14105 matches found
CVE-2026-43115
The CVE-2026-43115 entry documents a Linux kernel fix for Tiny SRCU: srcu_gp_start_if_needed() previously called schedule_work(), acquiring pool->lock and triggering a lockdep splat when call_srcu() runs with a scheduler lock held. The remediation adds irq_work_sync() to cleanup_srcu_struct() ...
CVE-2026-43117
CVE-2026-43117 affects the Linux kernel’s btrfs tracepoints: when overlay is layered on btrfs, dentry->d_sb may reference the overlay superblock, causing a crash during fsid assignment. The root cause is deriving the wrong superblock for the event btrfs_sync_file(); the fix is to use file_inod...
CVE-2026-43118
This CVE-2026-43118 concerns a Btrfs log replay data integrity issue in the Linux kernel where truncating a file to zero and then creating a hardlink, followed by a power failure and log replay, could leave the original size unchanged. Root cause: during inode logging, a 0 generation is written f...
CVE-2026-43137
Summary: CVE-2026-43137 affects the Linux kernel ASoC SOF Intel HDA subsystem. A mismatch between DAI links in the machine driver and the topology can leave the playback/capture widget unset, which may trigger a null pointer dereference. The issue is fixed in the reported OSV entries (Ubuntu root...
CVE-2026-43139
The CVE-2026-43139 entry concerns the Linux kernel xfrm6 subsystem. The issue arises in xfrm6_get_saddr() which does not check the return value of ipv6_dev_get_saddr(); when ipv6_dev_get_saddr() fails with -EADDRNOTAVAIL, saddr->in6 remains uninitialized and xfrm6_get_saddr() incorrectly retur...
CVE-2026-43140
The CVE-2026-43140 vulnerability affects the Linux kernel HID magicmouse driver. Fake USB devices could present their own report descriptors such that input_mapping() does not call, leaving msc->input NULL and causing a crash later. The issue is resolved by detecting this condition in input_co...
CVE-2026-43145
The CVE-2026-43145 issue is in the Linux kernel remoteproc imx_rproc driver. The function imx_rproc_elf_find_loaded_rsc_table() could incorrectly report a loaded resource table when the firmware provided no resource table, because it returning priv->rsc_table even if rproc->table_ptr was NU...
CVE-2026-43151
CVE-2026-43151 : Linux kernel issue resolved by reverting the Iris video driver stop streaming sanity check. The revert re-enabled stop_streaming when the IRIS_INST_ERROR path, correcting prior regressions where buffers were not returned to vb2 and teardown could fail, leaving firmware in an inco...
CVE-2026-43170
CVE-2026-43170 affects the Linux kernel USB DWC3 gadget driver. The vulnerability arises when dwc3_gadget_vbus_draw() is called from atomic context and may invoke PMIC APIs that sleep, risking kernel panic. The fix moves vbus_draw to a workqueue context, mitigating sleep in atomic operations. Aff...
CVE-2026-43174
The CVE-2026-43174 issue is in the Linux kernel’s io_uring/zcrx subsystem. Descriptions across multiple sources state that post-open error handling was fixed to avoid releasing the zcrx context before all associated page pools are terminated, addressing improper resource cleanup. The practical im...
CVE-2026-43178
In the Linux kernel, the procfs component has a vulnerability in do_procmap_query() that can trigger a double mmput() of an mm_struct when a user passes an incorrectly sized buffer for PROCMAP_QUERY's build ID. The root cause is a change that defers cleanup after unlocking mmap_lock and per-VMA, ...
CVE-2026-43181
The CVE-2026-43181 issue affects the Linux kernel GPIO/sysfs path: exporting a GPIO via sysfs and then unbinding the parent GPIO controller can leave the exported /sys/class/gpio attribute active, as the descriptor can no longer be dropped after the parent device is removed. The mitigation implem...
