13692 matches found
CVE-2025-39906
The CVE-2025-39906 issue affects the Linux kernel drm/amd/display code. A fix removes the OEM I2C adapter on finish, addressing a bug where unbinding the GPU left the OEM I2C adapter registered, which could lead to a NULL pointer dereference when applications access the invalid device. The fix is...
CVE-2023-54207
CVE-2023-54207 affects the Linux kernel HID: uclogic driver. The root cause is using the input_dev name’s devm allocation instead of referencing the HID device, which could lead to a use-after-free when the input_dev is unregistered and a uevent depending on its name fires. The fix switches to re...
CVE-2025-39915
Summary: CVE-2025-39915 concerns the Linux kernel: a locking order issue where phy_config_inband() would acquire &pl->phydev->lock while phylink_major_config() had already acquired &pl->state_mutex, creating a potential deadlock when combined with phy_link_up/phy_link_down in the phylink...
CVE-2025-39928
CVE-2025-39928 affects the Linux kernel RTL9300 I2C driver. The vulnerability arises from not validating the transfer length in rtl9300_i2c_config_xfer, allowing a data length of 0 to underflow and be treated as 16 due to (len - 1) & 0xf, which can trigger a 16-byte write and potentially soft-bri...
CVE-2025-39935
CVE-2025-39935 affects the Linux kernel ASoC codec sma1307. The vulnerability arises in sma1307_setting_loaded(): sma1307->set.header_size indicates 8 header integers, but the code allocates only 8 bytes instead of 8 integers, causing memory corruption during memcpy(sma1307->set.header, dat...
CVE-2025-39936
The CVE-2025-39936 issue affects the Linux kernel crypto: ccp code path used during SEV/SNP shutdown. Root cause: __sev_firmware_shutdown() could call __sev_platform_shutdown_locked() with a NULL argument after the error-messages refactor, causing a NULL pointer dereference on the shutdown path d...
CVE-2025-39954
The CVE-2025-39954 issue concerns the Linux kernel (clk: sunxi-ng: mp) where the P divider offset was omitted in the .recalc_rate readback for dual-divider clocks, causing the reported clock rate to be bogus or zero. The COMMITs in the connected sources indicate that the problem arises specifical...
CVE-2025-39960
Concrete details from connected sources show CVE-2025-39960 affecting the Linux kernel gpiolib/acpi path. The root cause is uninitialized acpi_gpio_info passed to __acpi_find_gpio(), leading to info->quirks usage in acpi_populate_gpio_lookup and breaking i2c_hid_cpi HID over I2C probes. The fi...
CVE-2025-39962
The CVE-2025-39962 entry concerns the Linux kernel RXRPC path. A bug in rxgk_app.c involved an untrusted unsigned subtract (ticket_len - 10 * 4) that could affect token parsing. The fix prechecks token lengths in two places and uses sizeof() for the extracted struct. This CVE is marked as resolve...
CVE-2025-40090
CVE-2025-40090 concerns ksmbd in the Linux kernel. The vulnerability stems from a recursive locking issue: ksmbd_session_rpc_method() attempts to lock sess->rpc_lock, while a caller may already hold it for a write, causing a deadlock with ksmbd_rpc_open and related paths when a client opens a ...
CVE-2025-68351
The CVE-2025-68351 issue is in the Linux kernel exfat code, specifically a refcount leak in exfat_find. The root cause is that exfat_get_dentry_set increments es->bh on success but the corresponding exfat_put_dentry_set may not be consistently invoked, leading to leaks. The patch relocates two...
CVE-2025-68817
The CVE-2025-68817 entry concerns a Linux kernel ksmbd issue: a use-after-free in ksmbd_tree_connect_put under concurrent disconnect paths. Under high concurrency, a tcon (tree-connection object) can be freed on disconnect while another path still holds a reference and may later call *_put() or w...
