-2025-40005 entry concerns the Linux kernel’s cadence-quadspi driver. Technical detail from connected documents shows that the vulnerability arises when the indirect read/write path and force device removal (unbind) could crash the kernel during operation. The fix implements a refcount to ...

5.5CVSS6AI score0.00181EPSS
CVE
CVE
added 2025/12/22 4:14 p.m.20 views

CVE-2025-68333

The CVE-2025-68333 issue affects the Linux kernel, specifically a potential deadlock in sched_ext deferred_irq_workfn() on PREEMPT_RT=y configurations. The root cause is that deferred_irq_workfn() could run in a non-disable-irq context, leading to a lock sequence like lock(&rq->__lock); interr...

5.5CVSS6.1AI score0.00092EPSS
CVE
CVE
added 2026/01/13 3:31 p.m.20 views

CVE-2025-71072

CVE-2025-71072 : In the Linux kernel, a rename/recovery issue in shmem was fixed. The root cause affected how maple_tree insertions and simple_offset_rename() pathways handled memory pressure and failure paths, including simple_offset_rename_exchange(). The fix involves how shmem_rename2() pre-in...

5.5CVSS6AI score0.00121EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.20 views

CVE-2025-71092

Summary : The CVE-2025-71092 entry corresponds to a Linux kernel issue in RDMA/bnxt_re where an OOB write occurred during hw_stats allocation in bnxt_re_copy_err_stats(). The root cause was that three counters (BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, BNXT_RE_RESP_REMOTE_ACCESS_ERRS) were a...

7.8CVSS6.3AI score0.00112EPSS
CVE
CVE
added 2026/01/14 3:8 p.m.20 views

CVE-2025-71144

The CVE-2025-71144 issue is in the Linux kernel’s MPTCP code path, where after a commit, if the MPC subflow is already TCP_CLOSE or falls back to TCP, mptcp_do_fastclose() may skip setting the send_fastclose flag, causing __mptcp_close_ssk() to stop resetting the subflow context. Consequently, a ...

5.5CVSS6.1AI score0.00116EPSS
CVE
CVE
added 2026/01/31 11:42 a.m.20 views

CVE-2025-71190

CVE-2025-71190 refers to a Linux kernel vulnerability in the DMA Engine, specifically the bcm-sba-raid driver. The issue is a device reference leak that can occur during probe, leading to leaked mailbox device references if probe fails or driver is unbound. The fixed code drops the reference to t...

5.5CVSS5.7AI score0.00183EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.20 views

CVE-2025-71234

CVE-2025-71234: Linux kernel rtl8xxxu slab-out-of-bounds in rtl8xxxu_sta_add fixed by setting hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during probe to correctly allocate per-station data. Issue caused mac80211 to access sta->drv_priv beyond allocated space; KASAN showed a slab-...

7.8CVSS5.3AI score0.0012EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.20 views

CVE-2025-71236

CVE-2025-71236: Linux kernel fix for scsi: qla2xxx: Validate sp before freeing associated memory. Root cause was a NULL pointer dereference in the qla2xxx fabric scan/error handling path, leading to a kernel crash. The issue is addressed by checking that sp is non-NULL before freeing memory; mult...

5.5CVSS5.2AI score0.00118EPSS
CVE
CVE
added 2026/03/18 10:5 a.m.20 views

CVE-2025-71266

The CVE-2025-71266 entry concerns the Linux kernel ntfs3 filesystem. A malformed directory entry in NTFS3 could trigger an infinite loop in indx_find during lookups, repeatedly reading the same block and allocating 4 KB per iteration, causing memory exhaustion and potential DoS. The vulnerability...

5.5CVSS5.7AI score0.00118EPSS
CVE
CVE
added 2026/05/06 11:32 a.m.20 views

CVE-2025-71294

The CVE-2025-71294 entry is tied to the Linux kernel AMDGPU DRM path. The root cause is a NULL pointer issue in buffer_funcs when the SDMA block is not enabled, leading to potential failure/availability impact. A patch fixes buffer_funcs initialization, mitigating the issue; multiple OSV entries ...