CVE-2026-43196
CVE-2026-43196 affects the Linux kernel PRUSS clock multiplexer path (pruss_clk_mux_setup). The issue is a double free: devm_add_action_or_reset() path frees a resource via pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on error, and a second of_node_put is executed after the p...
CVE-2026-43199
CVE-2026-43199 affects the Linux kernel net/mlx5e component. A scheduling-while-atomic bug occurred when mlx5e_ipsec_init_macs() queried hardware MAC via mlx5_query_mac_address() from an atomic context (mlx5e_ipsec_handle_event/workqueue), which can sleep. The fix uses the MAC address already pre...
CVE-2026-43208
The CVE-2026-43208 entry describes a Linux kernel networking vulnerability where an incorrect assumption about the Receive Packet Steering (RPS) table size/immutability leads to out-of-bounds access when computing the flow_id in set_rps_cpu(). The fix requires computing flow_id within set_rps_cpu...
CVE-2026-43212
The CVE-2026-43212 entries involve the Linux kernel on LoongArch where cpumask_of_node() failed to handle NUMA_NO_NODE, which is a valid index. The root cause is an insufficient check in the arch-specific cpumask_of_node() implementation, leading to potential instability or incorrect behavior if ...
CVE-2026-43221
CVE-2026-43221 affects Linux kernel IPMI/IPMB: the event handler responsible for IPMB read bytes may fail to initialize reads, causing an I2C read to return an uninitialised value from the bus driver. This is described across multiple advisories (Root-OS-UBUNTU-2404, SUSE, Red Hat) as a patchable...
CVE-2026-43233
CVE-2026-43233 affects the Linux kernel nf_conntrack_h323 decoder (decode_choice), where a boundary check incorrectly used an uninitialized length and may read past the bitstream end, enabling a remote heap-buffer-overflow via a crafted Q.931 SETUP message to port 1720. The public disclosures des...
CVE-2026-43237
CVE-2026-43237 affects the Linux kernel AMDGPU driver, specifically the amdgpu_gem_va_ioctl handling of fences for VM timeline management. The issue could cause a refcount underflow and use-after-free during fence processing, potentially leading to a kernel panic and denial of service. The descri...
CVE-2026-43240
CVE-2026-43240 concerns the Linux kernel (x86/kexec) where a second-stage kernel booted with a memory-limiting parameter (mem=…) may place the IMA kexec buffer outside the accessible RAM, causing a kernel panic. The vulnerability arises from a missing range validation for the carried IMA measurem...
CVE-2026-43253
CVE-2026-43253 relates to the Linux kernel IOMMU AMD component. When iommu.strict=1, the wait_on_sem() busy-wait runs inside a spinlock with interrupts disabled, risking soft lockups under load. The fix moves the completion wait out of the spinlock in iommu_completion_wait(), since wait_on_sem() ...
CVE-2026-43264
The CVE-2026-43264 issue affects the Linux kernel fbdev subsystem, specifically in of_get_display_timings() where of_parse_phandle() returns a device_node with an incremented refcount. On certain error paths, native_mode’s refcount isn’t decremented, causing a refcount leak and potential resource...
CVE-2026-43273
CVE-2026-43273 concerns the Linux kernel Ceph file system module, where ceph_zero_partial_object() lacked proper snapshot context for OSD write operations. This omission can cause data inconsistencies within snapshots, potentially affecting data integrity of previously snapshotted data. Affected ...
CVE-2026-43277
The CVE-2026-43277 issue affects the Linux kernel GHES/APEI path. The root cause is a mismatch between CPER-record length and the actual number of pages allocated when ghes_new() validates CPER data, enabling a bad firmware to cause an out-of-bounds write and a kernel OOPs/panic. Public descripti...
CVE-2026-43287
The CVE targets Linux kernel DRM:MODE_CREATEPROPBLOB allocations. Arbitary-sized property blobs allocated for kernel memory were not charged to the caller’s memory cgroup, enabling unprivileged local users to trigger unbounded kernel memory growth and potential system-wide OOM. The fix ensures bl...
