CVE-2026-43388

CVE-2026-43388 (Linux kernel, DAMON) : The vulnerability arises in mm/damon/core/damos_walk(), which sets ctx->walk_control to a caller-provided control structure before checking if the context is running. If the context is inactive, it returns -EINVAL without clearing the pointer, leaving a d...

CVE-2026-43404

CVE-2026-43404: In the Linux kernel mm subsystem, hmm_range_fault() can livelock if folio_trylock() fails during device-private folio migration; the spinning waiter may be starved if a dependent work item on the same CPU never runs, causing a DoS-like livelock. Conditions include: migration path ...

CVE-2026-43411

CVE-2026-43411: Linux kernel TIPc divide-by-zero in tipc_sk_filter_connect() when conn_timeout is 0–3, triggering a kernel oops/panic on certain overload retry paths. The public docs state that an attacker can set conn_timeout via setsockopt(TIPC_CONN_TIMEOUT) to values below 4, causing delay %= ...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

CVE-2026-43415

CVE-2026-43415 describes a race in the Linux kernel’s UFS host controller driver (scsi: ufs: core) during UFS suspend. The issue arises because cancel_delayed_work_sync() is invoked after ufshcd_vops_suspend(..., POST_CHANGE), allowing ufshcd_rtc_work() to race with suspend operations and potenti...

CVE-2026-43418

CVE-2026-43418 describes a race in the Linux kernel sched/mmcid subsystem: when new tasks are created concurrently, a newly forked task is counted as an MMCID user before it is visible in thread and task lists, which can lead to an incorrect CID allocation and potentially a machine stall. The mit...

CVE-2026-43419

CVE-2026-43419 affects the Linux kernel Ceph filesystem component, where ceph_mdsc_build_path() could leak memory via a path pointer obtained with __getname() if not freed or transferred. The fixes add __putname() calls in error paths and ensure the pointer is freed when ownership isn’t passed to...

CVE-2026-43424

The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...

CVE-2026-43434

CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...

CVE-2026-43447

Summary: CVE-2026-43447 affects the Linux kernel iavf driver. A race condition arises when a PTP worker that caches PHC time is not stopped during adapter reset/disable, potentially freeing AQ-backed resources while the worker runs. If the worker calls into ptp commands during teardown, memory/lo...

CVE-2026-43450

CVE-2026-43450 affects the Linux kernel nfnetlink_cthelper code. The issue is an out-of-bounds read (8 bytes) in nfnl_cthelper_dump_table() caused when a previously saved “last” helper is deleted between dump rounds, allowing a faulty goto restart to bypass bounds checks. The problem was fixed by...

CVE-2026-43456

CVE-2026-43456 affects the Linux kernel bonding driver. When a non-Ethernet device (e.g., GRE tunnel) is enslaved to a bond, bond_setup_by_slave() copies the slave’s header_ops to the bond device, causing a type confusion in header callbacks (e.g., ipgre_header) that use netdev_priv(dev). The res...

CVE-2026-43472

The CVE describes a Linux kernel unshare(2) bug: when CLONE_NEWNS is requested and current->fs wasn’t previously shared, copy_mnt_ns() could receive a non-private fs_struct. If copy_mnt_ns() succeeds but a subsequent copy_cgroup_ns() fails, the destroyed namespace can leave current->fs->...

CVE-2026-46176

The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...

CVE-2026-46265

The CVE-2026-46265 issue affects the Linux kernel RDMA/hns path. When sunrpc is in use and a reset occurs, QP destruction may lead to a WQ_MEM_RECLAIM dependency warning during workqueue flushing, risking kernel instability. The fixed code fixes the WQ_MEM_RECLAIM handling in the RDMA/hns path (Q...

CVE-2026-46267

CVE-2026-46267 affects the Linux kernel NFC HCI SHDLC subsystem. The root cause is that timers and state-machine work can remain active during llc_shdlc_deinit(), which purges SHDLC skb queues and frees the llc_shdlc structure while callbacks may still access SHDLC state and queues. If teardown r...

CVE-2026-46272

The CVE-2026-46272 issue is a race in the Linux kernel CoreSight TMC ETR driver that occurs when sysfs and perf modes are enabled concurrently. A WARN_ON in tmc_etr_enable_hw() can trigger due to a race between the two critical regions (sysfs buffer allocation vs. hardware enablement). The fix ad...

CVE-2022-50426

CVE-2022-50426 affects the Linux kernel remoteproc path for imx_dsp_rproc. The issue arises from a workqueue that may run after rproc_stop_subdevices releases resources, allowing rproc_vq_interrupt to access freed rpmsg endpoints. The fix adds mutex protection in imx_dsp_rproc_vq_work to skip rpr...

CVE-2022-50452

CVE-2022-50452 describes a null-pointer dereference in the Linux kernel net:sched: cake path during cake_init() failure. If the default qdisc is cake and mqprio_init() fails, cake_reset() clears resources but q->tins remains NULL, leading to a NULL dereference in cake_dequeue_one(). The connec...

