13692 matches found
CVE-2025-71204
CVE-2025-71204 concerns the Linux kernel SMB server (ksmbd) due to a refcount leak in parse_durable_handle_context. The issue occurs when a replay operation returns -ENOEXE C and the file ksmbd_file refcount is not released, as described in the initial document. The provided connected documents d...
CVE-2025-71232
CVE-2025-71232 details (Linux kernel, qla2xxx): The vulnerability stems from freeing an sp pointer in the error path of the qla2xxx SCSI driver, which could cause a system crash during load/unload loops. The provided evidence shows a crash trace and a fix in the kernel code path (free sp in the e...
CVE-2025-71274
CVE-2025-71274 concerns the Linux kernel rpmsg core. A race existed between driver_override_show() and driver_override_store(): the show path read the driver_override string without holding the device_lock, while the store path modified and freed it while the lock was held, enabling a use-after-f...
CVE-2025-71289
Summary: CVE-2025-71289 affects the Linux kernel NTFS3 driver. The issue occurs when truncating files: if attr_set_size() fails, the error is silently ignored and the inode may be left in an inconsistent state, potentially impacting data integrity. The NVD entry lists a local, low-complexity atta...
CVE-2025-71295
The CVE targets the Linux kernel’s memory/file I/O path. In fs/buffer, try_to_free_buffers() could be invoked on folios with no attached buffers when filemap_release_folio() runs on a mapping with AS_RELEASE_ALWAYS but without a release_folio operation. This caused folio_needs_release() to return...
CVE-2025-71297
The provided CVE-2025-71297 stems from the Linux kernel wifi driver stack (rtw88/rtw8822b). The issue occurs when rtw8822b_set_antenna() is invoked from userspace while the wireless chip is powered off, causing rtw8822b_config_trx_mode() to read RF registers and trigger a WARNING. The patch ensur...
CVE-2025-71298
In CVE-2025-71298, the Linux kernel fix targets drm_gem_shmem_madvise_locking: the GEM object reservation lock is now held around the madvise path to correct locking in shmem tests. The update exposes a dedicated helper drm_gem_shmem_madvise() for Kunit tests (not intended as a driver interface)....
CVE-2025-71299
CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...
CVE-2026-23008
CVE-2026-23008 affects the Linux kernel drm/vmwgfx path on HW version 10. The issue arises in KMS with 3D on HW10 when there are no GB Surfaces and no backing buffer for surface-backed framebuffers, leading to a possible NULL dereference and a driver crash that can cause a black screen. A fix was...
CVE-2026-23065
CVE-2026-23065 is a Linux kernel issue affecting the x86/amd platform where a tmp buffer allocated in wbrf_record() is leaked on error in acpi_evaluate_dsm(). The vulnerability’s root cause is a memory leak in the error path, fixed by explicitly freeing the tmp buffer in the error handling path o...
CVE-2026-23107
CVE-2026-23107 describes a Linux kernel issue in arm64/fpsimd where restoring a ZA (Streaming/SME) context could leave sve_state NULL if allocated late, causing a NULL pointer dereference when the kernel stores register state if TIF_SME is set. The root cause is that restore_za_context() failed t...
CVE-2026-23135
CVE-2026-23135 affects the Linux kernel in the wifi ath12k driver. The issue arises in dma_free_coherent() pointer handling: dma_alloc_coherent() stores addresses in XXX_unaligned fields, but those addresses are not consistently reused when freeing the buffer. The vulnerability is resolved by pat...
CVE-2026-23137
CVE-2026-23137 (Linux kernel). In unittest_data_add() a memory leak could occur if of_resolve_phandles() failed, leaving unittest_data allocated. The fix uses a scope-based cleanup helper (__free(kfree)) to automatically free unittest_data on error paths, and retain_and_null_ptr() on the success ...
CVE-2026-23232
The CVE-2026-23232 entry pertains to the Linux kernel and the f2fs file system. According to the connected data, a patch intended to enable a block cache/DIO write during f2fs_enable_checkpoint() was reverted because the original patch could cause a deadlock. The revert sequence involves lock ord...
CVE-2026-23250
CVE-2026-23250 is a Linux kernel vulnerability in the XFS code path. The issue arises from not checking the return value of xchk_scrub_create_subord, which could yield an ENOMEM mangling the flow. The fix updates xchk_scrub_create_subord to return NULL on allocation failure and adjusts callers to...
CVE-2026-23255
The connected Amazon Linux advisory confirms CVE-2026-23255 is a Linux kernel vulnerability where /proc/net/ptype lacked proper RCU protection. The fix adds an explicit device pointer tracking and ensures RCU-compliant reads in ptype_seq_show(), with full READ_ONCE protection in ptype_seq_next() ...
CVE-2026-23256
CVE-2026-23256 relates to the Linux kernel and fixes an off-by-one error in the VF setup_nic_devices() cleanup (net: liquidio) that could leak memory. The Root:Ubuntu and Ubuntu OSV entries confirm patches in rootio-linux for Ubuntu 24.04 and 22.04 with multiple fixed kernel versions (e.g., kerne...
