Lucene search
K
LinuxLinux Kernel

14097 matches found

CVE
CVE
added 2026/03/25 10:28 a.m.19 views

CVE-2026-23388

CVE-2026-23388 concerns the Linux kernel Squashfs subsystem. A corrupted index lookup can yield a negative metadata block offset, leading to an out-of-bounds access in squashfs_copy_data via squashfs_read_metadata. The issue is resolved by adding a metadata offset range check in squashfs_read_met...

7.1CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/03/25 10:28 a.m.19 views

CVE-2026-23389

CVE-2026-23389 (Linux kernel ice component) : The issue is a memory leak in ice_set_ringparam() where tx_rings and xdp_rings are allocated before rx_rings. If rx_rings allocation fails, the code jumps to a done path that leaks both tx_rings and xdp_rings; if a per-Rx ring setup fails, code may ju...

5.5CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2026/03/25 10:33 a.m.19 views

CVE-2026-23393

CVE-2026-23393 – Linux kernel (bridge/cfm) race fix : A race during peer MEP deletion could occur because br_cfm_frame_rx() could re-schedule ccm_rx_dwork while peer_mep is freed under RCU, risking use-after-free. The fix replaces cancel_delayed_work_sync() with disable_delayed_work_sync() in bot...

7.8CVSS5.7AI score0.001EPSS
CVE
CVE
added 2026/04/03 1:24 p.m.19 views

CVE-2026-23418

The CVE-2026-23418 issue affects the Linux kernel component drm/xe/reg_sr. It describes a memory leak that occurs when xa_store() fails to store a newly allocated entry, leaving the entry not freed on the error path. The patched fix frees the allocated entry on error (notably via a goto fail_free...

5.5CVSS5.7AI score0.00113EPSS
CVE
CVE
added 2026/04/03 1:24 p.m.19 views

CVE-2026-23426

CVE-2026-23426 concerns the Linux kernel component drm/logicvc, where logicvc_drm_config_parse() creates a reference to a device node via of_get_child_by_name() but fails to release it, causing a device node reference leak. The issue is mitigated by applying a cleanup using the __free(device_node...

5.5CVSS5.7AI score0.00115EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.19 views

CVE-2026-23428

CVE-2026-23428 affects the Linux kernel ksmbd component handling SMB2. The root cause is a use-after-free when reusing work->tcon in compound SMB2 requests: after a prior command (e.g., SMB2_TREE_DISCONNECT) sets t_state to TREE_DISCONNECTED and ksmbd_share_config_put() frees share_conf, subse...

9.8CVSS5.8AI score0.00331EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.19 views

CVE-2026-23438

In the Linux kernel mvpp2 driver, CVE-2026-23438 arises from an unconditional access to CM3 flow control via mvpp2_cm3_read()/mvpp2_cm3_write() in mvpp2_bm_switch_buffers(), when priv->cm3_base is NULL (e.g., CM3 SRAM not present in device tree). This can crash the kernel on MTU changes that c...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.19 views

CVE-2026-23460

CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/03 3:16 p.m.19 views

CVE-2026-31399

CVE-2026-31399 concerns the Linux kernel, specifically a use-after-free in the nvme/nvdimm bus async initialization path. The issue arises if device_add() fails during nd_async_device_register(): the parent device reference could drop to 0 before the parent pointer is accessed, leading to use-aft...

7.8CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.19 views

CVE-2026-31435

Summary: CVE-2026-31435 affects the Linux kernel netfs read-abandonment path during retries. The root cause is an uninitialized/invalid subreq pointer used in the abandonment flow, which can lead to abandoning remaining subrequests incorrectly and may cause a kernel oops/DoS. Several connected ad...

8.8CVSS5.6AI score0.00342EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.19 views

CVE-2026-31454

Summary: CVE-2026-31454 affects the Linux kernel's XFS code. In xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock is dropped to perform buffer IO, which can allow a log item to be freed during reclaim. A subsequent spin_lock() may dereference lip->li_ailp, causing a use-after...

7.8CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.19 views

CVE-2026-31455

CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...

7.8CVSS5.6AI score0.00126EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31475

In CVE-2026-31475, the Linux kernel ASoC sma1307 component had a double-free issue: mode_set entries allocated with devm_kzalloc() were (incorrectly) freed with kfree() in an error path. The remedy documented across multiple sources is to drop the manual kfree() loop and rely on device resource m...