CVE-2022-50453

CVE-2022-50453 affects the Linux kernel (gpiolib: cdev). The vulnerability arises from NULL-pointer dereferences when userspace can trigger GPIO syscalls on a hot-unplugged GPIO device, allowing races where a device is removed after a NULL check. The fix partially mitigates by verifying gdev->...

CVE-2022-50477

CVE-2022-50477 (Linux kernel): A memory leak in the RTC device management was fixed. During devm_rtc_allocate_device(), a rtc_device is allocated before calling dev_set_name(). If dev_set_name() fails, the rtc_device could leak. The fix reorders actions by moving devm_add_action_or_reset() in fro...

CVE-2022-50484

CVE-2022-50484 affects the Linux kernel ALSA USB audio driver. The vulnerability is a memory leak when -ENOMEM occurs during URB/buffer allocation inside the sync EP URB loop, where ep->nurbs remained 0 and partially allocated URBs could be left unreleased. The fix initializes ep->nurbs ear...

CVE-2022-50498

CVE-2022-50498 : In the Linux kernel, the alx ethernet driver vulnerability stems from not taking the rtnl_lock during resume, allowing an rtnl assertion to trip in net/core/dev.c when reopening on resume. The issue is localized to the alx driver’s suspend/resume path and is triggered during devi...

CVE-2022-50507

CVE-2022-50507 : Linux kernel ntfs3 data run offset validation bug. The issue arises from insufficient sanity checks when unpacking NTFS data runs, potentially enabling a use-after-free or out-of-bounds memory access during mount operations. The vulnerability is fixed by adding data-run offset va...

CVE-2022-50508

CVE-2022-50508 affects the Linux kernel wifi driver for MT76x0/MT76x02. After commit ba45841ca5eb, MT76x02 relies on ht[0-7] rate_power for vht mcs{0,7} but uses vth[0-1] rate_power for vht mcs{8,9}, which can cause a possible out-of-bounds access in the function mt76x0_phy_get_target_power. The ...

CVE-2022-50515

The connected SUSE/OSV entries confirm a concrete fix for CVE-2022-50515 in the Linux kernel’s DRM amdgpu path: memory leak in hpd_rx_irq_create_workqueue() when unwinding after failed workqueue construction. The SUSE-SU-2025:4320-1 advisory notes the SLES15 SP5 kernel update addresses this and o...

CVE-2022-50544

In CVE-2022-50544, the Linux kernel USB host xHCI code (xhci_alloc_stream_info) allocates a stream_ctx_array via xhci_alloc_stream_ctx and fails to free stream_info->stream_ctx_array on certain error paths, causing a memory leak. The documented fix releases stream_info->stream_ctx_array wit...

CVE-2022-50549

CVE-2022-50549 describes an ABBA deadlock in the Linux kernel’s dm-thin path where concurrent drop_caches and dm thin worker activity can cause a deadlock between shrink_slab (holding shrinker_rwsem) and dm_pool_abort_metadata (holding dm_block/root locks). The result is a hung task as shown by t...

CVE-2022-50550

CVE-2022-50550 affects the Linux kernel’s blk-iolatency component. The flaw arises when a gendisk is initialized but add_disk() fails; iolatency is initialized during init but not cleaned up in error handling, causing a memory leak. The root cause is that cleanup previously relied on del_gendisk(...

CVE-2023-53459

CVE-2023-53459 relates to the Linux kernel vulnerability HID: mcp-2221, which can cause a use-after-free in delayed work if a device is unplugged before mcp_init_work() completes. The issue is addressed by cancel_delayed_work_sync, which prevents the delayed_work item from requeueing. Affected co...

CVE-2023-53460

CVE-2023-53460 describes a memory-leak in the Linux kernel wifi driver rt w88 (rtw_usb_probe) in drivers/net/wireless/realtek/rtw88/usb.c:876, where an allocated hw structure may not be released on a path, reported as the line 811 release issue. The root cause is a leak in the USB probe path (rtw...

CVE-2023-53464

CVE-2023-53464 affects the Linux kernel: the iscsi_tcp path in SCSI may assign values to tcp_sw_conn->sendpage and conn->datadgst_en before validating sock, risking inconsistency due to a null/invalid sock. The fix relocates the assignment so the sock is validated prior to use, as described...

CVE-2023-53465

CVE-2023-53465 : Linux kernel vulnerability in the SoundWire qcom driver where qcom_swrm_ctrl->pconfig (14 entries) can be written past bounds because indexing starts at 1 instead of 0, corrupting the next struct member. Exploitation is local (per CVSS: 7.1, HIGH impact on availability/Confide...

CVE-2023-53466

CVE-2023-53466 pertains to the Linux kernel wifi driver mt76 mt7915. The issue is a memory leak in the mt7915_mcu_exit path. The security update fixes by always purging mcu skb queues in mt7915_mcu_exit, even if mt7915_firmware_state fails. This mirrors the vulnerability being addressed in OSV-20...