CVE-2026-23271
CVE-2026-23271 affects the Linux kernel perf subsystem. The vulnerability arises from a race between __perf_event_overflow() and perf_remove_from_context() where __perf_event_overflow() may run with only preemption disabled for some callchains, allowing a race against perf_event_exit_event() and ...
CVE-2026-23272
CVE-2026-23272 affects the Linux kernel netfilter nf_tables component. The issue arises when inserting into a full set: the code increments set->nelems and publishes a new element before the RCU grace period, allowing an RCU reader to observe a partially updated element. The description notes ...
CVE-2026-23276
CVE-2026-23276 fixes a recursion vulnerability in the Linux kernel networking stack. When a bonded interface in broadcast mode has GRE tunnel slaves, multicast/broadcast traffic could trigger infinite recursion between bond_xmit_broadcast() and ip_tunnel_xmit()/ip6_tnl_xmit(), risking a kernel st...
CVE-2026-23278
CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...
CVE-2026-23279
CVE-2026-23279 concerns the Linux kernel’s wifi/mac80211 mesh code. The issue is a NULL pointer dereference in mesh_rx_csa_frame() when the Mesh Channel Switch Parameters IE (IE 118) is absent; elems->mesh_chansw_params_ie can be NULL after mesh_matches_local(), yet code dereferences it uncond...
CVE-2026-23282
CVE-2026-23282 affects the Linux kernel SMB client (smb2_unlink). The root cause is uninitialised iov structures when SMB2_open_init() or SMB2_close_init() fails (e.g., on reconnect), which can cause oopses when SMB2_open_free(), SMB2_close_free(), or smb2_set_related() are invoked. The fix initi...
CVE-2026-23285
CVE-2026-23285 is a Linux kernel vulnerability fixed in the DRBD path: in drbd_request_endio(), READ_COMPLETED_WITH_ERROR can pass a NULL peer_device to __req_mod(), leading to a null pointer dereference inside drbd_set_out_of_sync(). The mitigation described in the advisory is to obtain the peer...
CVE-2026-23286
CVE-2026-23286 affects the Linux kernel ATM LANE implementation. The root cause is a potential null pointer dereference in lec_arp_clear_vccs when multiple ARP entries share the same VCC: after the first entry frees vpriv and clears vcc->user_back, a subsequent entry may dereference a NULL vpr...
CVE-2026-23307
CVE-2026-23307 concerns the Linux kernel CAN/EMS USB code, where ems_usb_read_bulk_callback() failed to validate message lengths, reading beyond buffers because actual_length can exceed the expected transfer_buffer_length, risking overflow when parsing messages. The root cause is insufficient len...
CVE-2026-23308
CVE-2026-23308 concerns a Linux kernel pinctrl equilibrium warning trace on load. The issue arises because eqbr_irq_mask() calls gpiochip_disable_irq() and eqbr_irq_ack() is also invoked, causing a warning for every GPIO during load. A fix was implemented by not using eqbr_irq_mask() and eqbr_irq...
CVE-2026-23327
The CVE-2026-23327 issue is a Linux kernel vulnerability in the CXL mailbox driver (cxl/mbox). The root cause is that cxl_payload_from_user_allowed() casts and dereferences the user payload without validating its size, allowing an undersized mailbox command to trigger a read past the allocated bu...
CVE-2026-23330
Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...
CVE-2026-23345
The CVE-2026-23345 issue affects the Linux kernel on ARM64 with Graphics Control System (GCS) mappings when FEAT_LPA2 is enabled. The root cause is incorrect handling of PTE_SHARED bits in GCS memory mappings, which can trigger a kernel panic (DoS) due to a bad page table translation. The recomme...
CVE-2026-23347
CVE-2026-23347 : Linux kernel vulnerability where the read bulk callback in the USB can driver (f81604) failed to anchor the urb before submitting in the anchor pattern. This could lead to urb leakage if usb_kill_anchored_urbs() is invoked. The issue is addressed by anchoring the urb in the read ...
CVE-2026-23348
Summary of a Linux kernel CVE (CVE-2026-23348) : The issue is a race condition in the CXL/NVDIMM subsystem where NVDIMM objects reprobe after cxl_acpi removal can occur with the nvdimm_bus object missing, leading to a NULL pointer dereference and potential system crash (DoS). Affected area center...
CVE-2026-23351
CVE-2026-23351 affects the Linux kernel netfilter nft_set_pipapo data type. The issue is a use-after-free in the pipapo set when many elements are expired and the commit-time garbage collection (GC) can run for a long time in a non-preemptible context, triggering soft lockups and RCU stalls. The ...
CVE-2026-23352
CVE-2026-23352 affects Linux kernel's x86 EFI code: efi_free_boot_services() defers freeing of EFI_BOOT_SERVICES memory, but memblock_free_late() is not suitable for reserved memory and may miss uninitialized memory maps when CONFIG_DEFERRED_STRUCT_PAGE_INIT=y. This can cause a RAM leak (~140 MB ...
