Lucene search
K
LinuxLinux Kernel

14105 matches found

CVE
CVE
added 2026/02/14 3:36 p.m.18 views

CVE-2026-23142

CVE-2026-23142 affects the Linux kernel component mm/damon/sysfs-scheme. The root cause is in the cleanup path when a DAMOS-scheme DAMON sysfs directory setup fails after creating access_pattern/; subdirectories under access_pattern/ are not cleaned up, leaving the DAMON sysfs interface partially...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.18 views

CVE-2026-23148

CVE-2026-23148 describes a race in the Linux kernel’s nvmet path where a completed bio can be re-submitted and dereferenced after bio_uninit() clears bio->bi_blkg, leading to a NULL pointer dereference in blk_cgroup_bio_start(). The race occurs when nvmet_bio_done() and nvmet_req_complete() in...

7.5CVSS5.2AI score0.00271EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.18 views

CVE-2026-23158

CVE-2026-23158 (Linux kernel) affects gpio-virtuser: the configfs release path frees the device inside a guard(mutex) region, leading to a use-after-free when mutex_unlock() runs after the guard. The issue is caused by destroying the mutex and freeing the device while still within the lock’s guar...

7.8CVSS5.2AI score0.00116EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.18 views

CVE-2026-23196

CVE-2026-23196 affects the Linux kernel through the Intel THC HID driver, where a NULL pointer dereference can occur when reading a DMA buffer. The root cause is missing a DMA buffer readiness check before access, potentially crashing the kernel. Red Hat’s advisory explicitly cites this NULL dere...

5.5CVSS5.4AI score0.001EPSS
CVE
CVE
added 2026/03/18 5:46 p.m.18 views

CVE-2026-23267

The CVE-2026-23267 issue is a Linux kernel f2fs race where an IS_CHECKPOINTED flag inconsistency during atomic commits could cause an -EINVAL in f2fs_recover_inode_page. The root cause is a race between f2fs_ioc_commit_atomic_write and f2fs_write_checkpoint, with the last_folio’s nat_entry flag n...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.18 views

CVE-2026-23281

In CVE-2026-23281, the Linux kernel Libertus wifi driver (lbs_free_adapter) uses non‑synchronous timer_delete() for command_timer and tx_lockup_timer, risking use‑after‑free if a timer callback runs during free. The callbacks (lbs_cmd_timeout_handler, lbs_tx_lockup_handler) access freed fields, c...

7.8CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.18 views

CVE-2026-23291

CVE-2026-23291 affects the Linux kernel’s nfc pn533 driver where a dangling USB interface reference could occur on disconnect. The issue arises from the probe path grabbing a USB interface reference and not dropping it properly after use. Upstream fixes drop the reference when the device is disco...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23307

CVE-2026-23307 concerns the Linux kernel CAN/EMS USB code, where ems_usb_read_bulk_callback() failed to validate message lengths, reading beyond buffers because actual_length can exceed the expected transfer_buffer_length, risking overflow when parsing messages. The root cause is insufficient len...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23319

Summary (CVE-2026-23319) : In the Linux kernel, a use-after-free (UAF) vulnerability in bpf_trampoline_link_cgroup_shim was fixed. The root cause was a race window where, after bpf_link_put reduces the refcount of shim_link->link.link to zero, the resource is considered released but may still ...

7.8CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23330

Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23362

CVE-2026-23362 affects the Linux kernel component can/bcm locking during bcm_op runtime updates (bcm_tx_setup/bcm_rx_setup). Connected OSV records show Root (rootio-linux) has patched this CVE in Root:Debian:11/12/13 with multiple fixed versions across Debian/Ubuntu and Mageia advisories, indicat...

5.5CVSS5.7AI score0.00095EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23375

CVE-2026-23375 (Linux kernel THP for anonymous inodes) – concrete details in connected docs : The issue arises from file_thp_enabled() incorrectly allowing/thp collapse for anonymous inodes created via alloc_file_pseudo() (e.g., guest_memfd, secretmem), enabling khugepaged/MADV_COLLAPSE exploits ...

