14097 matches found
CVE-2025-39933
CVE-2025-39933 affects the Linux kernel SMB client: recv_done verification of data_offset, data_length and remaining_data_length (a local‑vector issue). The vulnerability is acknowledged in multiple advisories (e.g., RHSA-2026:1727, ALSA-2026:0793, RLSA advisories) and is linked to kernel fixes i...
CVE-2025-39938
The CVE-2025-39938 issue is a NULL pointer dereference in ASoC/qcom: q6apm-lpass-dais when the source graph fails (e.g., ADSP/topology rejection). The bug can cause a crash during snd_soc_pcm_dai_prepare due to dai_data->graph[dai->id] being NULL. The Linux kernel has been updated to fix th...
CVE-2025-39948
The CVE-2025-39948 issue is in the Linux kernel ice driver’s RX path for multi-buffer/XDP frames. A zero-size descriptor could cause ice_put_rx_mbuf() to skip a buffer, preventing ice_put_rx_buf() and leaving a stale page in the RX ring. This could break page reuse/free logic (ice_reuse_rx_page) ...
CVE-2025-39956
Mode C: The CVE-2025-39956 entry concerns the Linux kernel igc driver: if igc_led_setup() fails during igc_probe(), the probe previously failed and could trigger a kernel panic in free_netdev() due to unregister_netdev() not being called. The published fixes treat LED setup failures as non-fatal,...
CVE-2025-40005
The CVE-2025-40005 entry concerns the Linux kernel’s cadence-quadspi driver. Technical detail from connected documents shows that the vulnerability arises when the indirect read/write path and force device removal (unbind) could crash the kernel during operation. The fix implements a refcount to ...
CVE-2025-68333
The CVE-2025-68333 issue affects the Linux kernel, specifically a potential deadlock in sched_ext deferred_irq_workfn() on PREEMPT_RT=y configurations. The root cause is that deferred_irq_workfn() could run in a non-disable-irq context, leading to a lock sequence like lock(&rq->__lock); interr...
CVE-2025-71072
CVE-2025-71072 : In the Linux kernel, a rename/recovery issue in shmem was fixed. The root cause affected how maple_tree insertions and simple_offset_rename() pathways handled memory pressure and failure paths, including simple_offset_rename_exchange(). The fix involves how shmem_rename2() pre-in...
CVE-2025-71092
Summary : The CVE-2025-71092 entry corresponds to a Linux kernel issue in RDMA/bnxt_re where an OOB write occurred during hw_stats allocation in bnxt_re_copy_err_stats(). The root cause was that three counters (BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, BNXT_RE_RESP_REMOTE_ACCESS_ERRS) were a...
CVE-2025-71144
The CVE-2025-71144 issue is in the Linux kernel’s MPTCP code path, where after a commit, if the MPC subflow is already TCP_CLOSE or falls back to TCP, mptcp_do_fastclose() may skip setting the send_fastclose flag, causing __mptcp_close_ssk() to stop resetting the subflow context. Consequently, a ...
CVE-2025-71190
CVE-2025-71190 refers to a Linux kernel vulnerability in the DMA Engine, specifically the bcm-sba-raid driver. The issue is a device reference leak that can occur during probe, leading to leaked mailbox device references if probe fails or driver is unbound. The fixed code drops the reference to t...
CVE-2025-71234
CVE-2025-71234: Linux kernel rtl8xxxu slab-out-of-bounds in rtl8xxxu_sta_add fixed by setting hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during probe to correctly allocate per-station data. Issue caused mac80211 to access sta->drv_priv beyond allocated space; KASAN showed a slab-...
CVE-2025-71236
CVE-2025-71236: Linux kernel fix for scsi: qla2xxx: Validate sp before freeing associated memory. Root cause was a NULL pointer dereference in the qla2xxx fabric scan/error handling path, leading to a kernel crash. The issue is addressed by checking that sp is non-NULL before freeing memory; mult...
CVE-2025-71266
The CVE-2025-71266 entry concerns the Linux kernel ntfs3 filesystem. A malformed directory entry in NTFS3 could trigger an infinite loop in indx_find during lookups, repeatedly reading the same block and allocating 4 KB per iteration, causing memory exhaustion and potential DoS. The vulnerability...
CVE-2025-71294
The CVE-2025-71294 entry is tied to the Linux kernel AMDGPU DRM path. The root cause is a NULL pointer issue in buffer_funcs when the SDMA block is not enabled, leading to potential failure/availability impact. A patch fixes buffer_funcs initialization, mitigating the issue; multiple OSV entries ...
CVE-2025-71307
In the Linux kernel drm/panthor driver, CVE-2025-71307 is a NULL pointer dereference that occurred in panthor_fw_unplug when the MCU could be in various states or the FW was not loaded/initialized. The fix removes the MCU halt-and-wait during unplug, since waiting for halt may be unsafe if the MC...