CVE-2026-23358
CVE-2026-23358 affects the Linux kernel drm/amdgpu driver. The issue arises during slot reset error handling where an uninitialized hive pointer could be used to decide flow at the error path, potentially leading to accessing an uninitialized list. The fix initializes the list and hive properly a...
CVE-2026-23359
CVE-2026-23359 stems from a Linux kernel bug in BPF devmap handling. get_upper_ifindexes() could write upper-device indices beyond the allocated stack, because the code assumed MAX_NEST_DEV (8) bounds, but the number of upper devices (e.g., many macvlan) could exceed that. The result is a stack-o...
CVE-2026-23363
The CVE-2026-23363 issue affects the Linux kernel wifi driver stack, specifically the mt7925 component of the mt76 driver. A missing frame-length check in mt7925_mac_write_txwi_80211() could allow out-of-bounds access to management fields, potentially impacting system stability. The vulnerability...
CVE-2026-23370
CVE-2026-23370 concerns a Linux kernel vulnerability in platform/x86: dell-wmi-sysman where set_new_password() hex dumps the buffer containing plaintext passwords (including current/new passwords). The issue could leak credentials locally and is mitigated by removing the hex dump; upstream kernel...
CVE-2026-23373
CVE-2026-23373 affects the Linux kernel wifi: rsi driver. The issue arises in rsi_mac80211_config where it should default to a zero value but instead uses -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init and diverging from other drivers’ behavior. Multiple sources describe the vulnerab...
CVE-2026-23379
CVE-2026-23379 affects the Linux kernel net/sched ETS offload path. The root cause was an overflow in WRR weight computation (q_sum, q_psum) due to using 32-bit unsigned integers, which could lead to division by zero. The documented fix is to switch q_sum and q_psum to 64-bit integers, preventing...
CVE-2026-23417
CVE-2026-23417 affects the Linux kernel BPF component where PROBE_MEM32 immediate stores (BPF_ST|BPF_PROBE_MEM32) were not blinded by the JIT constant-blinding path. The root cause is that convert_ctx_accesses() rewrites BPF_ST|BPF_MEM to BPF_ST|BPF_PROBE_MEM32 during verification, but the blindi...
CVE-2026-23420
CVE-2026-23420 affects the Linux kernel wlcore Wi‑Fi driver. The issue is a locking-order bug where wl->mutex could be unlocked without being held, as identified by a Clang thread-safety analyzer. This is associated with potential synchronization instability; patches exist in Rootio‑Linux pack...
CVE-2026-23425
CVE-2026-23425 (Linux kernel KVM arm64) — The issue stems from non-protected pKVM guests where the hypervisor copies only the KVM_ARCH_FLAG_ID_REGS_INITIALIZED flag from the host to the hypervisor during pkvm_init_features_from_host, while the actual id_regs data are not initialized. This can cau...
CVE-2026-23427
Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...
CVE-2026-23428
CVE-2026-23428 affects the Linux kernel ksmbd component handling SMB2. The root cause is a use-after-free when reusing work->tcon in compound SMB2 requests: after a prior command (e.g., SMB2_TREE_DISCONNECT) sets t_state to TREE_DISCONNECTED and ksmbd_share_config_put() frees share_conf, subse...
CVE-2026-23430
The CVE-2026-23430 issue affects the Linux kernel DRM/vmwgfx component, where the KMS surface dirty tracker was being overwritten, leading to a memory leak. The vulnerability has been resolved in the kernel by correcting this behavior. Connected sources confirm the root cause and the fix are impl...
CVE-2026-23442
The CVE-2026-23442 issue affects the Linux kernel’s IPv6 SRv6 handling. Specifically, __in6_dev_get() may return NULL when a device has no IPv6 configuration (e.g., MTU too small or after NETDEV_UNREGISTER), which could lead to NULL pointer dereferences in seg6_hmac_validate_skb() and ipv6_srh_rc...
CVE-2026-23448
Vulnerability summary (CVE-2026-23448). In the Linux kernel, the net: usb: cdc_ncm path has a bounds-check defect related to NDP16/DPE16 processing. The function cdc_ncm_rx_verify_ndp16() correctly accounts for the NDP offset in the first check, but the second check ignores ndpoffset when validat...
CVE-2026-23451
The CVE-2026-23451 issue affects the Linux kernel bonding subsystem. The vulnerability arises in bond_header_parse(), which can enter an infinite loop when a stack of two bonding devices is configured because skb->dev may point to the hierarchy top. The fix adds a new parameter, const struct n...
CVE-2026-23457
CVE-2026-23457 affects the Linux kernel netfilter nf_conntrack_sip parser (sip_help_tcp). The issue arises from parsing the SIP Content-Length header: the code uses simple_strtoul() return value (unsigned long) but stores it in an unsigned int clen, allowing truncation on 64-bit systems when Cont...