5.5CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/03/25 10:28 a.m.18 views

CVE-2026-23383

CVE-2026-23383 affects the Linux kernel’s BPF JIT path on arm64. The root cause was 4-byte alignment in bpf_jit_binary_pack_alloc() causing the JIT buffer’s base to be only 4-byte aligned, which could misalign the 64-bit target field in struct bpf_plt. Consequences include UBSAN misaligned-access...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/04/02 11:40 a.m.18 views

CVE-2026-23417

CVE-2026-23417 affects the Linux kernel BPF component where PROBE_MEM32 immediate stores (BPF_ST|BPF_PROBE_MEM32) were not blinded by the JIT constant-blinding path. The root cause is that convert_ctx_accesses() rewrites BPF_ST|BPF_MEM to BPF_ST|BPF_PROBE_MEM32 during verification, but the blindi...

5.5CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.18 views

CVE-2026-23430

The CVE-2026-23430 issue affects the Linux kernel DRM/vmwgfx component, where the KMS surface dirty tracker was being overwritten, leading to a memory leak. The vulnerability has been resolved in the kernel by correcting this behavior. Connected sources confirm the root cause and the fix are impl...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.18 views

CVE-2026-23454

CVE-2026-23454 (Linux kernel, mana subsystem) : A race in mana_hwc_destroy_channel() can free hwc->caller_ctx before CQ/EQ are destroyed, enabling a use-after-free/NULL dereference in mana_hwc_handle_resp(). The root cause is lack of IRQ synchronization and a teardown order that frees resource...

7CVSS5.7AI score0.00118EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.18 views

CVE-2026-31393

CVE-2026-31393 affects the Linux kernel Bluetooth L2CAP code. The vulnerability arises in l2cap_information_rsp() where the code checks the fixed L2CAP_INFO_RSP header length but may read rsp->data without verifying payload presence, allowing a truncatd RSP with result==L2CAP_IR_SUCCESS to tri...

8.1CVSS5.7AI score0.00255EPSS
CVE
CVE
added 2026/04/06 7:38 a.m.18 views

CVE-2026-31409

CVE-2026-31409 affects the Linux kernel ksmbd component. A multichannel SMB2_SESSION_SETUP with SMB2_SESSION_REQ_FLAG_BINDING could fail, but ksmbd did not clear conn->binding on the error path, leaving the connection in a binding state. This caused ksmbd_session_lookup_all() to fall back to t...

8.8CVSS5.7AI score0.00454EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.18 views

CVE-2026-31447

CVE-2026-31447 affects the Linux kernel ext4, where mounting a filesystem with bigalloc and s_first_data_block != 0 is rejected. The root cause is that this configuration is not supported, leading to a mount-time denial of access (DoS potential). Connected records show patches in Root: Debian 11/...

7.8CVSS5.6AI score0.00135EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.18 views

CVE-2026-31456

CVE-2026-31456 affects the Linux kernel mm/pagewalk: a race between concurrent splitting of a PUD entry in walk_pud_range() and a refault can cause a PMD range to disappear, triggering a kernel BUG during certain NUMA reads with VFIO-PCI DMA setup. The fix validates the PUD entry with a stable sn...

4.7CVSS5.6AI score0.00089EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.18 views

CVE-2026-31468

CVE-2026-31468 affects the Linux kernel vfio/pci dma-buf feature. The issue is an error-path handling bug in vfio_pci_core_feature_dma_buf() that can cause an unbalanced refcount and a double free under certain conditions (e.g., file descriptor exhaustion). The documented fix moves the dma_buf_pu...

7.8CVSS5.6AI score0.0012EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.18 views

CVE-2026-31470

CVE-2026-31470 concerns the Linux kernel TDX guest path, specifically the virt: tdx-guest component. Multiple connected sources confirm a fix for handling of the host-controlled quote buffer length, where the host can set quote_buf->out_len to influence how many bytes of the quote are copied t...

7.1CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.18 views

CVE-2026-31472

CVE-2026-31472 concerns the Linux kernel, specifically the xfrm/ IPTFS path. A crafted ESP packet with an inner IPv4 header can cause an infinite loop in __input_process_payload() if the inner header has tot_len=0 or malformed ihl. The fix adds validation to reject inner packets where tot_len &lt...

5.5CVSS5.6AI score0.00121EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.18 views

CVE-2026-31494

Technical details for CVE-2026-31494 are not publicly provided in the supplied documents; monitor for updates.

