CVE-2023-53638

Technical details for CVE-2023-53638 are not publicly available in the provided documents. Monitor for updates from official advisories.

CVE-2023-53639

Technical details about CVE-2023-53639 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, versions, and remediation information.

CVE-2023-53643

CVE-2023-53643 affects the Linux kernel’s nvme-tcp path. When error recovery runs, the nvme TCP socket is released and a new one is created; if a user runs a command like nvme list, it may dereference a released socket via getsockname(), causing a kernel NULL pointer dereference. The issue is tie...

CVE-2023-53644

The CVE-2023-53644 issue affects the Linux kernel media: radio-shark/radio-shark2 USB driver where endpoints are not validated before use, allowing a warning/invalid transfer path to be triggered. The root cause is missing checks that endpoints exist and have correct types, which can lead to inco...

CVE-2023-53653

Technical details for CVE-2023-53653 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2023-53664

CVE-2023-53664 concerns a Linux kernel issue in the OPP subsystem. The vulnerability stems from dereferencing the opp pointer before validating it with IS_ERR_OR_NULL() in dev_pm_opp_get_required_pstate(), risking a null pointer dereference. The fix removes the dereference of opp_table and derefe...

CVE-2023-53682

CVE-2023-53682 affects the Linux kernel hwmon xgene driver. The root cause is that ioremap() and memremap() were not released in xgene_hwmon_probe(), creating a potential resource leak through ctx->pcc_comm_addr. The fix replaces ioremap and memremap with devm_ioremap and devm_memremap, ensuri...

CVE-2025-39892

CVE-2025-39892 affects the Linux kernel ASoC subsystem. The vulnerability arises in soc-core where a NULL driver name could be dereferenced by snd_soc_lookup_component_nolocked() when soc-generic-dmaengine-pcm.c uses the same device for CPU and Platform, leading to a NULL pointer access in compon...

CVE-2025-39893

The CVE concerns the Linux kernel SPI driver spi-qpic-snand. The root cause is that the on‑host hardware ECC engine remains registered when qcom_spi_probe() returns with an error and also on device removal, leading to use‑after‑free risks. The documented fix unregisters the ECC engine on the erro...

CVE-2025-39906

The CVE-2025-39906 issue affects the Linux kernel drm/amd/display code. A fix removes the OEM I2C adapter on finish, addressing a bug where unbinding the GPU left the OEM I2C adapter registered, which could lead to a NULL pointer dereference when applications access the invalid device. The fix is...

CVE-2025-39919

CVE-2025-39919 concerns the Linux kernel wifi driver mt76/mt7996. The issue was a missing validation: non-station WCID entries could be passed to RX paths, and the global WCID entry could lead to corruption of the WCID array when the pointer is cast to a mt7996_sta_link via container_of. The leve...

CVE-2025-39924

The CVE-2025-39924 issue concerns the Linux kernel erofs subsystem: encoded extents with an invalid algorithm check. The problem was that the existing sanity checks did not properly apply to the new encoded extents, and the fix unifies the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX an...

CVE-2025-39939

The CVE-2025-39939 issue affects the Linux kernel (iommu/s390) where zpci_get_iommu_ctrs() could read a bad address for identity-domain devices, causing memory corruption. The root cause is that identity domains are not backed by an s390_domain, leading to an invalid to_s390_domain() result and o...

CVE-2025-39959

CVE-2025-39959 is resolved in the Linux kernel ASoC/amd ACP code. The vulnerability stemmed from incorrect retrieval of acp_chip_info in the acp I2S driver, where some members could be stale due to using dev_get_platdata instead of dev_get_drvdata. The fix ensures all acp_chip_info members are re...

CVE-2025-71117

CVE-2025-71117 corresponds to a Linux kernel fix that removes queue freezing from several sysfs store callbacks to prevent deadlocks (notably with dm-multipath and the queue_if_no_path option). Affected sysfs attributes include io_poll_delay, io_timeout, nomerges, read_ahead_kb, and rq_affinity. ...

CVE-2025-71132

CVE-2025-71132 affects the Linux kernel’s smc91x driver when built with PREEMPT_RT, causing a workqueue/RCU leak due to smc_special_trylock() disabling IRQs without restoring them. The root cause is that smc_special_unlock() uses spin_unlock_irqrestore() but cannot invoke rcu_read_unlock() via __...

CVE-2025-71134

CVE-2025-71134: In the Linux kernel, mm/page_alloc: when coalescing pages, the migrate type of all pageblocks is not updated, updating only the first pageblock causes inconsistency between the page and its pageblocks. This triggers warnings in expand() and related paths. The issue is resolved in ...