7.8CVSS5.6AI score0.00127EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31479

CVE-2026-31479 concerns the Linux kernel drm/xe driver. The issue involves Virtual Memory Area (VMA) management during rebind/unwind paths in 3D workflows, which can produce an invalid/overlapping VMA and potentially destabilize the VM state. Public descriptions in Red Hat and Debian OSV/Ubuntu e...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31491

In the Linux kernel’s RDMA/irdma component, CVE-2026-31491 stems from depth calculation functions that fail to properly guard against U32_MAX inputs for SQ/RQ/SRQ sizes. The issue can cause integer overflow and truncation, leading to the function returning success when it should fail. Public repo...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31492

The CVE-2026-31492 entry concerns the Linux kernel RDMA irdma driver. Root cause: in irdma_create_qp, if ib_copy_to_udata fails, irdma_destroy_qp cleanup waits on free_qp completion that has not been initialized yet. The fix is to initialize the free_qp completion before the ib_copy_to_udata call...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31511

CVE-2026-31511 affects the Linux kernel Bluetooth MGMT subsystem, specifically a dangling pointer in mgmt_add_adv_patterns_monitor_complete where mgmt_pending_free(cmd) could kfree cmd before unlinking from the list. Connected advisories indicate Debian/Root and other OSV entries report a patch w...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/23 11:12 a.m.19 views

CVE-2026-31531

The vulnerability CVE-2026-31531 affects the Linux kernel’s nexthop handling in IPv4 when querying large nexthop groups via RTM_GETNEXTHOP. The fixed issue was a fixed-size NLMSG buffer (NLMSG_GOODSIZE) that could overflow for large groups (e.g., 512 nexthops), causing kernel warnings and potenti...

5.5CVSS5.6AI score0.00164EPSS
CVE
CVE
added 2026/04/24 2:33 p.m.19 views

CVE-2026-31542

CVE-2026-31542 affects the Linux kernel x86/platform/uv component. When a socket is deconfigured, it is mapped to SOCK_EMPTY (0xffff) instead of NUMA_NO_NODE, causing a panic during allocation of UV hub info structures and potentially DoS. The fixes patch the behavior to allocate on valid NUMA no...

5.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.19 views

CVE-2026-31559

This CVE (CVE-2026-31559) affects the LoongArch implementation in the Linux kernel. The issue is a missing NULL check in kstrdup() during device-tree processing, fixed by replacing of_find_node_by_path("/") with of_root to avoid multiple of_node_put() calls, and by preventing a kernel oops during...

5.5CVSS5.3AI score0.00122EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.19 views

CVE-2026-31581

CVE-2026-31581 affects the Linux kernel ALSA 6fire USB audio driver. The issue is a use-after-free in usb6fire_chip_abort() where the chip structure is allocated as the card’s private data and, after snd_card_free_when_closed() frees the card (when no file handles are open), a later write to chip...

7.8CVSS5.5AI score0.00128EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.19 views

CVE-2026-31582

CVE-2026-31582 affects the Linux kernel hwmon powerz driver. A use-after-free occurs when a USB disconnect frees the URB and mutex, and a subsequent powerz_read() can dereference the freed URB in powerz_read_data(). The fix, as described across sources, is to set priv->urb to NULL in powerz_di...

7.8CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.19 views

CVE-2026-31603

CVE-2026-31603 affects the Linux kernel staging: sm750fb driver. The issue occurs when a zero pixclock is passed via FBIOPUT_VSCREENINFO, causing ps_to_hz() to divide by zero in hw_sm750_crtc_set_mode(). The vulnerability is resolved by rejecting zero pixclock in lynxfb_ops_check_var(), aligning ...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.19 views

CVE-2026-31624

CVE-2026-31624) affects the Linux kernel HID core. The vulnerability arises when a HID device supplies a report descriptor with a large report_size, causing s32ton() to shift by n-1 with n > 32. The issue is resolved by clamping n to the same maximum used by snto32(), per commit ec61b41918587,...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.19 views

CVE-2026-31641

The CVE-2026-31641 entry relates to the Linux kernel rxrpc token parsing bug. A heap buffer overflow could occur when rxrpc_preparse_xdr_yfs_rxgk() reads raw key and ticket lengths from an XDR token, applies round_up(x,4), and then uses the rounded values for validation/allocation, while the unro...

