Lucene search
K
LinuxLinux Kernel

14105 matches found

CVE
CVE
added 2026/05/06 11:28 a.m.20 views

CVE-2026-43214

The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...

7.8CVSS5.7AI score0.00139EPSS
CVE
CVE
added 2026/05/08 1:41 p.m.20 views

CVE-2026-43348

The CVE-2026-43348 issue affects the Linux kernel’s mshv_vtl path: when registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the calculation of pgmap->vmemmap_shift can exceed MAX_FOLIO_ORDER, causing a WARN and -EINVAL during memremap_pages(). The root cause is failing to clamp the computed shif...

5.5CVSS5.8AI score0.001EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43127

CVE-2026-43127 concerns the Linux kernel ntfs3 component, where a circular locking dependency between wnd->rw_lock and ni->file.run_lock creates an AB-BA deadlock. The deadlock scenario: ntfs_extend_mft() acquires ni->file.run_lock then wnd->rw_lock; run_unpack_ex() acquires wnd->r...

5.5CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43134

The CVE-2026-43134 entry affects the Linux kernel Bluetooth stack. The root cause is a missing encryption key size check in the L2CAP_LE_CONN_REQ handling, which could permit a malformed L2CAP LE connection request and trigger a protocol violation. A patch was added to perform the key-size valida...

8.1CVSS5.8AI score0.00177EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43136

The CVE-2026-43136 issue affects the Linux kernel HID subsystem (logitech-hidpp) where fake USB devices could craft HID report descriptors without valid fields, potentially crashing the kernel over USB. The root cause is a missing validation in hidpp_get_report_length() that allowed reports with ...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43156

The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43157

Summary: CVE-2026-43157 affects the Linux kernel octeontx2-af CGX driver. The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap, tx_fc_pfvf_bmap) are allocated during cgx_lmac_init() but not freed during cgx_lmac_exit(), enabling a kernel memory leak (kmemleak) when the driver is unbound and rebound. I...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43180

The CVE-2026-43180 issue affects the Linux kernel kaweth USB Ethernet driver. The function kaweth_set_rx_mode() improperly manipulates the TX queue by calling netif_stop_queue() followed by netif_wake_queue(), which can wake the TX queue while a tx_urb is still in flight, causing a double usb_sub...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43184

CVE-2026-43184 affects the Linux kernel component rnbd-srv. The root cause is failing to clear the response buffer before sending data, which could allow a remote client to receive unintended data when exchanging messages across protocol versions. Multiple vendors have patched this vulnerability ...

7.5CVSS5.8AI score0.00444EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.19 views

CVE-2026-43185

In Linux kernel ksmbd, a signedness bug in smb_direct_prepare_negotiation() casts unsigned __u32 values from sp->max_recv_size and req->preferred_send_size to signed int before min_t(). A crafted preferred_send_size of 0x80000000 can be treated as smaller than max_recv_size, enabling a subs...

9.8CVSS5.8AI score0.00622EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43195

CVE-2026-43195 affects the Linux kernel component drm/amdgpu related to user queue size handling. The issue is resolved by adding validation to ensure user queue sizes meet hardware requirements: the size must be a power of two for correct ring-buffer wrapping and at least AMDGPU_GPU_PAGE_SIZE to...

5.5CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43200

The CVE-2026-43200 issue affects the Linux kernel PCI endpoint functionality. Specifically, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() swap parameters in their configfs unlink paths, which can trigger a kernel crash when using unlink in configfs. Red Hat's advisory frames thi...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43206

Summary: CVE-2026-43206 affects the Linux kernel’s drm/amdkfd component. The function kfd_event_page_set() writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes using memset without validating the destination buffer size, allowing an unprivileged local user to trigger an out-of-bounds memory write and potentia...

7.8CVSS5.9AI score0.00139EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43222

In the Linux kernel, the media: verisilicon: AV1 driver patch fixes a buffer-size miscalculation for tile information. The tile info structure (row_sb, col_sb, start_pos, end_pos) requires AV1_MAX_TILES × 16 bytes; using the incorrect define caused writes to non-allocated memory, risking memory c...

