13692 matches found
CVE-2026-43262
CVE-2026-43262 stems from a Linux kernel gfs2 fiemap page fault: gfs2_fiemap() calls iomap_fiemap() while holding the inode glock, risking recursive glock taking if the fiemap buffer maps to the same inode. The fix disables page faults for iomap_fiemap() and faults in the buffer by hand when need...
CVE-2026-43265
CVE-2026-43265 affects the Linux kernel KVM for x86. The vulnerability arises when a vCPU is put into a blocking state with an already-injected event or nested run, allowing a user or guest to manipulate vCPU state and trigger a spurious userspace exit (often KVM_EXIT_UNKNOWN) that could crash th...
CVE-2026-43268
Summary: CVE-2026-43268 concerns the Linux kernel where the hfsplus filesystem may incorrectly treat certain special inodes as regular files. The root cause is a mismatch in inode type handling for VFS operations after the may_open() adjustment, causing some inodes not to be treated as their true...
CVE-2026-43285
Linux kernel mm/slab: do not access current->mems_allowed_seq if !allow_spin. The issue arises when get_from_any_partial() runs in NMI context, since seqcount_spinlock_t is not NMI-safe and can trigger a deadlock in the write/read sequence. Affected code path can lead to inconsistent lock stat...
CVE-2026-43291
CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...
CVE-2026-43293
CVE-2026-43293: Linux kernel wave5 media driver in polling mode fixes a race between hrtimer cancellation and kthread worker destruction. The wave5_vpu_timer_callback() queues work via kthread_queue_work(), and destroying the worker before cancelling the hrtimer could let the timer fire during de...
CVE-2026-43296
The CVE-2026-43296 case affects the Linux kernel driver octeontx2-af, where the NIX SQ manager sticky mode can stall when multiple SQs share an SMQ and transmit concurrently, and transitions between sticky and non-sticky transmissions can deadlock the PSE, with additional credit drops when clocks...
CVE-2026-43322
CVE-2026-43322 is a Linux kernel vulnerability in Bluetooth HCI sync handling (le_read_features_complete). The issue is a use-after-free (UAF) caused by freeing hci_conn after le_read_features_complete has been initiated but before it completes, allowing hci_cmd_sync_dequeue to fail to prevent th...
CVE-2026-43331
Summary of details (CVE-2026-43331): In the Linux kernel, a KCOV instrumentation issue in the x86/kexec path is resolved by disabling KCOV for the affected areas. The root cause is that load_segments() changes segment registers and invalidates the GS base KCOV relies on for per-CPU data, causing ...
CVE-2026-43347
The CVE-2026-43347 details a Linux kernel arm64 Monaco issue where firmware mistakenly reports a Gunyah hypervisor memory region as available. The kernel may allocate from hypervisor-owned memory, causing spurious ESR=0x96000010 aborts and kernel crashes. The fix adds a reserved-memory carveout f...
CVE-2026-43355
CVE-2026-43355 affects the Linux kernel bh1780 light sensor driver (iio: light). The root cause is a PM runtime reference-count leak: pm_runtime_put_autosuspend() was not guaranteed to run after pm_runtime_get_sync() if the read operation failed. The fixed response moves the autosuspend call befo...
CVE-2026-43364
Summary (CVE-2026-43364) : In the Linux kernel ublk subsystem, a local attacker can trigger a NULL pointer dereference by sending UPDATE_SIZE to a ublk device that has been added but not started, or that has been stopped. The root cause is missing state validation in ublk_ctrl_set_size(), which d...
CVE-2026-43371
The CVE-2026-43371 details the Linux kernel macb driver fault where disabling transmit resets tx_head/tx_tail to 0, causing silent loss of queued packets, memory leaks, and race conditions between macb_tx_poll() and macb_start_xmit(). This can prolong recovery after suspend (e.g., NFS rootfs on A...
CVE-2026-43372
CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...
CVE-2026-43377
CVE-2026-43377 affects ksmbd in the Linux kernel where, under KSMBD_DEBUG_AUTH logging, generate_smb3signingkey() and generate_smb3encryptionkey() log session, signing, encryption, and decryption key bytes. The issue allows potential information disclosure by exposing credentials through verbose ...
CVE-2026-43387
The CVE-2026-43387 issue affects the Linux kernel rtl8723bs Wi‑Fi driver (rtw_get_ie_ex()). The root cause is improper validation of the length of data in received frames, enabling an out-of-bounds read/memory corruption in the driver when processing wireless frame data. Multiple sources confirm ...
CVE-2026-43392
Summary (CVE-2026-43392) : In the Linux kernel, the sched_ext vulnerability causes a potential DoS by starving the enable path in scx_enable() when fair-class workloads saturate the system. The root cause is a switch of the calling thread’s sched_class from fair to ext during the READY→ENABLED lo...