CVE-2026-43293
CVE-2026-43293: Linux kernel wave5 media driver in polling mode fixes a race between hrtimer cancellation and kthread worker destruction. The wave5_vpu_timer_callback() queues work via kthread_queue_work(), and destroying the worker before cancelling the hrtimer could let the timer fire during de...
CVE-2026-43311
CVE-2026-43311 resolves a Linux kernel Tegra PMC issue where generic_handle_irq() was called from a non-interrupt context during system suspend resume, causing kernel warnings. The fix defers the call to an IRQ work, enabling safe execution in hard IRQ context. For PREEMPT_RT kernels, the patch u...
CVE-2026-43343
CVE-2026-43343 affects the Linux kernel USB gadget f_subset code. The vulnerability stems from an unbalanced reference count: geth_alloc() increments the refcount, but geth_free() does not decrement it, which can block configuration of attributes via configfs after unlinking the function. The con...
CVE-2026-43353
The CVE-2026-43353 issue affects the Linux kernel i3c: mipi-i3c-hci module where the HCI DMA dequeue path (hci_dma_dequeue_xfer()) can be invoked by multiple transfers timing out concurrently. This race condition allowed parallel calls to interfere with each other while stopping/restarting the DM...
CVE-2026-43382
Summary: CVE-2026-43382 affects the Linux kernel batman-adv component. The issue arises when batadv_v_elp_get_throughput() runs with the RTNL lock already held, which could cause a deadlock during cancellation of a work item. The fix switches to rtnl_trylock to skip ethtool retrieval if the RTNL ...
CVE-2026-43388
CVE-2026-43388 (Linux kernel, DAMON) : The vulnerability arises in mm/damon/core/damos_walk(), which sets ctx->walk_control to a caller-provided control structure before checking if the context is running. If the context is inactive, it returns -EINVAL without clearing the pointer, leaving a d...
CVE-2026-43415
CVE-2026-43415 describes a race in the Linux kernel’s UFS host controller driver (scsi: ufs: core) during UFS suspend. The issue arises because cancel_delayed_work_sync() is invoked after ufshcd_vops_suspend(..., POST_CHANGE), allowing ufshcd_rtc_work() to race with suspend operations and potenti...
CVE-2026-43455
In CVE-2026-43455, multiple sources confirm a race in the Linux kernel MCTP module: mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_key() without holding key->lock, while both mctp_dev_set_key() and mctp_dev_release_key() require the lock. This can allow concurrent path...
CVE-2026-43464
Summary: CVE-2026-43464 affects the Linux kernel mlx5e driver in XDP multi-buffer scenarios. When XDP programs modify buffer layout via bpf_xdp_pull_data() or bpf_xdp_adjust_tail(), the driver previously failed to count dropped fragments, causing negative page reference counts during cleanup and ...
CVE-2026-43475
CVE-2026-43475 affects the Linux kernel hv_storvsc driver when PREEMPT_RT is enabled on Hyper-V. The issue stems from scheduling while atomic in storvsc_queuecommand, which could lead to a lock-up under certain I/O loads (as reported in the vulnerability description and kernel traces). A fix has ...
CVE-2026-45854
The CVE-2026-45854 issue affects the Linux kernel crypto stack, specifically the inside-secure/eip93 driver. The root cause is that EIP93’s options register is used to decide which algorithms are registered; currently, all algorithms are unregistered regardless of hardware support. This can cause...
CVE-2026-45889
Summary: CVE-2026-45889 affects the Linux kernel’s Multipath TCP (MPTCP). The root cause is incorrect accounting for Out-of-Order (OoO) data in mptcp_rcvbuf_grow(), causing the MPTCP receive buffer to drift toward tcp_rmem[2]. The vulnerability is linked to a subtle race during rcvspace initializ...