7.8CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.19 views

CVE-2026-31678

CVE-2026-31678 – Linux kernel Open vSwitch tunnel netdev handling fix. The issue arose when ovs_netdev_tunnel_destroy() could run after NETDEV_UNREGISTER detached the device, risking a race as it dropped the netdev reference while readers still observed vport->dev. The resolution is to not rel...

7.8CVSS5.3AI score0.00096EPSS
CVE
CVE
added 2026/04/25 8:46 a.m.19 views

CVE-2026-31680

The CVE concerns a race in the Linux kernel IPv6 flow label handling. In ip6fl_seq_show(), the global flowlabel hash is read under an RCU read lock, and an option block’s state fl->opt->opt_nflen may be printed when present. The current lifetime of the option state can end with fl->users...

7.8CVSS5.4AI score0.00121EPSS
CVE
CVE
added 2026/04/27 5:34 p.m.19 views

CVE-2026-31690

CVE-2026-31690 affects the Linux kernel TH1520 AON firmware protocol driver. The issue combined a potential buffer overflow from unsafe pointer arithmetic when accessing the 'mode' field via a resource offset, and the use of custom RPC_SET_BE*/RPC_GET_BE* macros replaced with standard endianness ...

7.8CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/01 1:55 p.m.19 views

CVE-2026-31698

CVE-2026-31698 affects the Linux kernel crypto CCP Sev driver. The issue arises when retrieving the PDH certificate: if a firmware command fails with an invalid length, the driver may copy data to userspace, causing a kernel-allocated buffer overflow and potential data leakage to the local user. ...

7.1CVSS6AI score0.00126EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.19 views

CVE-2026-31721

CVE-2026-31721 affects the Linux kernel USB gadget subsystem, specifically the f_hid driver. The issue arises from initializing wait queues (poll_wait) with init_waitqueue_head inside hidg_bind, which re-initializes queues that may still contain items when the HID gadget is bound/unbound and epol...

5.5CVSS5.5AI score0.00123EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.19 views

CVE-2026-31739

CVE-2026-31739 affects the Linux kernel tegra crypto driver. The driver failed to set CRYPTO_ALG_ASYNC on asynchronous algorithms, causing the crypto API to select async paths for users requesting synchronous operations, potentially causing crashes. Mitigation implemented in the patch: explicitly...

8.8CVSS5.8AI score0.00415EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.19 views

CVE-2026-43005

CVE-2026-43005 affects the Linux kernel hwmon driver for tps53679. The bug arises when i2c_smbus_read_block_data() returns 0 (zero-length read); tps53679_identify_chip() then accesses buf[ret-1] (buf[-1]), causing an out-of-bounds read. The fix changes the check from ret < 0 to ret

7.1CVSS5.9AI score0.00124EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.19 views

CVE-2026-43016

The CVE-2026-43016 entries describe a use-after-free in the Linux kernel BPF sockmap path (sockmap) affecting AF_UNIX sockets. The issue occurs in sk_psock_verdict_data_ready(), when the peer’s sk_socket may be freed after an RCU grace period, while the sender holds the peer’s refcount. The root ...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.19 views

CVE-2026-43042

The CVE-2026-43042 issue affects the Linux kernel MPLS code. It describes a race condition where concurrent operations on platform label data can yield an inconsistent view during a resize of the platform_label tables, particularly in the RCU-protected paths mpls_forward and mpls_dump_routes unde...

7.1CVSS5.8AI score0.0011EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.19 views

CVE-2026-43051

The CVE-2026-43051 issue affects the Linux kernel HID driver for Wacom devices, specifically the wacom_intuos_bt_irq() function. A length-bounds flaw in processing Bluetooth HID reports can permit an out-of-bounds read when handling reports 0x03 and 0x04, enabling leakage of memory content. The v...