CVE-2025-71072
CVE-2025-71072 : In the Linux kernel, a rename/recovery issue in shmem was fixed. The root cause affected how maple_tree insertions and simple_offset_rename() pathways handled memory pressure and failure paths, including simple_offset_rename_exchange(). The fix involves how shmem_rename2() pre-in...
CVE-2025-71079
CVE-2025-71079 concerns a Linux kernel deadlock between nfc_unregister_device() and rfkill_fop_write() caused by lock-order inversion (device_lock vs rfkill_global_mutex). The fix moves rfkill_unregister() and rfkill_destroy() outside the device_lock section, storing the rfkill pointer in a local...
CVE-2025-71231
CVE-2025-71231 is addressed by a Linux kernel crypto: iaa fix that prevents an out-of-bounds index in find_empty_iaa_compression_mode and ensures a valid index or -EINVAL is returned. Connected OSV entries show Root patching the issue in rootio-linux for multiple distros (e.g., Root:Ubuntu 24.04,...
CVE-2025-71269
In CVE-2025-71269, the Linux kernel fixes a data-reservation handling bug in Btrfs: when inline extents fail due to -ENOSPC, the code previously freed the reserved qgroup data unconditionally. The fix updates __cow_file_range_inline() to free reserved qgroup data only if the fallback path is not ...
CVE-2025-71288
The CVE-2025-71288 entry concerns the Linux kernel mtk-smi memory driver. The root cause is failure to release device references during common probe failures and on driver unbind, leading to potential resource exhaustion. This could enable a local attacker to cause a Denial of Service on affected...
CVE-2026-23009
CVE-2026-23009 is a Linux kernel vulnerability in the xHCI sideband code where xhci_sideband_remove_endpoint() could dereference a non-existent transfer ring (ep->ring) during suspend/resume or re-enumeration, risking a crash. The fix adds a guard to only dereference ep->ring if it exists a...
CVE-2026-23248
CVE-2026-23248 affects the Linux kernel perf/core component, specifically the perf_mmap path that initializes a ring_buffer. The issue is a race between a failing mmap() setup and a concurrent mmap() on a dependent event (e.g., due to output redirection). The ring_buffer pointer (event->rb) is...
CVE-2026-23250
CVE-2026-23250 is a Linux kernel vulnerability in the XFS code path. The issue arises from not checking the return value of xchk_scrub_create_subord, which could yield an ENOMEM mangling the flow. The fix updates xchk_scrub_create_subord to return NULL on allocation failure and adjusts callers to...
CVE-2026-23251
The CVE-2026-23251 issue affects the Linux kernel XFS code: destructors xfarray/xfblob were invoked on possibly-invalid pointers. The patch ensures xf{array,blob}_destroy is only called for a valid pointer and clears it afterwards, improving memory safety. The fix was merged in commits between 6....
CVE-2026-23258
CVE-2026-23258 is acknowledged in OSV entries as a vulnerability present in the Linux kernel context via the Root:Ubuntu rootio-linux package. Ubuntu security advisories indicate patches are available for Ubuntu 22.04 LTS and 24.04 LTS (Root:Ubuntu:22.04 and Root:Ubuntu:24.04) with multiple fixed...
CVE-2026-23259
CVE-2026-23259 affects the Linux kernel io_uring/rw path. The issue arises when a read/write request with an allocated iovec attached fails to be placed into rw_cache, leaving an unaccounted iovec pointer. The fix makes io_rw_recycle() return whether the request was recycled, and uses that result...
CVE-2026-23260
CVE-2026-23260 involves the Linux kernel memory-leak in regmap maple: when mas_store_gfp() fails, the newly allocated 'entry' is not freed, leaking memory. The fix frees 'entry' on the failure path and frees the replaced neighbor blocks ('lower','upper') on success. Connected advisories show patc...
CVE-2026-23265
Summary: CVE-2026-23265 relates to the Linux kernel F2FS filesystem. The issue arises from a faulty sanity check on the node footer during read/end_io paths, leading to an inconsistency between the node page index (nid) and footer.nid. If a node page footer is corrupted (e.g., in a fuzzed image) ...
