14097 matches found
CVE-2025-39910
CVE-2025-39910 affects the Linux kernel (mm/vmalloc, mm/kasan) where kasan_populate_vmalloc() and helpers ignore the caller’s GFP mask and always allocate with GFP_KERNEL, diverging from vmalloc() which supports GFP_NOFS/GFP_NOIO. Page table allocations during shadow population also ignore the ex...
CVE-2026-23358
CVE-2026-23358 affects the Linux kernel drm/amdgpu driver. The issue arises during slot reset error handling where an uninitialized hive pointer could be used to decide flow at the error path, potentially leading to accessing an uninitialized list. The fix initializes the list and hive properly a...
CVE-2025-39771
The CVE-2025-39771 entry concerns the Linux kernel regulator driver pca9450. The issue arises in the pca9450_restart handling during module probe, where a notifier callback is already registered, leading to a kernel dump if not managed. The documented remediation is to use devm_register_sys_off_h...
CVE-2025-39774
CVE-2025-39774 affects the Linux kernel driver iio: adc: rzg2l_adc. The issue arises when a loop unbinds/binds the ADC (which may serve another device like a thermal block) and the ADC is resumed by runtime PM before drvdata is set, causing a crash in runtime PM callbacks that rely on drvdata. Th...
CVE-2025-39785
CVE-2025-39785 is a Linux kernel vulnerability affecting the drm/hisilicon/hibmc path. The issue arises from using a local irq name variable in irq_request(); it is passed to request_irq() and can lead to a use-after-free, causing request_irq to fail. The fixes switch to using a global irq name i...
CVE-2025-39786
The CVE-2025-39786 issue affects the Linux kernel IIO ADC driver for ad7173. The root cause is an index mismatch when accessing the syscalib_mode channel: the address field is 0-based (same as scan_index) used to locate entries in ad7173_channels, while the channels field may not match the addres...
CVE-2025-39879
CVE-2025-39879 pertains to the Linux kernel Ceph code path. The issue revolves around ceph_process_folio_batch() leaving folio_batch entries as NULL, an illegal state that could lead to crashes if folio_batch_release() dereferences them. The documented root cause describes that earlier code inten...
CVE-2025-39887
CVE-2025-39887 concerns a Linux kernel issue in tracing/osnoise where bitmap_parselist() could dereference a NULL pointer when handling a cpulist input in osnoise_cpus_write() (e.g., writing "0-2" to /sys/kernel/debug/tracing/osnoise/cpus with count=0). The vulnerability affected the kernel path ...
CVE-2025-39897
The CVE-2025-39897 issue affects the Linux kernel net: xilinx: axienet driver. It arises when retrieving the RX metadata pointer via dmaengine_desc_get_metadata_ptr(), which can return an error pointer. The vulnerability is mitigated by adding proper error checking, unmapping the DMA buffer, free...
CVE-2025-39926
CVE-2025-39926 in the Linux kernel fixes a logic error in genetlink: in genl_bind(), bind() could be invoked after a failed capability check (-EPERM), letting callbacks run for unauthorized callers. The patch ensures bind() is called only after successful permission checks (after the “if (ret) br...
CVE-2025-39937
CVE-2025-39937 affects the Linux kernel, specifically the rfkill GPIO code. A potential crash could occur on x86 when rfkill-gpio binds to BCM4752/LNV4752 ACPI devices because rfkill_find_type() used an uninitialized local pointer (type_name) if device_property_read_string() failed. The fix initi...
CVE-2025-39940
CVE-2025-39940 concerns the Linux kernel’s dm-stripe component. A potential integer overflow can occur in stripe_io_hints when the chunk size is too large. The fix tests for an overflow and, if detected, avoids setting limits->io_min and limits->io_opt. This mitigates a local-privilege vect...
CVE-2025-39944
CVE-2025-39944 affects the Linux kernel OcteonTX2 PCI device driver (octeontx2-pf). It fixes a use-after-free in otx2_sync_tstamp() caused by a race with a running delayed work item; cancel_delayed_work() could leave synctstamp_work dereferencing a freed otx2_ptp. The mitigation in the fix is to ...
CVE-2025-40090
CVE-2025-40090 concerns ksmbd in the Linux kernel. The vulnerability stems from a recursive locking issue: ksmbd_session_rpc_method() attempts to lock sess->rpc_lock, while a caller may already hold it for a write, causing a deadlock with ksmbd_rpc_open and related paths when a client opens a ...
CVE-2025-71071
In CVE-2025-71071, the Linux kernel iommu/mediatek driver had a use-after-free risk during probe deferral when larb devices were not yet bound. The issue arose from dropping references to larb devices taken during probe on success and on errors, potentially allowing a use-after-free if probe is d...
CVE-2025-71102
CVE-2025-71102 affects the Linux kernel with a bug in shadow call stack handling: __scs_magic() received a struct task_struct* instead of the required void*. This caused scs_check_usage to scan an incorrect memory range when CONFIG_DEBUG_STACK_USAGE is enabled, potentially yielding inaccurate sha...
