14095 matches found
CVE-2026-43396
In the Linux kernel, the vulnerability CVE-2026-43396 is in the drm/xe/sync path. When dma_fence_chain_alloc() fails, the user fence reference is not released, causing a memory leak. Documented across multiple sources (Red Hat, SUSE, Ubuntu, Debian OSV entries, and NVD), the issue is fixed by the...
CVE-2026-43403
CVE-2026-43403 concerns the Linux kernel nsfs component. The issue arises from insufficient permission checks in ns iteration ioctls, potentially allowing a privileged service to view information from other privileged services and perform information disclosure. Multiple sources (Red Hat, Debian,...
CVE-2026-43418
CVE-2026-43418 describes a race in the Linux kernel sched/mmcid subsystem: when new tasks are created concurrently, a newly forked task is counted as an MMCID user before it is visible in thread and task lists, which can lead to an incorrect CID allocation and potentially a machine stall. The mit...
CVE-2026-43445
CVE-2026-43445 is a Linux kernel vulnerability in the e1000/e1000e drivers (and potentially igbvf) where a DMA mapping error cleanup leak could occur. The root cause was an off-by-one condition in the dma_error path: count was decremented before the loop, so if any TX buffer mappings succeeded be...
CVE-2026-43446
CVE-2026-43446 affects the Linux kernel in the accel/amdxdna driver. A runtime suspend deadlock could occur if a running job calls pm_runtime_resume_and_get() while the system is suspending; the deadlock arises between the runtime suspend path and the job execution flow. The fix moves pm_runtime_...
CVE-2026-43473
CVE-2026-43473 affects the Linux kernel's mpi3mr SCSI driver. The vulnerability occurs when the driver cleans up resources and the reply/request queues are NULL due to memory being freed after a failed queue creation. The cleanup code may then dereference or mem-set freed memory, causing a system...
CVE-2026-43481
The CVE-2026-43481 issue affects the Linux kernel net-shapers component. The vulnerability arises because, on genlmsg_reply() failure, the reply skb could be freed twice (the code path freed or nlmsg_free(msg) after genlmsg_reply() and in all return paths). The root cause is that netlink_unicast(...
CVE-2026-43486
CVE-2026-43486 – Linux kernel (arm64 contpte) details: The issue arises from contpte_ptep_set_access_flags() using a gathered ptep_get() to detect no-ops, which, in CONT ranges, can misreport a target as updated when a sibling sub-PTE still has PTE_RDONLY or lacks PTE_AF. This can trigger false n...
CVE-2026-45851
CVE-2026-45851 targets the Linux kernel EFI subsystem. The vulnerability arises in the reserve_unaccepted() memblock reservation: it aligns the table size but does not account for cases where the table’s start (efi.unaccepted) is not page-aligned. If the table begins mid-page and ends across the ...
CVE-2026-45891
CVE-2026-45891: Linux kernel hns3 driver double-free vulnerability. Root cause: in hns3_set_ringparam(), a temporary copy (tmp_rings) is used for rollback, but the tx_spare pointer in the original ring isn’t cleared after backup, leading to a stale non-NULL tx_spare. If allocation fails during hn...
CVE-2026-45967
CVE-2026-45967 : In the Linux kernel, vulnerability in the BPF instruction array map due to the function map_direct_value_addr() adding an offset to the resulting address. The issue has been resolved with a fix that corrects the address calculation, and corresponding selftests were added in a fol...
CVE-2026-45971
The CVE-2026-45971 issue affects the Linux kernel BPF component where allowing large BPF program signature sizes enabled costly allocations (kmalloc_large/vmalloc), risking resource exhaustion and DoS. The vulnerability is described as resolved in the Linux kernel via fixes under the patch set “b...
CVE-2026-45977
The CVE-2026-45977 issue affects the Linux kernel fbnic driver. A race in handling firmware logs can cause a use‑after‑free: fw_log is written in fbnic_fw_log_write() and can be accessed from the mailbox handler fbnic_fw_msix_intr(), but the log data is freed during IRQ/MBX teardown, potentially ...
CVE-2026-46034
CVE-2026-46034 affects the Linux kernel VFIO/PCI MSI handling: a NULL pointer dereference can occur in vfio_cdx_set_msi_trigger() if interrupts are triggered before MSIs are configured. The openSUSE Tumbleweed OpenSUSE-SU-2026:10954-1 advisory documents the fix in kernel-devel-7.0.11-1.1, noting ...
CVE-2026-46045
Technical details for CVE-2026-46045 are not provided in the connected documents. Affected products/versions and patch information are not specified. Monitor vendor advisories and CVE sources for updates.
CVE-2026-46060
CVE-2026-46060 : In the Linux kernel crypto: qat path, IRQ cleanup on 6xxx probe failure can race during partial adf_dev_up() completion. When adf_isr_resource_alloc() has registered IRQ handlers (eg qat0-bundle0) and then probe fails, devres may tear down MSI-X vectors via pci_free_irq_vectors w...