CVE-2025-71181

CVE-2025-71181 relates to the Linux kernel: the rust_binder change to remove spin_lock() in rust_shrink_free_page() during a Rust Binder port to 6.18 appears to fix a potential deadlock scenario described in the public advisories. The affected area is the Rust Binder integration within Linux, spe...

CVE-2025-71269

In CVE-2025-71269, the Linux kernel fixes a data-reservation handling bug in Btrfs: when inline extents fail due to -ENOSPC, the code previously freed the reserved qgroup data unconditionally. The fix updates __cow_file_range_inline() to free reserved qgroup data only if the fallback path is not ...

CVE-2025-71289

Summary: CVE-2025-71289 affects the Linux kernel NTFS3 driver. The issue occurs when truncating files: if attr_set_size() fails, the error is silently ignored and the inode may be left in an inconsistent state, potentially impacting data integrity. The NVD entry lists a local, low-complexity atta...

CVE-2025-71295

The CVE targets the Linux kernel’s memory/file I/O path. In fs/buffer, try_to_free_buffers() could be invoked on folios with no attached buffers when filemap_release_folio() runs on a mapping with AS_RELEASE_ALWAYS but without a release_folio operation. This caused folio_needs_release() to return...

CVE-2025-71296

CVE-2025-71296 relates to the Linux kernel DRM SHMEM path. The issue arises when the reservation lock around the purge operation in drm_gem_shmem_purge_locked() is not properly held, potentially triggering kernel warnings. The fix/published guidance exports a new helper, drm_gem_shmem_purge(), sp...

CVE-2026-22983

The CVE-2026-22983 entry refers to a Linux kernel issue where msg_get_inq was written in the callee, risking a NULL pointer dereference. The vulnerability is described as a kernel-internal variant of msghdr where callers reinitialize the field; fixing the write is intended to improve robustness a...

CVE-2026-22995

The CVE concerns a Linux kernel race in ublk_partition_scan_work that can cause a use-after-free of ub->ub_disk due to a race between async partition scanning and device teardown. The vulnerability occurs when ublk_ctrl_start_dev() schedules partition_scan_work after add_disk(), and ublk_stop_...

CVE-2026-23018

CVE-2026-23018 describes a Linux kernel vulnerability in the btrfs code path. In btrfs_read_locked_inode(), a path with a read-locked leaf from a subvolume tree is used while calling btrfs_init_file_extent_tree(), which may perform GFP_KERNEL allocations and trigger memory reclaim. This can creat...

CVE-2026-23022

The CVE-2026-23022 issue affects the Linux kernel’s idpf driver. It fixes a memory leak in idpf_vc_core_deinit() where hw->lan_regs was not freed, reported by kmemleak during reset. The root cause is a missing free in the deinitialization path of idpf_vc_core, leading to unreferenced memory be...

CVE-2026-23024

CVE-2026-23024 affects the Linux kernel: the idpf flow steering list could leak memory on module removal when entries remain. The fix iterates remaining entries during module unload and frees associated memory, guarded by a new flow_steer_list_lock to protect concurrent access. This is a memory-l...

CVE-2026-23158

CVE-2026-23158 (Linux kernel) affects gpio-virtuser: the configfs release path frees the device inside a guard(mutex) region, leading to a use-after-free when mutex_unlock() runs after the guard. The issue is caused by destroying the mutex and freeing the device while still within the lock’s guar...

CVE-2026-23250

CVE-2026-23250 is a Linux kernel vulnerability in the XFS code path. The issue arises from not checking the return value of xchk_scrub_create_subord, which could yield an ENOMEM mangling the flow. The fix updates xchk_scrub_create_subord to return NULL on allocation failure and adjusts callers to...

CVE-2026-23251

The CVE-2026-23251 issue affects the Linux kernel XFS code: destructors xfarray/xfblob were invoked on possibly-invalid pointers. The patch ensures xf{array,blob}_destroy is only called for a valid pointer and clears it afterwards, improving memory safety. The fix was merged in commits between 6....

CVE-2026-23254

CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...

CVE-2026-23260

CVE-2026-23260 involves the Linux kernel memory-leak in regmap maple: when mas_store_gfp() fails, the newly allocated 'entry' is not freed, leaking memory. The fix frees 'entry' on the failure path and frees the replaced neighbor blocks ('lower','upper') on success. Connected advisories show patc...

CVE-2026-23265

Summary: CVE-2026-23265 relates to the Linux kernel F2FS filesystem. The issue arises from a faulty sanity check on the node footer during read/end_io paths, leading to an inconsistency between the node page index (nid) and footer.nid. If a node page footer is corrupted (e.g., in a fuzzed image) ...

