CVE-2023-53616

CVE-2023-53616 affects the Linux kernel’s JFS IMAP unmount path. The issue is a double-free during diUnmount in jfs_imap.c where JFS_IP(ipimap)->i_imap is freed but not nulled, risking a subsequent free if remounts fail at diMount. The root cause is i_imap not being set to NULL after free, pot...

CVE-2023-53592

In CVE-2023-53592, the Linux kernel GPIO driver for sifive contains a refcount leak in sifive_gpio_probe. Specifically, of_irq_find_parent() returns a node pointer with an incremented refcount, and the bug fixes by ensuring of_node_put() is called when the pointer is no longer needed. The fix pre...

CVE-2023-53594

CVE-2023-53594 is a Linux kernel driver-core resource leak in device_add(): if kobject_add() fails, dev->kobj.parent is set to NULL, causing a leak in resource cleanup and potentially insmod failure for mac80211_hwsim. The initial description and EulerOS/SUSE advisories confirm the vulnerabili...

CVE-2023-53600

CVE-2023-53600 relates to the Linux kernel, where a KASAN slab-out-of-bounds condition could occur when the kernel emits an ICMP error in response to a nonlinear skb in tunnels (e.g., VXLAN PMTU path). The root cause is that ip_compute_csum() cannot handle nonlinear skbs, leading to a read of siz...

CVE-2023-53609

CVE-2023-53609 affects Linux kernel’s SCSI subsystem. The vulnerability stems from atomic_inc(&cmd->device->iorequest_cnt) in scsi_queue_rq(), which could access a freed scsi_device after scsi_dispatch_cmd() returns, risking kernel panic. The patch reverts the changes introduced by commit c...

CVE-2023-53610

The CVE-2023-53610 issue affects the Linux kernel and is tied to irqchip/refcount handling in platform_irqchip_probe. Specifically, of_irq_find_parent() returns a node pointer with an incremented refcount, and the advisory notes that of_node_put() must be invoked when the node is no longer needed...

CVE-2023-53613

CVE-2023-53613 : Local, kernel-level use-after-free in the dax subsystem of the Linux kernel (dax_mapping_release) during removal of a device-dax region. The issue arises from freeing ida objects and releasing a parent object, risking use-after-free on dax_mapping_release timing. A fix is provide...

CVE-2023-53614

Summary: CVE-2023-53614 affects the Linux kernel in the mm/ksm path, where exit_mmap() may teardown VMAs and the maple tree while mmap_lock is held, risking a destroyed maple tree being dereferenced. The fix ensures maple tree validity by checking ksm_test_exit() after obtaining mmap_lock in read...

CVE-2023-53615

CVE-2023-53615 : In the Linux kernel, a race in the qla2xxx SCSI session deletion path could allow a session to be queued for deletion twice, leading to a link-list corruption and a system crash when using a debug kernel. The root cause is double-queuing of the same port for deletion on different...

CVE-2023-53619

Summary (CVE-2023-53619): Linux kernel netfilter conntrack may use a freed nf_ct_helper_hash when nf_conntrack_init_start() fails and nf_conntrack_helpers_register() runs later, leading to a use-after-free and potential memory corruption. The issue occurs on builds with NF_CONNTRACK enabled and c...

CVE-2023-53646

CVE-2023-53646 affects the Linux kernel (drm/i915/perf) on Intel i915 perf paths. The issue arises from a global-out-of-bounds in xehp_is_valid_b_counter_addr due to how arrays are passed to reg_in_range_table; a sentinel was added to xehp_oa_b_counters to terminate the table, addressing a KASAN ...

CVE-2023-53649

CVE-2023-53649 concerns a memory-leak in the Linux kernel related to perf trace. The described fix corrects how the evsel->priv area is freed: previously, freeing occurred only when evsel->tp_format->system compared to 'syscalls' yielded zero, but evsel->priv could be non-zero in othe...

CVE-2023-53650

CVE-2023-53650 : In the Linux kernel, the fbdev: omapfb lcd_mipid path fixes an error path in mipid_spi_probe. If mipid_detect() fails, the code must free the allocated md to avoid a memory leak. Affects the fbdev/omapfb mipid probe code; underlying impact is a potential memory leak on failure. T...

CVE-2023-53669

The CVE-2023-53669 vulnerability affects the Linux kernel’s skb_copy_ubufs handling for BIG TCP payloads. The root cause was an assumption that payload could be copied using up to MAX_SKB_FRAGS order-0 pages, which breaks when BIG TCP can hold up to 512 KB per skb, causing crashes in TCP TX zeroc...

CVE-2023-53678

CVE-2023-53678 concerns the Linux kernel, specifically the drm/i915 driver, where system suspend could crash on platforms without fbdev initialized. The root cause described in the documents is a suspend path involving intel_fbdev_set_suspend during device suspend, leading to a NULL pointer deref...

CVE-2023-53683

Technical details about CVE-2023-53683 are not publicly provided in the connected documents. Monitor for updates from vendor advisories and security feeds to obtain affected products, versions, impact, and remediation when available.