7.8CVSS5.9AI score0.00138EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43239

The CVE-2026-43239 issue concerns the Linux kernel SMB client where two concurrent operations could race while updating network interfaces via query_interfaces(), risking an inconsistent state. The root cause is improper synchronization of iface_last_update under iface_lock. Public advisories con...

8.8CVSS5.7AI score0.00354EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43248

In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43250

CVE-2026-43250 affects the Linux kernel ChipIdea USB Device Controller (UDC) driver. The vulnerability arises when a USB device is reconnected during an active transfer, because _ep_nuke() returns requests without unmapping DMA buffers or cleaning bounce buffers, leaving stale DMA state (num_mapp...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43261

The CVE-2026-43261 entry concerns the Linux kernel ARM64 arm64: TSV110 Spectre-BHB mitigation. The root cause is Spectre-BHB leakage via branch-prediction side channels on TSV110; mitigation consists of adding the TSV110 MIDR to the software mitigation list in the kernel. Affected component: Linu...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.19 views

CVE-2026-43269

The CVE-2026-43269 issue affects the Linux kernel drm/atmel-hlcdc driver, where the atomic_destroy_state path failed to free all allocated objects (notably drm_crtc_commit), causing a memory leak observed via kmemleak. The root cause is that only the framebuffer was freed by atomic_destroy_state;...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.19 views

CVE-2026-43290

Summary (CVE-2026-43290) A flaw in the Linux kernel's media subsystem (uvcvideo) can occur when start_streaming() fails due to an error in uvc_pm_get(), causing queued buffers to not be returned. The issue can lead to system instability or a denial of service by triggering a USB host controller f...

7.8CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.19 views

CVE-2026-43291

CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...

8.3CVSS5.8AI score0.00269EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.19 views

CVE-2026-43298

CVE-2026-43298 affects the Linux kernel drm/amdgpu driver. The issue arises during deinitialization where VF (Virtual Function) instances may attempt to release a VCN poison IRQ that was not enabled in VCNv2.5, causing a kernel warning in amdgpu_irq_put() and a potential instability. The disclose...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.19 views

CVE-2026-43306

CVE-2026-43306 affects the Linux kernel due to bpf: crypto: Use the correct destructor kfunc type. With CONFIG_CFI enabled, indirect calls must match the target function’s pointer type. In the reported case, a CFI failure occurred at bpf_obj_free_fields while freeing a BPF crypto context, signali...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.19 views

CVE-2026-43322

CVE-2026-43322 is a Linux kernel vulnerability in Bluetooth HCI sync handling (le_read_features_complete). The issue is a use-after-free (UAF) caused by freeing hci_conn after le_read_features_complete has been initiated but before it completes, allowing hci_cmd_sync_dequeue to fail to prevent th...

8.8CVSS5.8AI score0.00219EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.19 views

CVE-2026-43326

The CVE-2026-43326 entry documents a Linux kernel sched_ext deadlock vulnerability (SCX_KICK_WAIT) where CPUs busy-waited in kick_cpus_irq_workfn() and could form a cycle, freezing the system. The fix defers the wait to a balance callback by replacing the busy-wait with resched_curr(), forcing th...

5.5CVSS5.8AI score0.00083EPSS
CVE
CVE
added 2026/05/08 1:31 p.m.19 views

CVE-2026-43332

In the Linux kernel thermal subsystem, CVE-2026-43332 affects the thermal_zone_device_register_with_trips() error path. The root cause is a missing wait_for_completion() after registering a thermal zone device, which can allow the thermal zone object to be freed prematurely if user space holds a ...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/05/08 1:39 p.m.19 views

CVE-2026-43346

The CVE-2026-43346 entry documents a Linux kernel issue in ice: ptp used in VFIO passthrough where the PTP controlling PF (adapter->ctrl_pf) may not be initialized, causing NULL dereference risk and a WARN_ON() in ice_ptp_setup_pf(). The fix replaces the warning with an informational message a...