CVE-2026-23277
CVE-2026-23277 (TEQL NULL pointer dereference in iptunnel_xmit) is fixed in Linux kernel TEQL transmit path. When a GRE Gretap tunnel is TEQL slave, teql_master_xmit() transmits via netdev_start_xmit() without updating skb->dev to the slave. iptunnel_xmit then uses the original dev from skb-&g...
CVE-2026-23284
Technical details for CVE-2026-23284 are not publicly provided in the supplied documents; none of the connected advisories describe affected product/version or fix for this CVE. Monitor for updates.
CVE-2026-23291
CVE-2026-23291 affects the Linux kernel’s nfc pn533 driver where a dangling USB interface reference could occur on disconnect. The issue arises from the probe path grabbing a USB interface reference and not dropping it properly after use. Upstream fixes drop the reference when the device is disco...
CVE-2026-23294
The CVE describes a race in the Linux kernel’s PREEMPT_RT path for the per-CPU xdp_dev_bulk_queue (bq). The vulnerability arises because bq_enqueue() and __dev_flush() were believed to run atomically on the same CPU, but PREEMPT_RT can preempt, leading to concurrent access to bq->count and bq-...
CVE-2026-23309
CVE-2026-23309 refers to a Linux kernel vulnerability in the tracing subsystem. The issue was a NULL pointer dereference in trigger_data_free() when data->cmd_ops->set_filter is evaluated after a failed trigger_data_alloc() and returning NULL. The root cause was that trigger_data_free() did...
CVE-2026-23311
CVE-2026-23311 is a Linux kernel issue in perf/core: Fix of an invalid wait context in ctx_sched_in(). Lockdep reports a bug where a pinned event wakeup could grab a wait-queue lock under perf-context lock; the fix switches to using irq_work and avoids grabbing the lock in the problematic context...
CVE-2026-23322
The CVE-2026-23322 entry concerns the Linux kernel IPMI sender path. The root cause is a use-after-free and list corruption in the SMI sender error handling: when sender() fails, smi_work() delivers an error response but restarts without clearing curr_msg, leaving newmsg pointing to the same mess...
CVE-2026-23328
CVE-2026-23328 – Linux kernel (accel/amdxdna): The vulnerability is a NULL pointer dereference in mgmt_chann when the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(), which may set mgmt_chann to NULL and cause a later NULL dereference in aie2_hw_stop(). The fixed patch introduce...
CVE-2026-23331
The CVE-2026-23331 issue concerns the Linux kernel UDP 4-tuple hash table: when an auto-bound UDP socket is bound, connected, and then disconnected, the socket may be moved to a new hash slot without removing the old entry, leaving garbage in the 4-tuple chain. The fix is to remove such a socket ...
CVE-2026-23332
The CVE-2026-23332 issue affects the Linux kernel cpufreq/ intel_pstate driver. When booted with nosmt or maxcpus and attempting to disable turbo via /sys/devices/system/cpu/intel_pstate/no_turbo, a NULL pointer dereference can occur because for_each_possible_cpu() may consider offline CPUs and a...
CVE-2026-23338
The CVE-2026-23338 issue affects the Linux kernel component drm/amdgpu/userq. Userspace can trigger kernel warnings by providing an incorrect or growing number of fences across a userq wait ioctl, causing a backtrace to be emitted. The fix removes WARN_ONs so that, when the kernel detects nothing...
CVE-2026-23340
CVE-2026-23340 affects the Linux kernel net sched subsystem where qdisc_reset_all_tx_gt() can race with the lockless dequeue path, potentially causing use-after-free of skbs when the number of real TX queues changes (e.g., via ethtool -L on virtio-net). The fix is to serialize qdisc_reset() again...
CVE-2026-23344
The CVE-2026-23344 issue affects the Linux kernel crypto: ccp module. In sev_tsm_init_locked(), the error path dereferences t after it has been freed (kfree), with pr_err() attempting to access t->tio_en and t->tio_init_done after free. The documented fix moves the pr_err() call before kfre...