5.5CVSS5.9AI score0.00127EPSS
CVE
CVE
added 2026/05/27 12:14 p.m.20 views

CVE-2025-71307

In the Linux kernel drm/panthor driver, CVE-2025-71307 is a NULL pointer dereference that occurred in panthor_fw_unplug when the MCU could be in various states or the FW was not loaded/initialized. The fix removes the MCU halt-and-wait during unplug, since waiting for halt may be unsafe if the MC...

5.5CVSS5.7AI score0.00137EPSS
CVE
CVE
added 2026/05/27 12:24 p.m.20 views

CVE-2025-71312

CVE-2025-71312 concerns a Linux kernel NTFS3 file system leak. The issue occurs in ntfs_fill_super() when fc->fs_private is set to NULL without freeing the memory it points to, causing ntfs_fs_free() to skip freeing the ntfs_mount_options structure. A resulting kmemleak report (unreferenced ob...

5.5CVSS5.8AI score0.00137EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.20 views

CVE-2026-22987

CVE-2026-22987 concerns the Linux kernel net/sched subsystem. The issue arises when tcf_idrinfo_destroy() can pass an ERR_PTR(-EBUSY) as a tc_action pointer during netns teardown, leading to a dereference of an error pointer in tc_act_in_hw(). The fix adds a guard to skip ERR_PTR entries while it...

5.5CVSS5.3AI score0.00103EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23077

CVE-2026-23077 concerns a Linux kernel mm/vma anon_vma UAF during mremap() of faulted adjacent VMAs. The issue spanned three adjacency cases (prev/next both unfaulted, and combos with faulted adjacent), and the patch series fixes incorrect anon_vma merging and missing fork checks, including self-...

7.8CVSS5.3AI score0.00134EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23083

CVE-2026-23083 is a Linux kernel vulnerability affecting FOU (IPv4/IPv6 over UDP) handling, where setting FOU_ATTR_IPPROTO to 0 could leave the skb unfreed in fou_udp_recv() and not retried in ip_protocol_deliver_rcu(). The fix suppresses 0 for FOU_ATTR_IPPROTO and applies upstream patching to pr...

7.8CVSS5.2AI score0.00129EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23090

The CVE-2026-23090 entry concerns a Slimbus core device reference leak in the Linux kernel. The root cause is improper handling of device references when processing report-present messages, allowing dynamic Slimbus device allocations without correctly dropping references for previously registered...

5.5CVSS5.2AI score0.00123EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23093

Summary (CVE-2026-23093) : In the Linux kernel, the ksmbd: smbd DMA unmapping path uses dma_unmap_sg() with a different number of entries than dma_map_sg(), which is the root cause of the vulnerability. The fix ensures dma_unmap_sg() is called with the same nents as dma_map_sg(). According to the...

5.5CVSS5.1AI score0.00123EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23095

CVE-2026-23095 affects the Linux kernel Gue (GUE) path. It describes a skb memory leak when inner IP protocol is 0, triggered by a GUE repro. The issue arises because gue_udp_recv() may propagate a zero protocol, causing a memory leak; the fix drops such packets. The description notes that 0 is a...

7.5CVSS5.2AI score0.00239EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23096

CVE-2026-23096 affects the Linux kernel UACCE accelerator framework (uacce). The issue is in the cleanup path: if cdev_device_add fails, the kernel releases the cdev memory, and later a cdev_device_del could hang. The fix adds a check on the return value of cdev_device_add and clears uacce->cd...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23102

CVE-2026-23102 affects the ARM64/Linux kernel path arm64/fpsimd: signal, where restoring SVE signal context with SME enabled can put a task into an invalid state. The vulnerability allows out-of-bounds memory reads or a potential fatal fault, or task termination via SIGKILL, if SVE signal data is...

7.1CVSS5.5AI score0.00117EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.20 views

CVE-2026-23107

CVE-2026-23107 describes a Linux kernel issue in arm64/fpsimd where restoring a ZA (Streaming/SME) context could leave sve_state NULL if allocated late, causing a NULL pointer dereference when the kernel stores register state if TIF_SME is set. The root cause is that restore_za_context() failed t...