CVE-2026-45907
CVE-2026-45907 details a Linux kernel mlx5e netdev deadlock caused by incorrect lock ordering between devlink, rtnl, and netdev locks during recovery paths. The fix modifies several recovery flows to move netdev_trylock usage from lower-level work handlers to earlier points in the call chain (as ...
CVE-2026-45947
CVE-2026-45947 concerns a memory leak in the Linux kernel DRM/AMD GPU code: amdgpu_acpi_enumerate_xcc() may return -ENOMEM from amdgpu_acpi_dev_init() without freeing the allocated xcc_info, causing a leak. The linked fixes in the Ubuntu/RootOS/NVD/SUSE entries indicate a patch to ensure xcc_info...
CVE-2026-46255
Summary: CVE-2026-46255 affects the Linux kernel fsl-edma driver (dmaengine). The issue arises because clocks allocated/enabled with devm_clk_get_enabled() are automatically cleaned up, but fsl_edma_remove() explicitly disables them via fsl_disable_clocks(), causing warnings during driver removal...
CVE-2026-53131
In CVE-2026-53131, multiple netfilter-related paths in the Linux kernel (including ip6t_eui64, xt_mac, and several ipset types) could access Ethernet MAC header data via eth_hdr(skb) without first verifying that the skb is associated with an Ethernet device or that the MAC header is present and l...
CVE-2026-53221
Linux kernel CVE-2026-53221 affects ip6_vti’s vti6_tnl_lookup() where, after an exact tunnel match fails, the fallback search for wildcard tunnels did not consistently verify that candidate tunnels actually have wildcard addresses. This mismatching happens because all tunnel types are stored in a...
CVE-2026-53224
The vulnerability CVE-2026-53224 affects the Linux kernel SCTP implementation. The issue arises from insufficient validation of embedded INIT chunks and address list lengths in cookies: sctp_unpack_cookie() may accept a truncated INIT chunk, and the subsequent sctp_process_init() could read INIT ...
CVE-2022-50264
CVE-2022-50264 affects the Linux kernel clock subsystem, specifically the socfpga gate init path. The issue is a memory leak in the socfpga_clk/ops error path, corrected by freeing both the socfpga_clk and its ops on error. The vulnerability is categorized with a CVSS v3.1 base score of 5.5 (Medi...
CVE-2022-50267
CVE-2022-50267 pertains to the Linux kernel’s MMC/SD subsystem, specifically the mmc_add_host() path in the mmc: rtsx_pci driver. Root cause: return value of mmc_add_host() was not checked; on error, memory allocated by mmc_alloc_host() could be leaked, risking a kernel crash when removing an una...
CVE-2022-50428
CVE-2022-50428 affects the Linux kernel ext4 fast-commit journaling, caused by multiple off-by-one errors in filling tlv blocks. The issues constrain where tlvs start and end within a block, risking replay problems and memory leakage in last-byte handling. The fixed patch corrects block-filling o...
CVE-2022-50431
CVE-2022-50431 : Linux kernel patch fixes a memory-leak in ALSA aoa i2sbus handling. The issue stems from dev_set_name() allocating memory for the name in soundbus_add_one() and not freeing it if of_device_register() fails; the fix adds soundbus_dev_put() and frees resources in i2sbus_release_dev...
CVE-2022-50434
CVE-2022-50434: Technical details (affected product/component, root cause, impact, versions, fix) are not present in the connected documents. Monitor for updates.
CVE-2022-50435
CVE-2022-50435 : Linux kernel ext4 inline data handling bug where inline data was not cleared after direct IO creation, potentially causing a crash when an inode with both inline and block data is later truncated and rewritten. The accompanying fixes clear EXT4_STATE_MAY_INLINE_DATA during direct...
CVE-2022-50441
CVE-2022-50441 details (Linux kernel, net/mlx5): A bug introduced by commit 0d4e8ed139d8 removed a call to cancel_delayed_work_sync(), which could cause a queued delay to expire on an already destroyed workqueue, potentially leading to a kernel NULL pointer dereference. The fix restores cancel_de...