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.18 views

CVE-2026-31497

The CVE-2026-31497 entry concerns the Linux kernel Bluetooth USB (btusb) driver. The issue arises in btusb_work(), which maps the number of active SCO links to USB alternate settings using a three-entry table. It indexes alts[] with data->sco_num - 1 without constraining sco_num to the number ...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:30 p.m.18 views

CVE-2026-31536

The vulnerability CVE-2026-31536 affects the Linux kernel SMB direct server implementation. In smb: server: let send_done handle a completion without IB_SEND_SIGNALED, during smbdirect_send_batch processing requests may be processed without IB_SEND_SIGNALED and could be destroyed in the final req...

9.8CVSS5.4AI score0.00442EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.18 views

CVE-2026-31597

The CVE-2026-31597 vulnerability affects the Linux kernel OCFS2 code. A use-after-free occurs in ocfs2_fault() when VM_FAULT_RETRY triggers after filemap_fault() drops mmap_lock, allowing a concurrent munmap() to free the vm_area_struct and causing ocfs2_fault() to dereference a dangling vma. The...

7.8CVSS5.5AI score0.00128EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.18 views

CVE-2026-31612

The CVE-2026-31612 entry concerns ksmbd in the Linux kernel. The vulnerability arises in smb2_get_ea(): the code reads EaNameLength from the client request and passes it directly to strncmp() as the comparison length without validating that the name length matches the input buffer size. The publi...

7.5CVSS5.4AI score0.00415EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.18 views

CVE-2026-31615

In CVE-2026-31615, the Linux kernel USB gadget code for renesas_usb3 (and related aspeed_udc context) did not validate endpoint indices in standard requests (GET_STATUS, SET/CLEAR_FEATURE). The host-supplied wIndex could be used to dereference a pointer without confirming endpoint count, risking ...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.18 views

CVE-2026-31625

CVE-2026-31625 concerns the Linux kernel HID alps driver, where a NULL pointer dereference could occur when processing raw events. The root cause was insufficient verification of device claiming before handling a raw event, which could lead to system instability. The fixed trajectory includes com...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.18 views

CVE-2026-31633

In the Linux kernel rxrpc subsystem, CVE-2026-31633 is addressed by fixing an integer overflow in rxgk_verify_response(). The bug arises when token_len is rounded up before the length check, allowing the check to be bypassed. The patch ensures the unrounded token_len is also compared against len,...

9.8CVSS5.4AI score0.00469EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.18 views

CVE-2026-31640

CVE-2026-31640 affects the Linux kernel rxrpc component. The issue occurs in rxrpc_post_response() where the code compares the challenge serial number using the newer packet private data instead of the cached/older response, causing the comparison to always be false and potentially preventing the...

7.5CVSS5.5AI score0.00426EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.18 views

CVE-2026-31643

CVE-2026-31643 covers a Linux kernel rxrpc memleak in the key parsing path. In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk could leak on several error paths after allocation. The issue is mitigated by freeing the allocated memory in the reject_token: path. Technical cover...

5.5CVSS5.4AI score0.00121EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31724

In CVE-2026-31724, the Linux kernel USB gadget EEM function had a lifecycle issue: a net_device was created and registered under the gadget’s sysfs parent, but on unbind the parent could be destroyed, leaving dangling symlinks (for example, /sys/class/net/usb0). The remediation described in conne...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31728

The CVE-2026-31728 issue in the Linux kernel affects usb: gadget: u_ether, where a race between gether_disconnect() and eth_stop() could dereference a cleared endpoint descriptor, causing a NULL pointer dereference and a potential hardlockup. The root cause is the delayed clearing of dev->port...

4.7CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31731

In CVE-2026-31731, the Linux kernel thermal management subsystem has a race where a thermal zone removal during resume can cause use-after-free. Root cause: thermal_zone_pm_complete() and thermal_zone_device_resume() re-initialize the poll_queue delayed work, so cancel_delayed_work_sync() in ther...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31735

The CVE-2026-31735 issue affects the Linux kernel IOMMU page table handling. Specifically, when an unmap operation partially overlaps a large or contiguous IOPTE, the invalidation/gather logic could flush only the requested range, causing a short invalidation where part of the unmapped area remai...