CVE-2026-23363
The CVE-2026-23363 issue affects the Linux kernel wifi driver stack, specifically the mt7925 component of the mt76 driver. A missing frame-length check in mt7925_mac_write_txwi_80211() could allow out-of-bounds access to management fields, potentially impacting system stability. The vulnerability...
CVE-2026-23368
CVE-2026-23368 — Linux kernel : A deadlock (AB-BA) occurs when both LED_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled. The issue stems from LED_TRIGGER_PHY registering LED triggers during phy_attach while holding RTNL and then acquiring triggers_list_lock, while LEDS_TRIGGER_NETDEV enables an LE...
CVE-2026-23370
CVE-2026-23370 concerns a Linux kernel vulnerability in platform/x86: dell-wmi-sysman where set_new_password() hex dumps the buffer containing plaintext passwords (including current/new passwords). The issue could leak credentials locally and is mitigated by removing the hex dump; upstream kernel...
CVE-2026-23372
CVE-2026-23372 affects the Linux kernel NFC rawsock path (rawsock_release) where tx_work can race with socket/device teardown, risking use-after-free or leaked references. The fix adds synchronization: set SEND_SHUTDOWN to prevent in-progress tx_work, use cancel_work_sync to wait for in-flight ex...
CVE-2026-23374
CVE-2026-23374 affects the Linux kernel blktrace path. The root cause is tracing_record_cmdline() using __this_cpu_read()/__this_cpu_write() on a per-CPU variable while preemption is enabled, which is unsafe and triggers a kernel BUG in preemptible code through __blk_add_trace() paths. Public wri...
CVE-2026-23381
CVE-2026-23381 – Linux kernel net/bridge nd_tbl NULL dereference when IPv6 is disabled . When booted with ipv6.disable=1, nd_tbl isn’t initialized because inet6_init() exits early, causing br_do_suppress_nd() to dereference a NULL ipv6_stub->nd_tbl and trigger a kernel NULL pointer dereference...
CVE-2026-23384
CVE-2026-23384 : In the Linux kernel's RDMA/ionic component, a kernel stack leak was fixed in the function ionic_create_cq(). The resp structure leaks 7 bytes from rsvd[7], and up to 4 additional bytes in cqid[2] (potentially 11 bytes total) if udma_mask only has bit 0 set and cqid[1] is not writ...
CVE-2026-23389
CVE-2026-23389 (Linux kernel ice component) : The issue is a memory leak in ice_set_ringparam() where tx_rings and xdp_rings are allocated before rx_rings. If rx_rings allocation fails, the code jumps to a done path that leaks both tx_rings and xdp_rings; if a per-Rx ring setup fails, code may ju...
CVE-2026-23396
The CVE-2026-23396 issue affects the Linux kernel mac80211 mesh code. The function mesh_matches_local() dereferenced ie->mesh_config without verifying presence, allowing a crafted CSA action frame that includes a Mesh ID IE but omits the Mesh Configuration IE to crash the kernel. The race is t...
CVE-2026-23403
CVE-2026-23403 concerns the AppArmor memory leak in Linux kernel’s verify_header. The issue arises because a function sets *ns = NULL on every call, leaking the previously allocated namespace string across successive profile unpackings and causing namespace consistency checks to see NULL for *ns....
CVE-2026-23407
The CVE-2026-23407 issue affects the Linux kernel AppArmor DFA verification. The root cause is a missing bounds check on DEFAULT_TABLE in verify_dfa(), which can read k = DEFAULT_TABLE[j] as an index without validation when traversing the differential encoding chain, allowing out-of-bounds reads/...
CVE-2026-23422
CVE-2026-23422 concerns the Linux kernel’s dpaa2-switch component. An out-of-bounds if_id detected in the IRQ handler could leave the interrupt status uncleared, potentially causing an interrupt storm and a DoS-like condition. The technical details in connected documents show the root cause as mi...