CVE-2025-71312
CVE-2025-71312 concerns a Linux kernel NTFS3 file system leak. The issue occurs in ntfs_fill_super() when fc->fs_private is set to NULL without freeing the memory it points to, causing ntfs_fs_free() to skip freeing the ntfs_mount_options structure. A resulting kmemleak report (unreferenced ob...
CVE-2026-22987
CVE-2026-22987 concerns the Linux kernel net/sched subsystem. The issue arises when tcf_idrinfo_destroy() can pass an ERR_PTR(-EBUSY) as a tc_action pointer during netns teardown, leading to a dereference of an error pointer in tc_act_in_hw(). The fix adds a guard to skip ERR_PTR entries while it...
CVE-2026-23077
CVE-2026-23077 concerns a Linux kernel mm/vma anon_vma UAF during mremap() of faulted adjacent VMAs. The issue spanned three adjacency cases (prev/next both unfaulted, and combos with faulted adjacent), and the patch series fixes incorrect anon_vma merging and missing fork checks, including self-...
CVE-2026-23083
CVE-2026-23083 is a Linux kernel vulnerability affecting FOU (IPv4/IPv6 over UDP) handling, where setting FOU_ATTR_IPPROTO to 0 could leave the skb unfreed in fou_udp_recv() and not retried in ip_protocol_deliver_rcu(). The fix suppresses 0 for FOU_ATTR_IPPROTO and applies upstream patching to pr...
CVE-2026-23090
The CVE-2026-23090 entry concerns a Slimbus core device reference leak in the Linux kernel. The root cause is improper handling of device references when processing report-present messages, allowing dynamic Slimbus device allocations without correctly dropping references for previously registered...
CVE-2026-23093
Summary (CVE-2026-23093) : In the Linux kernel, the ksmbd: smbd DMA unmapping path uses dma_unmap_sg() with a different number of entries than dma_map_sg(), which is the root cause of the vulnerability. The fix ensures dma_unmap_sg() is called with the same nents as dma_map_sg(). According to the...
CVE-2026-23095
CVE-2026-23095 affects the Linux kernel Gue (GUE) path. It describes a skb memory leak when inner IP protocol is 0, triggered by a GUE repro. The issue arises because gue_udp_recv() may propagate a zero protocol, causing a memory leak; the fix drops such packets. The description notes that 0 is a...
CVE-2026-23096
CVE-2026-23096 affects the Linux kernel UACCE accelerator framework (uacce). The issue is in the cleanup path: if cdev_device_add fails, the kernel releases the cdev memory, and later a cdev_device_del could hang. The fix adds a check on the return value of cdev_device_add and clears uacce->cd...
CVE-2026-23102
CVE-2026-23102 affects the ARM64/Linux kernel path arm64/fpsimd: signal, where restoring SVE signal context with SME enabled can put a task into an invalid state. The vulnerability allows out-of-bounds memory reads or a potential fatal fault, or task termination via SIGKILL, if SVE signal data is...
CVE-2026-23107
CVE-2026-23107 describes a Linux kernel issue in arm64/fpsimd where restoring a ZA (Streaming/SME) context could leave sve_state NULL if allocated late, causing a NULL pointer dereference when the kernel stores register state if TIF_SME is set. The root cause is that restore_za_context() failed t...
CVE-2026-23115
CVE-2026-23115 concerns the Linux kernel serial subsystem. The issue is a race where tty->port may not be linked before uart_configure_port is invoked, allowing user-space to open a console without a linked TTY and risking a crash. The fix notes that tty_port_link_device() is not redundant and...
CVE-2026-23146
Technical details for CVE-2026-23146 are not provided in the supplied connected documents; the materials only reference the vulnerability as part of Ubuntu/Mageia/Oracle advisories. Monitor for updates.
CVE-2026-23150
Technical details about CVE-2026-23150 are not publicly provided in the supplied documents. The description mentions a memory leak fix in NFC LLCP, but no vendor/product/version specifics or remediation steps are included here. Monitor for updates.
CVE-2026-23155
CVE-2026-23155 affects the Linux kernel; it fixes a gs_usb_receive_bulk_callback path in can: gs_usb by correcting error messaging and resubmission handling. The patch adds null initialization for netdev when reads are short and未assigned, and reports the failed resubmit error value. This is a loc...
CVE-2026-23165
CVE-2026-23165 affects the Linux kernel sfc (Solarflare) network driver. The issue is a deadlock when reading RSS config with ethtool -x because the driver locks the net_device rss_lock that is already held by the core; the fix is to remove the driver-side lock acquisition (deadlock avoidance). P...
CVE-2026-23236
Technical details about CVE-2026-23236 are not publicly provided in the supplied documents; advisories reference kernel fixes but do not specify affected components, versions, or impact. Monitor for updates.
CVE-2026-23248
CVE-2026-23248 affects the Linux kernel perf/core component, specifically the perf_mmap path that initializes a ring_buffer. The issue is a race between a failing mmap() setup and a concurrent mmap() on a dependent event (e.g., due to output redirection). The ring_buffer pointer (event->rb) is...