5.5CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2026/05/08 1:39 p.m.19 views

CVE-2026-43347

The CVE-2026-43347 details a Linux kernel arm64 Monaco issue where firmware mistakenly reports a Gunyah hypervisor memory region as available. The kernel may allocate from hypervisor-owned memory, causing spurious ESR=0x96000010 aborts and kernel crashes. The fix adds a reserved-memory carveout f...

7.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43354

CVE-2026-43354 affects the Linux kernel hx9023s proximity sensor driver (iio). The root cause is a division-by-zero in set_samp_freq when the sampling frequency is unspecified. The vulnerability was addressed by a fix in the kernel to protect against this division by zero. Multiple vendor advisor...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43392

Summary (CVE-2026-43392) : In the Linux kernel, the sched_ext vulnerability causes a potential DoS by starving the enable path in scx_enable() when fair-class workloads saturate the system. The root cause is a switch of the calling thread’s sched_class from fair to ext during the READY→ENABLED lo...

5.5CVSS5.7AI score0.0013EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43402

Summary: CVE-2026-43402 affects the Linux kernel where kthread exit paths were consolidated to prevent a use-after-free in the kthread/pid data cleanup, after crashes traced to corrupted RCU function pointers during KUnit tests. The root cause involves a pid hashtable conversion changing structur...

9.8CVSS5.8AI score0.00456EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43417

CVE-2026-43417 affects the Linux kernel, specifically the vfork()/CLONE_VM handling in sched/mmcid. The bug occurs when the number of tasks in a process is smaller than MMCID users, causing the system to loop through the task list and double-count already processed tasks. If this double processin...

5.5CVSS5.7AI score0.00107EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43420

CVE-2026-43420 describes a race in Ceph/Linux kernel unlink handling where i_nlink is decremented before completion of async unlink, risking underrun if the updated i_nlink becomes zero. The root cause is updating i_nlink without proper synchronization between ceph_unlink() and MDS responses; the...

4.7CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.19 views

CVE-2026-43424

The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43429

CVE-2026-43429 (Linux kernel, USB usbtmc): The vulnerability arises from the usbtmc driver accepting user-specified timeouts that can be arbitrarily long for usb_bulk_msg() calls, potentially causing kernel threads to hang indefinitely. The issue is resolved by using usb_bulk_msg_killable() with ...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43440

CVE-2026-43440 affects the Linux kernel net/mana driver, where during mana_gd_setup() cleanup a workqueue pointer (service_wq) could remain non-NULL after destroy_workqueue(), leading to a potential use-after-free if the pointer is checked after a failed setup. Connected advisories confirm the ro...

7.8CVSS5.8AI score0.00124EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43444

CVE-2026-43444 is a Linux kernel vulnerability in the drm/amdkfd component. The issue arises from improper error handling in which a buffer object (bo) is not released if a queue update fails, leaving the BO unreserved. The description across multiple sources notes that the error path should unre...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43450

CVE-2026-43450 affects the Linux kernel nfnetlink_cthelper code. The issue is an out-of-bounds read (8 bytes) in nfnl_cthelper_dump_table() caused when a previously saved “last” helper is deleted between dump rounds, allowing a faulty goto restart to bypass bounds checks. The problem was fixed by...

7.1CVSS5.8AI score0.00132EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43458

The CVE affects the Linux kernel’s caif_serial line discipline. A use-after-free (KASAN slab UAF) could be triggered in pty_write_room() when the caif_serial TX path invokes tty_write_room(), accessing tty->link->port. Root cause: improper management of the tty->link reference during ldi...

7.8CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.19 views

CVE-2026-43461

CVE-2026-43461 affects the Linux kernel’s spi: amlogic: spifc-a4 driver, specifically aml_sfc_dma_buffer_setup(). The patch fixes three DMA mapping error paths: (1) removing an unnecessary goto when sfc->daddr mapping fails, (2) preventing a double-unmap when info DMA mapping fails by avoiding...