CVE-2025-71133
The CVE-2025-71133 entry concerns the Linux kernel RDMA/irdma path, where irdma_net_event could dereference neigh (ptr) data before confirming NETEVENT_NEIGH_UPDATE. The code fix moves neigh->dev access under the NETEVENT_NEIGH_UPDATE case, preventing a potential out-of-bounds read reported by...
CVE-2025-71139
CVE-2025-71139 – Linux kernel kexec CMA/IMA handling : The issue arises when the kexec target address is allocated in CMA space. The kernel’s kimage_map_segment() path assumes IND_SOURCE pages exist and maps them via vmap(), but CMA-based allocation bypasses IND_SOURCE, leading to a warning and i...
CVE-2025-71162
CVE-2025-71162 describes a use-after-free in the Tegra ADMA driver within the Linux kernel, triggered when an audio DMA buffer is freed during XRUN handling before the vchan completion tasklet runs. The race occurs after a DMA transfer completes and schedules a completion tasklet, while tegra_adm...
CVE-2025-71203
CVE-2025-71203 concerns the Linux kernel where a user-controlled syscall number could be used to index the syscall table, enabling potential data leakage via cache side channels. The mitigation is to clamp the index with array_index_nospec() after the bounds check to prevent speculative out-of-bo...
CVE-2025-71232
CVE-2025-71232 details (Linux kernel, qla2xxx): The vulnerability stems from freeing an sp pointer in the error path of the qla2xxx SCSI driver, which could cause a system crash during load/unload loops. The provided evidence shows a crash trace and a fix in the kernel code path (free sp in the e...
CVE-2025-71265
CVE-2025-71265 affects the Linux kernel ntfs3 attribute run parsing. A malformed NTFS image could trigger an infinite loop in attr_load_runs_range when an empty run list is claimed but data is expected, due to the code path leaving runs_tree uninitialized (runs NULL) after a successful return fro...
CVE-2025-71268
The CVE-2025-71268 issue is a Linux kernel vulnerability in btrfs where a reservation leak can occur on some error paths when inserting an inline extent. The root cause is that __cow_file_range_inline() may exit without freeing reserved qgroup data if allocation of a path or join of a transaction...
CVE-2025-71269
In CVE-2025-71269, the Linux kernel fixes a data-reservation handling bug in Btrfs: when inline extents fail due to -ENOSPC, the code previously freed the reserved qgroup data unconditionally. The fix updates __cow_file_range_inline() to free reserved qgroup data only if the fallback path is not ...
CVE-2025-71295
The CVE targets the Linux kernel’s memory/file I/O path. In fs/buffer, try_to_free_buffers() could be invoked on folios with no attached buffers when filemap_release_folio() runs on a mapping with AS_RELEASE_ALWAYS but without a release_folio operation. This caused folio_needs_release() to return...
CVE-2026-23021
CVE-2026-23021 affects the Linux kernel component: net: usb: pegasus. The memory leak occurs in update_eth_regs_async() when usb_submit_urb() fails, failing to release resources allocated up to that point. Public advisories indicate upstream kernel fixes (e.g., 6.6.130 lineage and related patches...
CVE-2026-23061
Summary (CVE-2026-23061) : The Linux kernel CAN subsystem can: kvaser_usb_read_bulk_callback() leak URBs in kvaser_usb, leading to a memory leak. Root cause: the URBs for USB-in transfers are anchored to dev->rx_submitted when created and submitted, but the USB framework unanchors URBs before ...
CVE-2026-23064
CVE-2026-23064 affects the Linux kernel’s net/sched implementation, specifically the act_ife action. The vulnerability is a NULL pointer dereference in tcf_ife_encode()/ife_encode() that could trigger a general protection fault/oops when a NULL is encountered. The provided trace shows the fault p...
CVE-2026-23071
CVE-2026-23071 (Linux kernel) resolves a race in regmap hwspinlock irqsave. The bug occurred when the shared member map->spinlock_flags was passed directly to hwspin_lock_timeout_irqsave, allowing concurrent contexts contending for the lock to overwrite the shared flags and corrupt the lock ow...
CVE-2026-23073
CVE-2026-23073 (Linux kernel) affects the wifi RSI driver. The root cause is memory corruption caused by not allocating space for the driver data in the trailing‑space field of struct ieee80211_vif. Specifically, RSI911x fails to set the vif driver data size, causing writes to vif->drv_priv to...
CVE-2026-23076
CVE-2026-23076 affects the Linux kernel ALSA ctxfi driver: a potential out-of-bounds access in the audio mixer handling due to using conj as a loop index and referencing it in amixer_index() and sum_index(). The issue stems from lack of proper re-initialization of conj, enabling OOB reads at ctam...
CVE-2026-23078
Technical details for CVE-2026-23078 are not provided in the connected documents. The initial description summarizes the buffer overflow fix in ALSA scarlett2 in Linux kernel; no vendor/product-specific impact or patch versions are specified here. Monitor for updates.