CVE-2026-43395
In the Linux kernel, the vulnerability CVE-2026-43395 affects the drm/xe/sync subsystem. During xe_sync_entry_parse(), references (syncobj, fence, chain fence, or user fence) can be allocated before a later failure path is reached, leaving partially initialized state and leaking refs. The fix rou...
CVE-2026-43408
CVE-2026-43408 concerns the Linux kernel Ceph path handling: a missing zero-initialization of ceph_path_info before ceph_mdsc_build_path() calls can lead to crashes when ceph_mdsc_free_path_info() is invoked on error paths. Multiple code paths lacked proper initializers; the recommended fix is to...
CVE-2026-43431
In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...
CVE-2026-43435
CVE-2026-43435 relates to the Linux kernel rust_binder component where the oneway spam-detection logic in TreeRange (and missing logic in ArrayRange) could allow large spamming transactions to go undetected. The fix moves the spam-check after the new range is inserted and adds an equivalent low_o...
CVE-2026-43441
CVE-2026-43441 relates to the Linux kernel bonding code. When IPv6 is disabled, receiving an IPv6 NS/NA on a bonded slave could reach bond_validate_na() and trigger a NULL pointer dereference in ipv6_chk_addr(). The fixes provided in the sources implement a guard: check ipv6_mod_enabled() (or ipv...
CVE-2026-43443
CVE-2026-43443 involves the Linux kernel ASoC AMD ACP Mach common driver. The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not validate clk_get() returns, risking dereferencing invalid pointers and kernel crash. The patch changes clock acquisition to devm_clk_get() and adds IS...
CVE-2026-43444
CVE-2026-43444 is a Linux kernel vulnerability in the drm/amdkfd component. The issue arises from improper error handling in which a buffer object (bo) is not released if a queue update fails, leaving the BO unreserved. The description across multiple sources notes that the error path should unre...
CVE-2026-43466
Summary (CVE-2026-43466) : The Linux kernel mlx5e driver had a desync bug in the software DMA FIFO during TX error recovery. Specifically, during recovery, dma_fifo_cc was reset to 0 while dma_fifo_pc was not, causing producer/consumer to operate on misaligned indices. After recovery, new entries...
CVE-2026-43474
CVE-2026-43474 concerns the Linux kernel’s fuse filesystem. A local uninitialized-value bug was reported in fuse_fileattr_get, triggered when calling vfs_fileattr_get, due to not initializing flags_valid before the call. The issue is resolved by initializing the kernel’s internal file_kattr struc...
CVE-2026-46158
The CVE-2026-46158 issue is in the Linux kernel MPTCP implementation: when ADD_ADDR is retransmitted, the socket reference count may not be released reliably, creating a potential resource leak. The fix adds a proper exit path to call sock_put (__sock_put) at the end of the handling and removes a...
CVE-2026-46228
CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...
CVE-2022-50426
CVE-2022-50426 affects the Linux kernel remoteproc path for imx_dsp_rproc. The issue arises from a workqueue that may run after rproc_stop_subdevices releases resources, allowing rproc_vq_interrupt to access freed rpmsg endpoints. The fix adds mutex protection in imx_dsp_rproc_vq_work to skip rpr...
CVE-2022-50437
CVE-2022-50437 - Linux kernel (drm/msm/hdmi) : A memory corruption issue was fixed by adding a missing sanity check on the bridge counter to prevent writing beyond the fixed-sized bridge array when there are more than eight bridges. Affects the Linux kernel with drm/msm/hdmi; patch resolves data ...
CVE-2022-50441
CVE-2022-50441 details (Linux kernel, net/mlx5): A bug introduced by commit 0d4e8ed139d8 removed a call to cancel_delayed_work_sync(), which could cause a queued delay to expire on an already destroyed workqueue, potentially leading to a kernel NULL pointer dereference. The fix restores cancel_de...
CVE-2022-50446
CVE-2022-50446 : In the Linux kernel, ARC CPUs are affected by a memory leak in page table entries (PTEs) due to the pmd_pgtable macro returning a direct virtual address after the pgtable_t switch back to struct page *. The leak occurs during process termination and can degrade available memory o...
CVE-2022-50451
CVE-2022-50451 involves a memory leak in the Linux kernel’s ntfs3 module, specifically in the ntfs_fill_super() error path. The provided documents consistently describe a bug where an unreferenced kmemleak object is leaked during mounting, traced to the error handling path of ntfs_fill_super(). T...
CVE-2022-50452
CVE-2022-50452 describes a null-pointer dereference in the Linux kernel net:sched: cake path during cake_init() failure. If the default qdisc is cake and mqprio_init() fails, cake_reset() clears resources but q->tins remains NULL, leading to a NULL dereference in cake_dequeue_one(). The connec...
CVE-2022-50459
CVE-2022-50459 affects the Linux kernel’s iSCSI TCP path (scsi: iscsi: iscsi_tcp) where a NULL pointer dereference can occur if a socket is freed while accessed via sysfs. Details describe the sequence: sock_hold() on struct sock, then sockfd_put() frees the socket, __sock_release() clears sock-&...
