13692 matches found
CVE-2026-43433
The CVE-2026-43433 entry refers to a Linux kernel issue in the rust_binder component: a TOCTOU opportunity where a local process that can write to its own VMA could alter the offsets array before it is read back during a transaction, potentially enabling privilege escalation to the sender. The fi...
CVE-2026-43442
The CVE-2026-43442 issue affects the Linux kernel io_uring subsystem: when IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQARRAY, a flawed 128-byte SQE bounds check validates the logical SQ head instead of the physical SQE index. This can let an unprivileged local user remap a logical po...
CVE-2026-43448
CVE-2026-43448 corresponds to a race in the Linux kernel nvme-pci driver (nvme_poll_irqdisable) where a device can be disabled between operations, causing nvme_poll_irqdisable() to race with nvme_reset_work() and leading to an unbalanced IRQ enable (IRQ 10 in the crash log). The root cause is a m...
CVE-2026-43449
CVE-2026-43449 concerns the Linux kernel NVMe PCI driver. The issue is a slab-out-of-bounds write in nvme_dbbuf_set caused by an incorrect loop bound when indexing dev->online_queues; index 0 (admin queue) is excluded, but the loop could overrun. The vulnerability is evidenced by KASAN reports...
CVE-2026-43459
CVE-2026-43459 concerns the Linux kernel ASoC subsystem: when unbinding a sound card while a PCM stream is active, a use-after-free can occur due to teardown ordering. The fix adds a flush in soc_cleanup_card_resources() after snd_card_disconnect_sync() and before soc_remove_dais()/soc_remove_lin...
CVE-2026-43460
In the Linux kernel rockchip-sfc driver, CVE-2026-43460 is caused by a double-free of an SPI controller: the driver uses devm_spi_register_controller(), which auto-unregisters on device removal, but remove() also calls spi_unregister_controller(), creating a double-free. The mitigation implemente...
CVE-2026-43465
CVE-2026-43465: Linux kernel mlx5e XDP multi-buf frag counting flaw. When XDP programs modify the XDP buffer layout (via bpf_xdp_pull_data/bpf_xdp_adjust_tail), the driver failed to count dropped fragments, risking negative page fragment reference counting and potential instability. Public report...
CVE-2026-43468
CVE-2026-43468 affects the Linux kernel net/mlx5 subsystem, where a deadlock can occur between the devlink lock and the esw->work_queue. The deadlock trace involves esw_functions_changed_event_handler executing esw_vfs_changed_event_handler, while eswitch_mode_set acquires the devlink lock and...
CVE-2026-43470
CVE-2026-43470 affects the Linux kernel NFS implementation. When an alias found via nfs3_do_create/nfs_add_or_obtain /d_splice_alias corresponds to a directory, the code could forget the alias while keeping the original negative dentry, causing an oops in nfs_atomic_open_v23/finish_open. The issu...
CVE-2026-46246
The CVE-2026-46246 issue affects the Linux kernel driver power: supply: pm8916_lbc. It describes a use-after-free race: when requesting IRQs with the devm_ helper before the extcon handle is allocated/registered, the extcon resource can be freed while an IRQ handler is still active, leading to ex...
CVE-2026-46251
The CVE-2026-46251 issue is a Linux kernel Btrfs vulnerability where, when EXTENT_TREE_V2 is enabled, the block_group_tree may be added to switch_commits while still on the dirty_list, causing invalid list manipulation and corruption of block_group_root->dirty_list. This corruption can propaga...
CVE-2026-46254
The CVE-2026-46254 issue concerns the Linux kernel AppArmor module mis-handling unaligned DFA tables (originating from kernel or userspace), which can cause unaligned memory accesses and kernel warnings. The available connected advisories confirm the vulnerability in AppArmor and document an even...
CVE-2026-46255
Summary: CVE-2026-46255 affects the Linux kernel fsl-edma driver (dmaengine). The issue arises because clocks allocated/enabled with devm_clk_get_enabled() are automatically cleaned up, but fsl_edma_remove() explicitly disables them via fsl_disable_clocks(), causing warnings during driver removal...
CVE-2026-46256
CVE-2026-46256 refers to a Linux kernel flaw in the NFS LOCALIO optimization. The issue allows a recursion deadlock during direct reclaim when writing pages back into NFS via nfs_writepages, potentially affecting NFS loopback paths where LOCALIO is used on the same system. The root cause is that ...
CVE-2026-46257
CVE-2026-46257 concerns the Linux kernel SP804 timer driver on ARM32. The issue occurs when the delay timer shares the same clkevt instance with sched_clock; if sp804_clocksource_and_sched_clock_init runs with use_sched_clock != 1, sched_clkevt may be uninitialized, and read_current_timer() ends ...
CVE-2026-46260
The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...
CVE-2026-46261
CVE-2026-46261 relates to the Linux kernel wpcm-fiu SPI driver. The issue is a potential NULL pointer dereference when platform_get_resource_byname() returns NULL, if the NULL is dereferenced by resource_size(). The patch moves the fiu->memory_size assignment to occur after the error check for...
CVE-2026-46264
CVE-2026-46264 addresses a Linux kernel flaw in drm/xe/pf where an error in devm_add_action_or_reset() can cause a cleanup action to run on an uninitialized kobject during sysfs initialization. This use-after-free and kobject_put() on an uninitialized object is mitigated by ensuring proper initia...
CVE-2026-46268
The CVE relates to the Linux kernel PCI/P2PDMA subsystem. A warning in p2pmem_alloc_mmap() was triggered by an assertion VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) after the initial page refcount was changed to zero by a prior patch. The issue arises only when CONFIG_DEBUG_VM is enabled, produci...