5.5CVSS5.4AI score0.00126EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.20 views

CVE-2026-23115

CVE-2026-23115 concerns the Linux kernel serial subsystem. The issue is a race where tty->port may not be linked before uart_configure_port is invoked, allowing user-space to open a console without a linked TTY and risking a crash. The fix notes that tty_port_link_device() is not redundant and...

4.7CVSS5.2AI score0.00074EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.20 views

CVE-2026-23146

Technical details for CVE-2026-23146 are not provided in the supplied connected documents; the materials only reference the vulnerability as part of Ubuntu/Mageia/Oracle advisories. Monitor for updates.

5.5CVSS5.2AI score0.00123EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.20 views

CVE-2026-23150

Technical details about CVE-2026-23150 are not publicly provided in the supplied documents. The description mentions a memory leak fix in NFC LLCP, but no vendor/product/version specifics or remediation steps are included here. Monitor for updates.

5.5CVSS5.2AI score0.00115EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.20 views

CVE-2026-23155

CVE-2026-23155 affects the Linux kernel; it fixes a gs_usb_receive_bulk_callback path in can: gs_usb by correcting error messaging and resubmission handling. The patch adds null initialization for netdev when reads are short and未assigned, and reports the failed resubmit error value. This is a loc...

5.5CVSS5.2AI score0.00115EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.20 views

CVE-2026-23165

CVE-2026-23165 affects the Linux kernel sfc (Solarflare) network driver. The issue is a deadlock when reading RSS config with ethtool -x because the driver locks the net_device rss_lock that is already held by the core; the fix is to remove the driver-side lock acquisition (deadlock avoidance). P...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2026/03/04 2:36 p.m.20 views

CVE-2026-23236

Technical details about CVE-2026-23236 are not publicly provided in the supplied documents; advisories reference kernel fixes but do not specify affected components, versions, or impact. Monitor for updates.

7.3CVSS5.8AI score0.00206EPSS
CVE
CVE
added 2026/03/18 10:5 a.m.20 views

CVE-2026-23248

CVE-2026-23248 affects the Linux kernel perf/core component, specifically the perf_mmap path that initializes a ring_buffer. The issue is a race between a failing mmap() setup and a concurrent mmap() on a dependent event (e.g., due to output redirection). The ring_buffer pointer (event->rb) is...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/03/18 5:41 p.m.20 views

CVE-2026-23254

CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...

5.5CVSS5.4AI score0.00114EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.20 views

CVE-2026-23279

CVE-2026-23279 concerns the Linux kernel’s wifi/mac80211 mesh code. The issue is a NULL pointer dereference in mesh_rx_csa_frame() when the Mesh Channel Switch Parameters IE (IE 118) is absent; elems->mesh_chansw_params_ie can be NULL after mesh_matches_local(), yet code dereferences it uncond...

5.5CVSS5.8AI score0.00136EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.20 views

CVE-2026-23290

CVE-2026-23290 affects the Linux kernel’s USB pegasus driver: it validates endpoints before bind, preventing binding if the device lacks expected URBs. Exploitation is LOCAL with LOW PRV requirement; impact is a potential crash/denial due to access to endpoints. The issue has been fixed upstream ...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.20 views

CVE-2026-23296

CVE-2026-23296 affects the Linux kernel SCSI core, specifically a refcount leak in tagset_refcnt that can cause a hang when tearing down a SCSI host (e.g., iscsid hang during SCSI scanning). The vulnerability is local in nature with a base score of 5.5 (MEDIUM); exploitation details are not provi...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23306

The CVE-2026-23306 issue affects Linux kernel SCSI pm8001 code. A refactor of pm8001_queue_command() to return -ENODEV in phy-down/device-gone states could inadvertently free the SAS task twice: pm8001_queue_command() would free the underlying SAS task, then libsas sas_ata_qc_issue() would attemp...