CVE-2022-50472
CVE-2022-50472 – Linux kernel IB/mad path : The issue arises when ib_query_pkey() is invoked in atomic context, which may sleep and triggers a trace/“splat” in the ring buffer, leading to a kernel warning. The description in the sources notes a sleep-prone call in atomic context and a generated t...
CVE-2022-50475
CVE-2022-50475 : In the Linux kernel, the RDMA/core path fixes an issue where the ib_port structure could be invalid when accessing a sysfs node. The vulnerability arises if ib_port is not properly set before adding the sysfs kobject and not reset after its removal, which could lead to a NULL poi...
CVE-2022-50481
CVE-2022-50481 pertains to the Linux kernel; the issue is a potential null pointer dereference in cxl_guest_init_afu|adapter() when device_register() fails in cxl_register_afu|adapter(). The error path could dereference a removed-but-not-added device unless the reference is properly released. The...
CVE-2022-50488
CVE-2022-50488 is a Linux kernel issue in the block BFQ (BFQ scheduler) where bfqq objects could end up pointing to the same bic after cgroup moves, enabling a use-after-free scenario for bfqq->bic. The described sequence shows two processes sharing BICs, merging bfqq entries, and after a casc...
CVE-2022-50493
CVE-2022-50493 is a Linux kernel vulnerability affecting the qla2xxx SCSI path. The issue caused a crash during CPU hotplug when an I/O abort timed out, where completion could be invoked without confirming the I/O’s completion. The advisory fixes to ensure I/O and abort requests are still outstan...
CVE-2022-50508
CVE-2022-50508 affects the Linux kernel wifi driver for MT76x0/MT76x02. After commit ba45841ca5eb, MT76x02 relies on ht[0-7] rate_power for vht mcs{0,7} but uses vth[0-1] rate_power for vht mcs{8,9}, which can cause a possible out-of-bounds access in the function mt76x0_phy_get_target_power. The ...
CVE-2022-50520
CVE-2022-50520 affects the Linux kernel's DRM Radeon path, where radeon_atrm_get_bios() leaked a PCI device refcount due to a missing pci_dev_put() when breaking the loop. The issue arises because pci_get_class() may return a pci_device with a retained reference, and if the loop is exited with pd...
CVE-2022-50528
CVE-2022-50528 affects the Linux kernel (drm/amdkfd) with a memory leak and potential segfault in _gpuvm_import_dmabuf(). A patch fixes memory leakage and segfaults. The CVSS 3.1 vector indicates a Local attack with Low complexity and Low privileges required, impacting Availability (High) while C...
CVE-2022-50547
The CVE affects the Linux kernel, specifically the solo6x10 driver’s solo_sysfs_init() path. When device_register() errors during initialization, memory allocated by dev_set_name() was not freed, leading to a memory leak. The fix, implemented in the upstream kernel and reflected in related adviso...
CVE-2022-50553
CVE-2022-50553 : In the Linux kernel tracing hist code, an out-of-bounds write occurs in action_data.var_ref_idx when synthesizing events with many params (n_params up to SYNTH_FIELDS_MAX) and a smaller TRACING_MAP_VARS_MAX caused writes beyond the array. The issue is fixed by enlarging data->...
CVE-2023-53450
The CVE-2023-53450 entry concerns the Linux kernel ext4 subsystem. A malicious fuzzer that overwrites the ext4 superblock while mounted can set s_first_data_block to a very large value, causing the block-group calculation to underflow and trigger a BUG_ON. The fix changes the BUG_ON to ext4_warni...
CVE-2023-53453
The CVE-2023-53453 issue affects the Linux kernel’s Radeon driver (drm/radeon/atombios) where iio objects allocated during atom_index_iio() were not freed on driver shutdown, causing a kmemleak reference and a potential leak. The fix releases the iio in radeon_atombios_fini() to prevent the kmeml...
CVE-2023-53454
CVE-2023-53454 - Linux kernel HID multitouch fix : The issue arises from using the input_dev name in a devm-allocated string, which can cause a use-after-free when input_dev is unregistered and a uevent referencing the name fires. The patch changes the reference to the HID device for devm allocat...
CVE-2023-53456
During CVE-2023-53456, the Linux kernel scsi/qla4xxx nlattrs parsing lacked length validation in three code paths: qla4xxx_set_chap_entry(), qla4xxx_iface_set_param(), and qla4xxx_sysfs_ddb_set_param(). This could allow out-of-bounds reads and leak heap data. The fix adds a nla_len check and retu...
CVE-2023-53457
CVE-2023-53457 : In Linux kernel, JFS txBegin can NULL-deref when called on a read-only superblock; fix adds a read-only filesystem check before txBegin and returns an appropriate error code. Exploitation status and exact patch details beyond this description are not provided in the supplied docu...