CVE-2025-39740

The CVE-2025-39740 entry concerns a Linux kernel vulnerability in the DRM XE migration path. It describes a potential use-after-free (UAF) scenario if a fence_wait is performed after the previous fence has already been put(), on the error path. The fix changes the control flow so that the put() i...

CVE-2025-39896

CVE-2025-39896 (Linux kernel, open-source) The vulnerability affects the ivpu driver in the kernel’s accel path. It arises from recovery work being queued during device removal, potentially allowing use-after-free if recovery code accesses freed resources. The fix replaces cancel_work_sync() with...

CVE-2025-39904

Summary: The CVE-2025-39904 issue affects the Linux kernel’s kexec path for arm64 (and riscv per the patch set). A kexec_buf structure was previously declared without full initialization, and a field added by a prior patch could be read uninitialized on some architectures, triggering UBSAN invali...

CVE-2025-39908

CVE-2025-39908 : The Linux kernel vulnerability relates to the net: dev_ioctl: take ops lock in hwtstamp lower paths. The issue stems from hwtstamp callbacks not consistently running under the per-device ops lock in lower get/set paths; a patch in progress converts legacy ioctl flows to ndo_hwtst...

CVE-2025-39921

The CVE affects the Linux kernel driver spi-microchip-core-qspi. During probe, op->max_freq is not valid (zero) in the supports_op callback, causing baud_rate_val to be INT_MAX and risking probe failure of the attached memory device. The root cause is that the per-op frequency switch logic add...

CVE-2025-68823

CVE-2025-68823: Linux kernel ublk deadlock when reading partition table. If a process (e.g., udev) opens a ublk block device to read the partition table via bdev_open(), a deadlock can occur because blkdev_release() re-acquires disk->open_mutex in the same context. The fix disables bottom halv...

CVE-2025-71071

In CVE-2025-71071, the Linux kernel iommu/mediatek driver had a use-after-free risk during probe deferral when larb devices were not yet bound. The issue arose from dropping references to larb devices taken during probe on success and on errors, potentially allowing a use-after-free if probe is d...

CVE-2025-71076

Technical details for CVE-2025-71076 are not publicly provided in the supplied documents. Monitor for updates for affected products, versions, exploitability, and remediation specifics.

CVE-2025-71077

In the Linux kernel vulnerability CVE-2025-71077, tpm2_get_pcr_allocation() did not cap the number of PCR banks, allowing out-of-bounds values to cause more than minimal harm. The fix caps the limit to eight banks, limiting potential damage from external I/O. The issue affects the TPM/PCR allocat...

CVE-2025-71078

CVE-2025-71078 describes a Linux kernel fix for a SLB multihit issue on hash MMU POWERPC 64s. The root cause is a mismatch between the hardware SLB and the software preload cache when the kernel optimizes switch_mm_irqs_off by not calling switch_mmu_context() if prev and next mm_struct are the sa...

CVE-2025-71105

CVE-2025-71105 documents a Linux kernel issue in f2fs where two slab caches (f2fs_xattr_entry-7:3 and f2fs_xattr_entry-7:7) with identical slab sizes cause kmem_cache_sanity_check warnings during mount operations. The root cause is using per-sb slab caches instead of a single global slab, leading...

CVE-2025-71114

CVE-2025-71114 relates to the VIA watchdog driver in the Linux kernel. The driver uses allocate_resource() to reserve a MMIO region for the watchdog control register, but the resource lacked a name, causing the kernel resource tree to contain a entry under /proc/iomem on x86. During boot, this u...

CVE-2025-71115

CVE-2025-71115 pertains to the Linux kernel where cpu_tasks[] is not initialized early enough, causing a NULL current in certain init paths (notably with KCOV enabled) and potential crashes. The available connected docs confirm the vulnerability arises from initializing cpu_tasks[] in uml_finishs...

CVE-2025-71125

CVE-2025-71125 affects the Linux kernel tracing subsystem. Synthetic events lack a function to register perf events, causing a NULL function pointer to be passed to tracepoint register logic and triggering a kernel warning in tracepoint_add_func. The patch replaces this path with a -ENODEV return...

CVE-2025-71129

The CVE-2025-71129 entry documents a LoongArch kernel issue where kfunc calls did not sign-extend their arguments properly, risking kernel panic. The fix introduces a new emit_abi_ext() helper that performs in-place extension (distinct from sign_extend()) to ensure LoongArch calling conventions a...

CVE-2025-71130

CVE-2025-71130 affects the Linux kernel drm/i915/gem path. The vulnerability was fixed by zero-initializing the eb.vma array (eb->vma[i].vma) to NULL when the eb structure is set up, ensuring all entries start NULL and are properly cleared if eb_add_vma() or related steps fail. The fix prevent...

CVE-2025-71136

CVE-2025-71136 affects the Linux kernel’s media: adv7842 path. The vulnerability arises when cp_read() or hdmi_read() return -EIO and these values are used as indexes in arrays within adv7842_cp_log_status(), causing possible out-of-bounds accesses. The issue is resolved by adding checks on retur...