CVE-2026-23079
CVE-2026-23079 affects the Linux kernel, specifically the gpio cdev path. The issue is that on error handling paths, in lineinfo_changed_notify(), allocated resources are not freed, causing resource leaks. The publicly described fix is to free those resources on error paths. Metrics indicate a CV...
CVE-2026-23086
Technical details about CVE-2026-23086 are not publicly available in the provided connected documents; monitor vendor advisories and official CVE writeups for updates.
CVE-2026-23118
The CVE-2026-23118 entry concerns a Linux kernel rxrpc data-race: rxrpc_peer_keepalive_worker and rxrpc_send_data_packet access peer->last_tx_at without synchronization, and the 64-bit last_tx_at risking 32-bit tearing. The fix changes last_tx_at to unsigned int and stores only the least-signi...
CVE-2026-23135
CVE-2026-23135 affects the Linux kernel in the wifi ath12k driver. The issue arises in dma_free_coherent() pointer handling: dma_alloc_coherent() stores addresses in XXX_unaligned fields, but those addresses are not consistently reused when freeing the buffer. The vulnerability is resolved by pat...
CVE-2026-23170
CVE-2026-23170 affects the Linux kernel's DRM IMX TVE path; the root cause is a device reference leak to the DDC device during probe (including probe deferral) and on driver unbind. The trusted sources show the issue resolved in kernel updates, with Ubuntu/rootio-root packages (e.g., ROOT-OS-UBUN...
CVE-2026-23250
CVE-2026-23250 is a Linux kernel vulnerability in the XFS code path. The issue arises from not checking the return value of xchk_scrub_create_subord, which could yield an ENOMEM mangling the flow. The fix updates xchk_scrub_create_subord to return NULL on allocation failure and adjusts callers to...
CVE-2026-23256
CVE-2026-23256 relates to the Linux kernel and fixes an off-by-one error in the VF setup_nic_devices() cleanup (net: liquidio) that could leak memory. The Root:Ubuntu and Ubuntu OSV entries confirm patches in rootio-linux for Ubuntu 24.04 and 22.04 with multiple fixed kernel versions (e.g., kerne...
CVE-2026-23272
CVE-2026-23272 affects the Linux kernel netfilter nf_tables component. The issue arises when inserting into a full set: the code increments set->nelems and publishes a new element before the RCU grace period, allowing an RCU reader to observe a partially updated element. The description notes ...
CVE-2026-23292
CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...
CVE-2026-23293
CVE-2026-23293 affects the Linux kernel net/vxlan code. Root cause: when IPv6 is disabled (ipv6.disable=1), nd_tbl is not initialized, leading to a NULL pointer dereference in neigh_lookup() invoked by route_shortcircuit() when an IPv6 packet is injected. Impact is local: a crafted, locally deliv...
CVE-2026-23302
Summary (CVE-2026-23302): The Linux kernel patch resolves a data-race in data-path pointers sk->sk_data_ready and sk->sk_write_space, where skmsg and possibly other layers could modify these pointers while others may read them concurrently. The fix adds corresponding READ_ONCE()/WRITE_ONCE(...
CVE-2026-23317
The CVE-2026-23317 entry describes a Linux kernel vulnerability in drm/vmwgfx, specifically vmw_translate_ptr. The root cause was a previous change where a pointer-returning lookup was replaced by an error-code-returning lookup with the pointer as an out parameter; the error path was not updated,...
CVE-2026-23327
The CVE-2026-23327 issue is a Linux kernel vulnerability in the CXL mailbox driver (cxl/mbox). The root cause is that cxl_payload_from_user_allowed() casts and dereferences the user payload without validating its size, allowing an undersized mailbox command to trigger a read past the allocated bu...
CVE-2026-23352
CVE-2026-23352 affects Linux kernel's x86 EFI code: efi_free_boot_services() defers freeing of EFI_BOOT_SERVICES memory, but memblock_free_late() is not suitable for reserved memory and may miss uninitialized memory maps when CONFIG_DEFERRED_STRUCT_PAGE_INIT=y. This can cause a RAM leak (~140 MB ...
CVE-2026-23354
CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...
CVE-2026-23359
CVE-2026-23359 stems from a Linux kernel bug in BPF devmap handling. get_upper_ifindexes() could write upper-device indices beyond the allocated stack, because the code assumed MAX_NEST_DEV (8) bounds, but the number of upper devices (e.g., many macvlan) could exceed that. The result is a stack-o...
CVE-2026-23370
CVE-2026-23370 concerns a Linux kernel vulnerability in platform/x86: dell-wmi-sysman where set_new_password() hex dumps the buffer containing plaintext passwords (including current/new passwords). The issue could leak credentials locally and is mitigated by removing the hex dump; upstream kernel...
CVE-2026-23376
CVE-2026-23376 affects the Linux kernel nvmet-fcloop component. The vulnerability arises from not checking remoteport port_state before freeing resources in the fcloop_t2h_xmt_ls_rsp path, where lsrsp resources may be freed incorrectly if the remote port is not online. The fix updates fcloop_t2h_...