8.1CVSS5.8AI score0.00255EPSS
CVE
CVE
added 2026/05/05 3:17 p.m.19 views

CVE-2026-43060

The CVE-2026-43060 issue affects the Linux kernel netfilter component (nft_ct). When the nft_ct module is removed, packets enqueued in nfqueue may retain stale references to conntrack zone templates or timeout policies, risking instability or DoS. The root cause is references that can outlive the...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/05/06 7:21 a.m.19 views

CVE-2026-43074

CVE-2026-43074 affects the Linux kernel eventpoll code. The vulnerability arises from ep_free() freeing the eventpoll structure while still in use by another thread, creating a use-after-free (UAF). The fix defers kfree() of the epi->ep struct to an RCU grace period to prevent UAF; multiple so...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43081

The CVE-2026-43081 issue lies in the Linux kernel IPA driver where GENERIC_CMD register field masks for IPA v5.0+ were incorrectly configured, risking system instability. The description across multiple connected sources states this could produce a WARN when sending commands (e.g., to the MPSS re...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43086

CVE-2026-43086 concerns the Linux kernel IPVS component. The vulnerability occurs in the error path of ip_vs_add_service when ip_vs_bind_scheduler() has succeeded and the local variable sched is set to NULL; if ip_vs_start_estimator() then fails, ip_vs_unbind_scheduler(svc, sched) is invoked with...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43089

CVE-2026-43089 : In the Linux kernel, the xfrm_user component exposes an information-disclosure vulnerability caused by a one-byte padding hole in struct xfrm_usersa_id that was not zeroed before copying to userspace. The fix zeros the entire structure before setting fields (build_mapping path). ...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43097

CVE-2026-43097 affects the Linux kernel PCI Hyper-V driver. During error handling in hv_pci_probe, the domain_nr is freed twice: first via pci_bus_release_emul_domain_nr(), and again when the bridge release callback pci_release_host_bridge_dev() runs during cleanup, leading to ida_free on an unal...

7.8CVSS5.7AI score0.0012EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43102

CVE-2026-43102 affects the Linux kernel net/airoha driver: a memory leak in the airoha_qdma_rx_process() when processing subsequent buffers in the non-linear skb portion. If an error occurs, the page_pool fragment may fail to be linked back to the skb, preventing it from being returned to the poo...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.19 views

CVE-2026-43103

CVE-2026-43103 affects the Linux kernel net/lapbether driver: lapbeth_data_transmit() assumes the underlying device type is ARPHRD_ETHER, and returning NOTIFY_BAD from lapbeth_device_event() prevents the bonding driver from violating this expectation. The vulnerability is resolved in upstream ker...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43126

CVE-2026-43126 affects the Linux kernel ALSA OSS mixer. The vulnerability arises when pending kcontrol operations are not consistently handled during card/disconnect, risking use-after-free and potential local impact. Multiple OSV entries ( Debian 12/11 patches in rootio-linux, Ubuntu, Red Hat) i...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43127

CVE-2026-43127 concerns the Linux kernel ntfs3 component, where a circular locking dependency between wnd->rw_lock and ni->file.run_lock creates an AB-BA deadlock. The deadlock scenario: ntfs_extend_mft() acquires ni->file.run_lock then wnd->rw_lock; run_unpack_ex() acquires wnd->r...

5.5CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43136

The CVE-2026-43136 issue affects the Linux kernel HID subsystem (logitech-hidpp) where fake USB devices could craft HID report descriptors without valid fields, potentially crashing the kernel over USB. The root cause is a missing validation in hidpp_get_report_length() that allowed reports with ...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43156

The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43180

The CVE-2026-43180 issue affects the Linux kernel kaweth USB Ethernet driver. The function kaweth_set_rx_mode() improperly manipulates the TX queue by calling netif_stop_queue() followed by netif_wake_queue(), which can wake the TX queue while a tx_urb is still in flight, causing a double usb_sub...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43184

CVE-2026-43184 affects the Linux kernel component rnbd-srv. The root cause is failing to clear the response buffer before sending data, which could allow a remote client to receive unintended data when exchanging messages across protocol versions. Multiple vendors have patched this vulnerability ...

7.5CVSS5.8AI score0.00444EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43185

In Linux kernel ksmbd, a signedness bug in smb_direct_prepare_negotiation() casts unsigned __u32 values from sp->max_recv_size and req->preferred_send_size to signed int before min_t(). A crafted preferred_send_size of 0x80000000 can be treated as smaller than max_recv_size, enabling a subs...

9.8CVSS5.8AI score0.00622EPSS
Total number of security vulnerabilities14097