CVE-2023-53471

The CVE-2023-53471 issue affects the Linux kernel’s DRM AMDGPU driver (gfx9). The root cause is that gfx9 cp_ecc_error_irq was enabled only when legacy gfx ras is asserted, but gfx_v9_0_hw_fini may disable cp_ecc_error_irq outside that condition, leading to an amdgpu_irq_put calltrace. Affected p...

CVE-2023-53477

Summary of CVE-2023-53477 (Linux kernel) Affects: Linux kernel; vulnerability lies in IPv6 nexthop length calculation during route changes when lwtunnel is present on siblings but not in fib6_info, causing a mismatch and warning in inet6_rt_notify. Root cause: In rt6_nlmsg_size(), nexthop length ...

CVE-2023-53482

The CVE-2023-53482 is a Linux kernel vulnerability in iommu_group_alloc() where an error unwind path may leak iommu_group if iommu_group_grate_file() fails. The fix destroys the leaked iommu_group on those error paths. Affected component: kernel iommu/group allocation logic. Root cause: missing c...

CVE-2023-53490

Public details for CVE-2023-53490 are not present in the provided connected documents. The initial description describes a Linux kernel mptcp race between disconnect/shutdown and accept, but there is no additional technical data (affected versions, fixes, mitigations, or exploitation status) in t...

CVE-2023-53501

No public technical details about CVE-2023-53501 were found in the provided connected documents. The initial description mentions a Linux kernel fix for PASID refcount with no vendor/affected-version specifics or mitigations. Monitor for updates.

CVE-2023-53520

CVE-2023-53520 relates to the Linux kernel Bluetooth subsystem. A race can occur when an hci_dev object is freed by hci_unregister_dev() while hci_suspend_notifier may still access it, potentially causing a crash (as shown by the call trace in hci_suspend_sync). The patch fixes this by holding a ...

CVE-2023-53551

The CVE-2023-53551 issue affects the Linux kernel USB gadget, specifically the u_serial driver. The root cause was a potential null pointer dereference in gserial_resume that could occur if gserial_disconnect had already cleared gser->ioport and a wakeup interrupt fired afterward. The fix adds...

CVE-2023-53558

CVE-2023-53558 affects the Linux kernel. Details from the initial document show a bug in rcu-tasks: pr_info() was called while holding rtp->cbs_gbl_lock, which could sleep and trigger a BUG; the vulnerability is resolved by moving pr_info() so it runs without the lock. The patch is described a...

CVE-2023-53566

The CVE-2023-53566 issue affects the Linux kernel’s netfilter nft_set_rbtree: a null pointer dereference can occur on element insertion (nft_rbtree_gc_elem) and a potential use-after-free during iteration. Connected advisories confirm a fixed in kernel updates (e.g., SUSE SUSE-SU-2025:4320-1 / SU...

CVE-2023-53584

CVE-2023-53584 pertains to the Linux kernel ubifs_releasepage path, where an assertion ubifs_assert(0) can fail during page release, potentially triggering UBIFS read-only mode and faulting I/O. Public docs show this was fixed in vendor-specific patches: Root:Ubuntu-22.04 advised patches (ROOT-OS...

CVE-2023-53617

CVE-2023-53617 affects the Linux kernel in the Aspeed SoC information path. The issue arises in the error handling path of soc:aspeed:socinfo, where memory allocated for kstrdup could leak. The fix adds a kfree() in the error handling to prevent memory leaks. Connected advisories reference kernel...

CVE-2023-53623

CVE-2023-53623 concerns the Linux kernel swap subsystem. The vulnerability arises from a race in swap_info[] handling where one thread deleting an si from the swap_info available list can be bypassed if si->lock isn’t held, allowing another thread to re-add the si and continue clearing flags s...

CVE-2023-53640

CVE-2023-53640: In Linux kernel ASoC lpass, a use-after-free / out-of-bounds read in regcache_flat_read was fixed. The issue manifested as a KASAN slab-out-of-bounds read (read size 4) during regcache/regmap operations, observed in syzkaller backtraces. The vulnerability is addressed by the upstr...

CVE-2023-53651

Summary: CVE-2023-53651 is addressed in SUSE SUSE-SU-2025:4320-1 (kernel updates for SLE 15 SP5 and related branches). The issue concerns the Linux kernel timer handling during driver unbind or probe failures, where failure to stop the exc3000 timer can cause a use-after-free/oops. The provided c...

CVE-2023-53670

The CVE-2023-53670 issue in Linux kernel nvme-core was resolved by a patch that fixes a dev_pm_qos memleak. The root cause was an unguarded latency-tolerance accounting leading to kmemleak reporting of an unreferenced object in nvme_init_ctrl during error unwind. The vulnerability has a CVSS v3.1...

CVE-2023-53684

Summary (CVE-2023-53684) in the Linux kernel's xfrm subsystem, the patch fixes a padding issue when copying data to user space. Specifically, zero padding is now used when dumping xfrm algorithms and the encap template in xfrm_user, preventing potentially sensitive padding data from being exposed...