CVE-2025-71142

CVE-2025-71142 : In the Linux kernel, a warning is triggered when disabling a remote cpuset partition under certain CPU-hotplug scenarios, due to an incorrect relationship between effective_xcpus and subpartitions_cpus. The fix per the advisory and related documents changes the warning logic to o...

CVE-2025-71146

CVE-2025-71146 affects the Linux kernel, specifically the netfilter nf_conncount subsystem. The issue is a leak of ct (connection tracking) objects in error paths where the refcounted check was skipped and the function returned early. The root cause, per the description, is that the refcounted ch...

CVE-2025-71159

CVE-2025-71159 relates to a Linux kernel vulnerability in the Btrfs filesystem. The issue is a memory-ordering/race condition in btrfs_get_or_create_delayed_node(), where the delayed_node refcount was set before acquiring the root->delayed_nodes lock, allowing stores to node->refs and btrfs...

CVE-2025-71183

CVE-2025-71183 (Linux kernel, btrfs) : The issue arises during rename exchanges where directories involved may not have their last_unlink_trans updated, causing the log replay path to miss a conflicting inode in the log tree. After a power failure, this can trigger an incorrect deletion attempt o...

CVE-2025-71204

CVE-2025-71204 concerns the Linux kernel SMB server (ksmbd) due to a refcount leak in parse_durable_handle_context. The issue occurs when a replay operation returns -ENOEXE C and the file ksmbd_file refcount is not released, as described in the initial document. The provided connected documents d...

CVE-2025-71232

CVE-2025-71232 details (Linux kernel, qla2xxx): The vulnerability stems from freeing an sp pointer in the error path of the qla2xxx SCSI driver, which could cause a system crash during load/unload loops. The provided evidence shows a crash trace and a fix in the kernel code path (free sp in the e...

CVE-2025-71274

CVE-2025-71274 concerns the Linux kernel rpmsg core. A race existed between driver_override_show() and driver_override_store(): the show path read the driver_override string without holding the device_lock, while the store path modified and freed it while the lock was held, enabling a use-after-f...

CVE-2025-71289

Summary: CVE-2025-71289 affects the Linux kernel NTFS3 driver. The issue occurs when truncating files: if attr_set_size() fails, the error is silently ignored and the inode may be left in an inconsistent state, potentially impacting data integrity. The NVD entry lists a local, low-complexity atta...

CVE-2025-71295

The CVE targets the Linux kernel’s memory/file I/O path. In fs/buffer, try_to_free_buffers() could be invoked on folios with no attached buffers when filemap_release_folio() runs on a mapping with AS_RELEASE_ALWAYS but without a release_folio operation. This caused folio_needs_release() to return...

CVE-2025-71297

The provided CVE-2025-71297 stems from the Linux kernel wifi driver stack (rtw88/rtw8822b). The issue occurs when rtw8822b_set_antenna() is invoked from userspace while the wireless chip is powered off, causing rtw8822b_config_trx_mode() to read RF registers and trigger a WARNING. The patch ensur...

CVE-2025-71298

In CVE-2025-71298, the Linux kernel fix targets drm_gem_shmem_madvise_locking: the GEM object reservation lock is now held around the madvise path to correct locking in shmem tests. The update exposes a dedicated helper drm_gem_shmem_madvise() for Kunit tests (not intended as a driver interface)....

CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

CVE-2026-23008

CVE-2026-23008 affects the Linux kernel drm/vmwgfx path on HW version 10. The issue arises in KMS with 3D on HW10 when there are no GB Surfaces and no backing buffer for surface-backed framebuffers, leading to a possible NULL dereference and a driver crash that can cause a black screen. A fix was...

CVE-2026-23065

CVE-2026-23065 is a Linux kernel issue affecting the x86/amd platform where a tmp buffer allocated in wbrf_record() is leaked on error in acpi_evaluate_dsm(). The vulnerability’s root cause is a memory leak in the error path, fixed by explicitly freeing the tmp buffer in the error handling path o...

CVE-2026-23107

CVE-2026-23107 describes a Linux kernel issue in arm64/fpsimd where restoring a ZA (Streaming/SME) context could leave sve_state NULL if allocated late, causing a NULL pointer dereference when the kernel stores register state if TIF_SME is set. The root cause is that restore_za_context() failed t...

CVE-2026-23124

CVE-2026-23124 is a Linux kernel IPv6 data-race issue in ndisc_router_discovery() where reads/writes to in6_dev->ra_mtu occur without proper synchronization. The race can occur during router advertisement MTU handling (mtu checks are noted but not yet enforced); the fix adds READ_ONCE()/WRITE_...

CVE-2026-23135

CVE-2026-23135 affects the Linux kernel in the wifi ath12k driver. The issue arises in dma_free_coherent() pointer handling: dma_alloc_coherent() stores addresses in XXX_unaligned fields, but those addresses are not consistently reused when freeing the buffer. The vulnerability is resolved by pat...