CVE-2026-46061
Summary: CVE-2026-46061 is a Linux kernel issue in jbd2/journal handling that can cause an ABBA deadlock when filesystem blocksize is smaller than pagesize. The root cause is a lock-order conflict introduced by switching to __find_get_block_nonatomic() which can hold folio and buffer locks in the...
CVE-2026-46071
CVE-2026-46071 concerns Linux kernel KVM/nSVM behavior where svm_copy_lbrs() marks VMCB_LBR dirty, and nested_svm_vmexit() copies LBRs to vmcb12; clearing VMCB_LBR dirty bits in vmcb12 was not architecturally defined. The fix moves vmcb_mark_dirty() back to callers and drops it for vmcb12, enabli...
CVE-2026-46100
CVE-2026-46100 concerns the Linux kernel AFS subsystem where a change to mmap_prepare() could leak a refcount when a merge or allocation failure occurs after the call. The public descriptions across multiple sources indicate a partial revert of the change that converted generic_file_mmap() users ...
CVE-2026-46248
CVE-2026-46248 pertains to the Linux kernel ath12k Wi‑Fi driver. When an arvif (Access Point Virtual Interface) is initialized in non-AP STA mode and MLO connection setup fails before arvif->is_created becomes true, the error path can leave a stale ahvif->links_map entry and, on reusing the...
CVE-2026-46249
The CVE-2026-46249 issue affects the Linux kernel octeontx2-af PF driver. During a kexec reboot, the old AF state may persist if the PF driver probes before AF reinitializes, and if the RVUM block revision is not cleared on shutdown, PF can mis-detect AF readiness and access stale hardware, leadi...
CVE-2026-46258
The CVE-2026-46258 issue is in the Linux kernel’s gpio: cdev module, where in linehandle_create() a NULL dereference could occur when lh is dereferenced after a retain_and_null_ptr(lh). The vulnerability is resolved by avoiding the dereference and using handlereq.lines, which holds the same value...
CVE-2026-46260
The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...
CVE-2026-46268
The CVE relates to the Linux kernel PCI/P2PDMA subsystem. A warning in p2pmem_alloc_mmap() was triggered by an assertion VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) after the initial page refcount was changed to zero by a prior patch. The issue arises only when CONFIG_DEBUG_VM is enabled, produci...
CVE-2026-53202
The CVE-2026-53202 issue affects the Linux kernel component accel/ivpu in IPC receive handling. It describes a signed integer truncation when data_size from firmware is cast to a signed int, leading to a potential unsigned wraparound with large values (≥ 0x80000000). This could enable oversized m...
CVE-2022-50239
CVE-2022-50239 refers to a Linux kernel issue in the cpufreq: qcom driver where a string literal stored in read-only memory was used as a destination for snprintf, causing an oops by writing into RO memory. The root cause was using a char *pvs_name pointing to a RO string and attempting snprintf(...
CVE-2022-50250
CVE-2022-50250 — Linux kernel regulator core use_count leakage (boot-on) . The advisory describes a leakage where, when a regulator rdev (A) is boot-on, enabling its supply regulator (B) increments B’s use_count inside regulator_enable(rdev->supply). If B is also boot-on, it behaves as always-...
CVE-2022-50254
The CVE-2022-50254 issue concerns the Linux kernel component for ov8865 support. The vulnerability arises from an error handling path in ov8865_probe() where new error handling could bypass existing cleanup, risking resource leaks. The connected documents indicate this was fixed in the Linux kern...
CVE-2022-50258
CVE-2022-50258 – Linux kernel wifi/brcmfmac stack-out-of-bounds fix The vulnerability is in brcmfmac when handling a non‑null‑terminated firmware version string passed to strsep() via brcmf_c_preinit_dcmds(). The code path writes the firmware version into a buffer via memcpy() and previously coul...
CVE-2022-50281
CVE-2022-50281 concerns a leak in the Linux kernel’s SGI-IP27 mips platform-bridge handling. The vulnerability occurs in bridge_platform_create() where, on error after calling platform_device_add()/platform_device_add_data()/platform_device_add_resources(), the failed device (pdev) must be releas...
CVE-2022-50292
The CVE-2022-50292 entry concerns the Linux kernel DRM MSM DP bridge lifetime issue. Device-managed resources allocated after component bind must be tied to the lifetime of the aggregate DRM device; if not, resources may leak or binding may fail on retry. For DP bridges, bridges allocated earlier...
CVE-2022-50297
CVE-2022-50297 concerns the Linux kernel driver for ath9k USB wireless devices. The issue arises when a USB device claims to be ATH9K but does not expose the endpoints the driver expects; specifically, an interrupt endpoint is presented where a bulk endpoint is anticipated. This mismatch can caus...
CVE-2022-50328
CVE-2022-50328 affects the Linux kernel component jbd2. It describes a use-after-free in jbd2_fc_wait_bufs caused by using bh after releasing the buffer head reference, with the recommended fix: validate uptodate status of the buffer before putting the buffer head reference count. The incident is...