8.8CVSS5.7AI score0.0012EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31748

CVE-2026-31748 (Linux kernel, comedi me_daq) : A firmware-overrun was fixed in the me2600_xilinx_download() path used by request_firmware(). The code trusts the firmware header and reads file_length from the first 4 bytes, then copies file_length bytes from offset 16 without verifying the data st...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31764

Summary (CVE-2026-31764) : A vulnerability in the Linux kernel IIO IMU driver for the st_lsm6dsx allows an out-of-bounds access when a non-accelerometer/gyroscope sensor tries to set the buffer sampling frequency via the sysfs attribute. The function st_lsm6dsx_hwfifo_odr_store() calls st_lsm6dsx...

7.8CVSS6AI score0.0012EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31771

CVE-2026-31771 affects the Linux kernel Bluetooth HCI event handling. The vulnerability arose because hci_store_wake_reason() could be invoked before per-event payload length checks, potentially allowing a short HCI event frame to reach bacpy() prior to validation. The fix restructures wake-addre...

8.1CVSS5.8AI score0.00205EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-31784

CVE-2026-31784 affects the Linux kernel, specifically the drm/xe/pxp component. The issue arises in pxp_start where a restart flag is not cleared, causing the function to potentially loop back to the start after reaching the end. This has been resolved by cherry-picking a fix from commit 0850ec7b...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-43006

CVE-2026-43006 (Linux kernel io_uring rsr/rsrc): A zero-length fixed-buffer import in io_import_fixed() could trigger a slab-out-of-bounds read due to a boundary check that allows len == 0 to be processed. The underlying issue is in validate_fixed_range(), which permits buf_addr at the end of the...

7.1CVSS5.9AI score0.00124EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-43034

Root cause CVE-2026-43034: in the bnxt_en driver of the Linux kernel, ctxm->type is populated from the firmware response (resp->type) and later used to index fixed backing-store metadata arrays, risking memory corruption. The fix changes ctxm->type to come from the current loop variable ...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-43040

CVE-2026-43040 corresponds to a Linux kernel issue in IPv6 Router Advertisements handling via nduseropt, where three padding fields in nduseroptmsg were not initialized to zero, leaking kernel data. Affected component: net/ipv6/ndisc (ndc ra user options). Root cause: padding fields were not zero...

7.1CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-43043

The CVE describes a Linux kernel vulnerability in the AF_ALG crypto interface where chaining a new af_alg_tsgl structure can leave the end marker of the previous Scatter/Gather List uncleared when a sendmsg exactly fills MAX_SGL_ENTS. This causes sg_next() to return NULL, potentially leading to a...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.18 views

CVE-2026-43055

The CVE-2026-43055 issue affects the Linux kernel SCSI target: file implementation. The root cause is that target_core_file does not initialize aio_cmd->iocb for ki_write_stream, which can yield a bogus ki_write_stream value during fd_execute_rw_aio() and lead to unintended write failure statu...

7.5CVSS5.7AI score0.00358EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.18 views

CVE-2026-43075

The CVE-2026-43075 issue affects the Linux kernel’s ocfs2 filesystem code. A corrupted ocfs2 filesystem mounted on a loop device could trigger an out-of-bounds write in ocfs2_write_end_inline during a copy_file_range splice fallback, caused by trusting on-disk id_count to fit inline data. The roo...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.18 views

CVE-2026-43076

The vulnerability CVE-2026-43076 affects the ocfs2 filesystem in the Linux kernel. When reading an inode from disk, ocfs2_validate_inode_block() did not validate the i_size of inline data against the inline data capacity (id_count). A corrupted filesystem could make i_size exceed id_count, causin...

7.8CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.18 views

CVE-2026-43082

CVE-2026-43082 affects the Linux kernel net: txgbe component. The issue arises from how property_entry lists are terminated: the driver allocated exactly the number of entries used and did not reserve space for the terminating empty entry. The fix updates the struct definition of property_entry t...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.18 views

CVE-2026-43108

In CVE-2026-43108, the issue is in the Linux kernel's Qualcomm SoC PD-mapper component. The root cause is a mismatch between the declared length of a string element in servreg_loc_pfr_req_ei and the reason field of servreg_loc_pfr_req, which can trigger decoding errors during PD crashes. The conc...

5.5CVSS5.8AI score0.00114EPSS
Total number of security vulnerabilities14105