7.8CVSS5.6AI score0.00126EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23321

CVE-2026-23321 relates to the Linux kernel MPTCP subsystem (mptcp: pm: in-kernel: always mark signal+subflow endp as used). The vulnerability was addressed in the upstream kernel by patching endp handling in the PM code, reducing warning/usage inconsistencies when signaling ADD_ADDRs and subflows...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23360

CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23361

CVE-2026-23361 affects the Linux kernel PCIe design (dwc: ep) where a posted MSI-X write may race with ATU unmapping, potentially corrupting host memory or triggering IOMMU errors. The mitigation described in the public description is to flush the write by performing a readl() on the same address...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23371

CVE-2026-23371 (Linux kernel SCHED_DEADLINE) details (from provided docs): The vulnerability arose when a SCHED_DEADLINE task (often a lock holder) moved to a lower class via sched_setscheduler() and failed to inherit the donor DEADLINE parameters, risking bandwidth accounting corruption because ...

5.5CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23373

CVE-2026-23373 affects the Linux kernel wifi: rsi driver. The issue arises in rsi_mac80211_config where it should default to a zero value but instead uses -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init and diverging from other drivers’ behavior. Multiple sources describe the vulnerab...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/04/02 11:40 a.m.20 views

CVE-2026-23415

The CVE-2026-23415 issue affects the Linux kernel futex subsystem. A race occurs between futex_key_to_node_opt() reading vma->vm_policy under speculative mmap lock/RCU and mbind() calling vma_replace_policy(), which can free the old mempolicy via kmem_cache_free(). This leads to a use-after-fr...

7.8CVSS5.7AI score0.00124EPSS
CVE
CVE
added 2026/04/03 1:24 p.m.20 views

CVE-2026-23420

CVE-2026-23420 affects the Linux kernel wlcore Wi‑Fi driver. The issue is a locking-order bug where wl->mutex could be unlocked without being held, as identified by a Clang thread-safety analyzer. This is associated with potential synchronization instability; patches exist in Rootio‑Linux pack...

5.5CVSS5.7AI score0.00091EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.20 views

CVE-2026-23427

Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...

9.8CVSS5.8AI score0.0029EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.20 views

CVE-2026-23461

CVE-2026-23461: In the Linux kernel Bluetooth L2CAP, l2cap_register_user() and l2cap_unregister_user() did not consistently acquire conn->lock, creating a race with l2cap_conn_del() that can access conn->users and conn->hchan concurrently. This caused use-after-free and list corruption. ...

8.8CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.20 views

CVE-2026-23464

CVE-2026-23464 concerns the Linux kernel vulnerability in the Microchip PolarFire SoC mpfs driver. The issue is a memory leak in mpfs_sys_controller_probe(): if of_get_mtd_device_by_node() fails, the function returns early without freeing allocated memory for sys_controller. The fix routes error ...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/04/06 7:38 a.m.20 views

CVE-2026-31406

The CVE-2026-31406 issue is a race in the Linux kernel xfrm path during network cleanup. After cancel_delayed_work_sync() is invoked from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes states and __xfrm_state_delete() calls xfrm_nat_keepalive_state_updated(), which can re-schedule nat_k...

7.8CVSS5.7AI score0.00159EPSS
CVE
CVE
added 2026/04/10 10:35 a.m.20 views

CVE-2026-31412

The CVE-2026-31412 vulnerability exists in the Linux kernel USB gadget f_mass_storage implementation, where an unchecked left shift of data_size_from_cmnd by blkbits could overflow, truncating data size and enabling memory corruption or out-of-bounds access. The root cause is lack of overflow val...

5.5CVSS5.8AI score0.0017EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.20 views

CVE-2026-31424

CVE-2026-31424 concerns a Linux kernel netfilter xtables extension handling bug for NFPROTO_ARP. The issue arises because xt_match/xt_target structs registered with NFPROTO_UNSPEC could be loaded by any protocol family via nft_compat, and ARP’s hook layout differs from IPv4/IPv6. When a match/tar...

5.5CVSS5.7AI score0.00117EPSS
Total number of security vulnerabilities14097