CVE-2022-50329
CVE-2022-50329 affects the Linux kernel’s block/bfq subsystem. The root cause was a use-after-free: bfqq could be freed in bfq_exit_icq_bfqq() and then used in bic_set_bfqq(), leading to UAF. The fix reorders operations by moving bfq_exit_bfqq() behind bic_set_bfqq(), preventing the invalid access.
CVE-2022-50334
CVE-2022-50334: In the Linux kernel, hugetlbfs_parse_param() dereferenced param->string when a zero-length fs parameter could yield null, due to vfs_parse_fs_string setting string to NULL. This NULL-ptr-deref was triggered when illegal parameters like size=, were parsed. The fix adds a sanity ...
CVE-2022-50379
CVE-2022-50379 involves the Linux kernel btrfs quota handling. The issue occurs during quota enabling: after committing the transaction, the quota_root is assigned and BTRFS_FS_QUOTA_ENABLED is set, then the code starts the qgroup rescan worker via qgroup_rescan_init(). If that init fails, the qu...
CVE-2022-50393
CVE-2022-50393 affects the Linux kernel in the AMDGPU SDMA update path. The root cause is SDMA updating page tables from an unlocked context, triggering a warning in dma_resv_iter_next and related functions (amdgpu_vm_sdma_update, amdgpu_vm_ptes_update, etc.). The issue is mitigated by using an u...
CVE-2022-50404
CVE-2022-50404 is a Linux kernel vulnerability affecting fbdev/fbcon where a memory leak could occur in fbcon_do_set_font() due to buffer handling when vc_resize() fails; the buffer might be newly allocated by fbcon_set_font() and released only partially. The issue was fixed in the kernel (as not...
CVE-2022-50424
CVE-2022-50424 affects the Linux kernel WiFi driver for MT7921 (mt76/mt7921). The issue is a resource leak in mt7921_check_offload_capability() where a fw/allocated storage goes out of scope, leaking memory. The vulnerability is described as resolved/fixed via a Coverity-related fix (Addresses-Co...
CVE-2022-50427
CVE-2022-50427 is confirmed as fixed in the provided connected documents. The issue was in the Linux kernel ALSA: ac97 path, where in snd_ac97_dev_register() a failure of device_register() could leak the name allocated by dev_set_name() if put_device() was not invoked to drop the reference. The d...
CVE-2022-50429
CVE-2022-50429 affects the Linux kernel memory/OF subtree. The issue is a refcount leak in of_lpddr3_get_ddr_timings() caused by not balancing refcounts when breaking out of for_each_child_of_node(). The fix adds of_node_put() at the exit path to balance refcounts. Connected advisories (SUSE OSVs...
CVE-2022-50447
The CVE pertains to the Linux kernel Bluetooth subsystem. A crash in the HCI path occurs when connecting multiple ISO sockets without DEFER_SETUP, caused by a NULL pointer dereference in hci_create_cis_sync, leading to a KASAN crash. The vulnerability is described in CVE-2022-50447 as fixed by th...
CVE-2022-50483
CVE-2022-50483 affects the Linux kernel ENETC path handling XDP redirects. The vulnerability arises from race conditions and incorrect page reference counting in enetc_flip_rx_buff() around xdp_do_redirect() failure, which could cause buffer leaks when processing RX descriptors. The fixed approac...
CVE-2022-50484
CVE-2022-50484 affects the Linux kernel ALSA USB audio driver. The vulnerability is a memory leak when -ENOMEM occurs during URB/buffer allocation inside the sync EP URB loop, where ep->nurbs remained 0 and partially allocated URBs could be left unreleased. The fix initializes ep->nurbs ear...
CVE-2022-50491
Technical details about CVE-2022-50491 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2022-50499
Linux kernel (media/dvb-core) contains a double free in dvb_register_device() when dvb_create_media_entity() fails and the caller frees dvb->entity again via dvb_media_device_free(), potentially causing a Use After Free in media_device_unregister_entity(). The fix, as described in CVE-2022-504...
CVE-2022-50504
CVE-2022-50504 (Linux kernel, powerpc/rtas) : Root cause is unsafe handling of a busy status from the ibm,os-term RTAS function via rtas_busy_delay(), which can cause a kernel panic and invalid-context sleep. The fix (as stated in the description) is to stop using rtas_busy_delay() and instead ca...
CVE-2022-50506
The CVE-2022-50506 entry is supported by multiple connected documents showing a Linux kernel issue in DRBD code: during drbd_req_new, a bio is conditionally allocated based on backing device, but device->ldev->backing_bdev was not NULL-checked, causing a NULL pointer dereference when the DR...
CVE-2022-50507
CVE-2022-50507 : Linux kernel ntfs3 data run offset validation bug. The issue arises from insufficient sanity checks when unpacking NTFS data runs, potentially enabling a use-after-free or out-of-bounds memory access during mount operations. The vulnerability is fixed by adding data-run offset va...
CVE-2022-50511
CVE-2022-50511 : In the Linux kernel, the vulnerability is fixed in the fonts code path. Specifically, the issue arises from shifting a signed 32-bit value by 31 bits in get_default_font within lib/fonts, which is undefined behavior. The patch converts the operation to an unsigned branch to avoid...