CVE-2026-23254
CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...
CVE-2026-23279
CVE-2026-23279 concerns the Linux kernel’s wifi/mac80211 mesh code. The issue is a NULL pointer dereference in mesh_rx_csa_frame() when the Mesh Channel Switch Parameters IE (IE 118) is absent; elems->mesh_chansw_params_ie can be NULL after mesh_matches_local(), yet code dereferences it uncond...
CVE-2026-23290
CVE-2026-23290 affects the Linux kernel’s USB pegasus driver: it validates endpoints before bind, preventing binding if the device lacks expected URBs. Exploitation is LOCAL with LOW PRV requirement; impact is a potential crash/denial due to access to endpoints. The issue has been fixed upstream ...
CVE-2026-23296
CVE-2026-23296 affects the Linux kernel SCSI core, specifically a refcount leak in tagset_refcnt that can cause a hang when tearing down a SCSI host (e.g., iscsid hang during SCSI scanning). The vulnerability is local in nature with a base score of 5.5 (MEDIUM); exploitation details are not provi...
CVE-2026-23306
The CVE-2026-23306 issue affects Linux kernel SCSI pm8001 code. A refactor of pm8001_queue_command() to return -ENODEV in phy-down/device-gone states could inadvertently free the SAS task twice: pm8001_queue_command() would free the underlying SAS task, then libsas sas_ata_qc_issue() would attemp...
CVE-2026-23321
CVE-2026-23321 relates to the Linux kernel MPTCP subsystem (mptcp: pm: in-kernel: always mark signal+subflow endp as used). The vulnerability was addressed in the upstream kernel by patching endp handling in the PM code, reducing warning/usage inconsistencies when signaling ADD_ADDRs and subflows...
CVE-2026-23360
CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...
CVE-2026-23361
CVE-2026-23361 affects the Linux kernel PCIe design (dwc: ep) where a posted MSI-X write may race with ATU unmapping, potentially corrupting host memory or triggering IOMMU errors. The mitigation described in the public description is to flush the write by performing a readl() on the same address...
CVE-2026-23371
CVE-2026-23371 (Linux kernel SCHED_DEADLINE) details (from provided docs): The vulnerability arose when a SCHED_DEADLINE task (often a lock holder) moved to a lower class via sched_setscheduler() and failed to inherit the donor DEADLINE parameters, risking bandwidth accounting corruption because ...
CVE-2026-23373
CVE-2026-23373 affects the Linux kernel wifi: rsi driver. The issue arises in rsi_mac80211_config where it should default to a zero value but instead uses -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init and diverging from other drivers’ behavior. Multiple sources describe the vulnerab...
CVE-2026-23415
The CVE-2026-23415 issue affects the Linux kernel futex subsystem. A race occurs between futex_key_to_node_opt() reading vma->vm_policy under speculative mmap lock/RCU and mbind() calling vma_replace_policy(), which can free the old mempolicy via kmem_cache_free(). This leads to a use-after-fr...
CVE-2026-23420
CVE-2026-23420 affects the Linux kernel wlcore Wi‑Fi driver. The issue is a locking-order bug where wl->mutex could be unlocked without being held, as identified by a Clang thread-safety analyzer. This is associated with potential synchronization instability; patches exist in Rootio‑Linux pack...
CVE-2026-23427
Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...
CVE-2026-23461
CVE-2026-23461: In the Linux kernel Bluetooth L2CAP, l2cap_register_user() and l2cap_unregister_user() did not consistently acquire conn->lock, creating a race with l2cap_conn_del() that can access conn->users and conn->hchan concurrently. This caused use-after-free and list corruption. ...
CVE-2026-23464
CVE-2026-23464 concerns the Linux kernel vulnerability in the Microchip PolarFire SoC mpfs driver. The issue is a memory leak in mpfs_sys_controller_probe(): if of_get_mtd_device_by_node() fails, the function returns early without freeing allocated memory for sys_controller. The fix routes error ...
CVE-2026-31406
The CVE-2026-31406 issue is a race in the Linux kernel xfrm path during network cleanup. After cancel_delayed_work_sync() is invoked from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes states and __xfrm_state_delete() calls xfrm_nat_keepalive_state_updated(), which can re-schedule nat_k...
CVE-2026-31412
The CVE-2026-31412 vulnerability exists in the Linux kernel USB gadget f_mass_storage implementation, where an unchecked left shift of data_size_from_cmnd by blkbits could overflow, truncating data size and enabling memory corruption or out-of-bounds access. The root cause is lack of overflow val...
CVE-2026-31424
CVE-2026-31424 concerns a Linux kernel netfilter xtables extension handling bug for NFPROTO_ARP. The issue arises because xt_match/xt_target structs registered with NFPROTO_UNSPEC could be loaded by any protocol family via nft_compat, and ARP’s hook layout differs from IPv4/IPv6. When a match/tar...