7.8CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/05/13 3:8 p.m.19 views

CVE-2026-43477

Summary: CVE-2026-43477 affects the Linux kernel DRM i915 VRR path. The vulnerability arises from configuring VRR timings (TRANS_VRR_VMAX/FLIPLINE) before enabling TRANS_DDI_FUNC_CTL, which can cause an MCE hang on some Intel/Icelake platforms (e.g., Dell XPS 7390 2‑in‑1 with a dock and faulty US...

5.5CVSS5.7AI score0.00112EPSS
CVE
CVE
added 2026/05/13 3:8 p.m.19 views

CVE-2026-43479

CVE-2026-43479 concerns the Linux kernel’s lan78xx USB Ethernet driver. The issue is a WARN triggered during USB device disconnect in __netif_napi_del_locked when NAPI is still enabled, caused by an unnecessary netif_napi_del() call in the disconnect path. The provided documents consistently stat...

5.5CVSS5.7AI score0.00112EPSS
CVE
CVE
added 2026/05/27 12:15 p.m.19 views

CVE-2026-45863

Summary: CVE-2026-45863 relates to the Linux kernel i3c dw driver, where dw_i3c_master_i2c_xfers() leaks memory when pm_runtime_resume_and_get() fails. The root cause is allocating the xfer structure via dw_i3c_master_alloc_xfer() without freeing on the error path. Consequence: memory leak potent...

5.5CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/05/27 12:16 p.m.19 views

CVE-2026-45884

Summary of CVE-2026-45884 (Linux kernel, AppArmor): The issue is an integer underflow in aa_get_buffer() when dequeuing from the per-CPU list. If cache->hold drops to zero while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and causing aa_put_buffer() to...

5.5CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/05/27 12:16 p.m.19 views

CVE-2026-45887

CVE-2026-45887 affects the Linux kernel af_unix subsystem's unix_stream_connect() path. Root cause: if prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak. Impact: potential DoS or instability due to unreleased memory. Remediation: move pr...

5.5CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.19 views

CVE-2026-45903

CVE-2026-45903 concerns the Linux kernel where the BPF verifier memory-access flag handling in helper prototypes was incorrect. After a verifier refactor, several helpers using ARG_PTR_TO_MEM lacked MEM_RDONLY or MEM_WRITE, causing the verifier to incorrectly assume buffers were unchanged across ...

7.1CVSS5.9AI score0.00157EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.19 views

CVE-2026-45927

The CVE-2026-45927 issue affects the Linux kernel BPF subsystem. bpf_map_get_info_by_fd caches the hash of a map regardless of its frozen state, enabling a TOCTOU where a trusted loader could compare an older hash after a map is modified but before freezing. The fix returns -EPERM when the hash i...

4.7CVSS5.7AI score0.00092EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.19 views

CVE-2026-45953

CVE-2026-45953 affects the Linux kernel’s MD RAID5 subsystem. The root cause is a missing check in need_this_block() when an llbitmap bit is unwritten in a degraded array, which can cause stripe handling to deadlock and trigger an I/O hang (DoS-like impact). Public sources describe the issue and ...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.19 views

CVE-2026-46000

CVE-2026-46000 in the Linux kernel: rxrpc vulnerability where security checks decrypt bits of a packet in place while the skb may be shared with a packet sniffer, potentially exposing a decrypted (apparently corrupted) packet. The fix: when a packet was cloned, the kernel now hands a copy of the ...

5.5CVSS5.8AI score0.00159EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.19 views

CVE-2026-46001

Technical details about CVE-2026-46001 are not provided in the connected documents. The supplied sources only reiterate high‑level descriptions; there is no explicit information on affected products, root cause, impact, or a fix. Monitor for updates.

7.8CVSS5.9AI score0.00129EPSS
Total number of security vulnerabilities14105