CVE-2026-23271

CVE-2026-23271 affects the Linux kernel perf subsystem. The vulnerability arises from a race between __perf_event_overflow() and perf_remove_from_context() where __perf_event_overflow() may run with only preemption disabled for some callchains, allowing a race against perf_event_exit_event() and ...

CVE-2026-23272

CVE-2026-23272 affects the Linux kernel netfilter nf_tables component. The issue arises when inserting into a full set: the code increments set->nelems and publishes a new element before the RCU grace period, allowing an RCU reader to observe a partially updated element. The description notes ...

CVE-2026-23276

CVE-2026-23276 fixes a recursion vulnerability in the Linux kernel networking stack. When a bonded interface in broadcast mode has GRE tunnel slaves, multicast/broadcast traffic could trigger infinite recursion between bond_xmit_broadcast() and ip_tunnel_xmit()/ip6_tnl_xmit(), risking a kernel st...

CVE-2026-23277

CVE-2026-23277 (TEQL NULL pointer dereference in iptunnel_xmit) is fixed in Linux kernel TEQL transmit path. When a GRE Gretap tunnel is TEQL slave, teql_master_xmit() transmits via netdev_start_xmit() without updating skb->dev to the slave. iptunnel_xmit then uses the original dev from skb-&g...

CVE-2026-23278

CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...

CVE-2026-23279

CVE-2026-23279 concerns the Linux kernel’s wifi/mac80211 mesh code. The issue is a NULL pointer dereference in mesh_rx_csa_frame() when the Mesh Channel Switch Parameters IE (IE 118) is absent; elems->mesh_chansw_params_ie can be NULL after mesh_matches_local(), yet code dereferences it uncond...

CVE-2026-23280

CVE-2026-23280 affects the Linux kernel’s accel/amdxdna component. The issue is a size calculation overflow for the ubuf, which can lead to an undersized allocation and potential memory corruption. The root cause is improper handling of arithmetic when computing the ubuf size. The publicly docume...

CVE-2026-23284

Technical details for CVE-2026-23284 are not publicly provided in the supplied documents; none of the connected advisories describe affected product/version or fix for this CVE. Monitor for updates.

CVE-2026-23286

CVE-2026-23286 affects the Linux kernel ATM LANE implementation. The root cause is a potential null pointer dereference in lec_arp_clear_vccs when multiple ARP entries share the same VCC: after the first entry frees vpriv and clears vcc->user_back, a subsequent entry may dereference a NULL vpr...

CVE-2026-23288

The CVE-2026-23288 issue is in the Linux kernel’s accel/amdxdna component. It describes an out-of-bounds write caused by clearing the command header with memset() before validating the remaining space in a command slot, when the slot space is smaller than the header. The root cause is performing ...

CVE-2026-23289

CVE-2026-23289 affects the Linux kernel (IB/mthca path) in which a missed mthca_unmap_user_db() for mthca_create_srq can trigger a leak on a failed system call. The vulnerability, with local attack vector and low privileges required, may lead to privilege escalation, DoS, or information leaks as ...

CVE-2026-23291

CVE-2026-23291 affects the Linux kernel’s nfc pn533 driver where a dangling USB interface reference could occur on disconnect. The issue arises from the probe path grabbing a USB interface reference and not dropping it properly after use. Upstream fixes drop the reference when the device is disco...

CVE-2026-23295

CVE-2026-23295 concerns the Linux kernel accel/amdxdna driver. A deadlock can occur when a user-space process issues a query IOCTL during auto suspend: the query path holds dev_lock and calls pm_runtime_resume_and_get(), waiting for suspend to finish while the suspend callback may block on dev_lo...

CVE-2026-23300

The CVE-2026-23300 issue is a Linux kernel vulnerability in IPv6 routing where creating a standalone nexthop object (e.g., ip -6 nexthop add id 100 dev lo) caused a crash when later referenced by an IPv4 route. Root cause: fib6_nh_init() incorrectly treated such nexthops as rejects due to an abse...

CVE-2026-23326

The CVE-2026-23326 issue is a Linux kernel XSK fragment handling flaw that caused a buffer leak. After commit b692bf9a..., the xskb_list_node reuse between the xskb pool list and the buffer free list meant xp_free() could skip adding a freed buffer to the free list because list_del() did not rein...

CVE-2026-23327

The CVE-2026-23327 issue is a Linux kernel vulnerability in the CXL mailbox driver (cxl/mbox). The root cause is that cxl_payload_from_user_allowed() casts and dereferences the user payload without validating its size, allowing an undersized mailbox command to trigger a read past the allocated bu...

CVE-2026-23330

Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...