CVE-2026-46270
In the Linux kernel, CVE-2026-46270 (rt9455) is a use-after-free race in the power_supply_changed() path of the power supply driver. The issue arises when IRQs are requested using the devm_ variant before the devm_ allocated/freed power_supply handle, causing the handle to be deallocated/unregist...
CVE-2022-50464
In the Linux kernel, mt76 MT7915 PCI path had a refcount leak in mt7915_pci_init_hif2(); the issue stems from pci_get_device() returning a device with increased refcount and not balancing with pci_dev_put(). The fix saves the returned pci_device and ensures a pci_dev_put() is called to decrease t...
CVE-2022-50517
CVE-2022-50517 relates to the Linux kernel THP handling in mm/huge_memory, where a swap page entry (swp_entry_t) could be clobbered during THP split if the head page wasn’t swapped, a bug identified and fixed by the commit b653db77350c. Affected behavior was observed under stress-ng mmap workload...
CVE-2023-53476
CVE-2023-53476 affects the Linux kernel’s RDMA/cxgb4 code path (c4iw_fill_res_cm_id_entry). The issue arises when epcp is re-assigned; re-testing epcp->state == LISTEN after reassignment can dereference NULL listen_ep or ep, leading to a NULL pointer dereference. The vulnerability is triggered...
CVE-2023-53498
In the provided documents, CVE-2023-53498 is described as a Linux kernel vulnerability in the AMD display driver (drm/amd/display). The issue arises when amdgpu_dm_fini() may dereference adev->dm.dc if the pointer is NULL, allowing a NULL pointer dereference. The remediation is a code fix that...
CVE-2023-53595
CVE-2023-53595 affects the Linux kernel, specifically the octeontx2-pf driver’s macsec (mcs) path. The issue triggers NULL pointer dereferences during teardown when rebooting after creating a macsec interface, leading to kernel crashes as shown by call traces like cn10k_mdo_del_secy and macsec_no...
CVE-2023-53641
CVE-2023-53641 – Linux kernel (wifi: ath9k: hif_usb): The issue is a memory leak in remain_skb within ath9k_hif_usb_rx_stream(). remain_skb is allocated and only freed in the next rx_stream() call; if URBs are deallocated between calls (e.g., device deinit or suspend), the allocated skb can leak....
CVE-2023-53655
CVE-2023-53655 (Linux kernel) is a stack overflow vulnerability caused by registering a kprobe on __rcu_irq_enter_check_tick(). The issue can trigger kernel panics/stack overflow when NO_HZ_FULL is enabled and the system boots with nohz_full=, leading to a tree of stack traces and a kernel panic,...
CVE-2025-39941
CVE-2025-39941 describes a race in zram slot handling in the Linux kernel. Parallel writes to the same zram index can leak zsmalloc handles because zs_free() may run too early; the fix requires resetting the zram entry right before assigning a new handle within the same slot lock scope. Documents...
CVE-2025-68358
CVE-2025-68358 (Linux kernel, btrfs) : A race condition was fixed in btrfs_clear_space_info_full() that updated bitfield members (full, chunk_alloc, flush) without holding the space_info lock, risking corruption of adjacent fields due to non-atomic read-modify-write sequences on bitfields. The fi...
CVE-2025-71126
CVE-2025-71126 relates to the Linux kernel MPTCP code and describes a deadlock when reinjecting during fallback. The issue occurs in mptcp_connect trying to acquire msk->fallback_lock while the task already holds it in __mptcp_retrans, creating a potential recursive lock and double-lock scenar...
CVE-2025-71158
The CVE-2025-71158 issue is in the Linux kernel gpio: mpsse driver, where an IRQ worker running during device unplug could crash. The root cause is insufficient teardown of the worker list on disconnect; a spinlock was introduced to protect the worker list and ensure tear-down during hot-unplug. ...
CVE-2025-71272
The CVE-2025-71272 entry concerns a Linux kernel resource-leak in most_register_interface(). When initialization fails before device registration, memory for the interface could be leaked. The fix initializes the device early with device_initialize(), calls put_device() on all error paths, and sw...
CVE-2025-71273
The CVE-2025-71273 entry concerns the Linux kernel’s rtw88 Wi‑Fi driver. The issue arises from a memory leak in rtw_register_hw(), where memory allocated for supported bands was not freed on error paths. The patch standardizes memory allocation using device-managed memory (devm_kmemdup()) in rtw_...
CVE-2025-71290
CVE-2025-71290 concerns a memory leak in the Linux kernel’s misc: ti_fpc202 probe function. The root cause is not releasing a device node reference during iteration, leading to a leak. The remedy implemented is a code change that uses for_each_child_of_node_scoped() to ensure the node reference i...
CVE-2025-71294
The CVE-2025-71294 entry is tied to the Linux kernel AMDGPU DRM path. The root cause is a NULL pointer issue in buffer_funcs when the SDMA block is not enabled, leading to potential failure/availability impact. A patch fixes buffer_funcs initialization, mitigating the issue; multiple OSV entries ...
CVE-2025-71314
In the Linux kernel, the drm/panthor component was updated to recover from panthor_gpu_flush_caches() failures that could block the memory subsystem. The fix introduces a reset path to recover when flush operations hang, and resets pending_reqs so new commands can be issued after a reset. If addi...
CVE-2026-23249
Summary (CVE-2026-23249) : In Linux kernel XFS, during free-space and inode btree repair, revalidation calls xchk_allocbt for BNOBT and CNTBT can race: the first call nullifies the CNTBT cursor, causing a NULL dereference on the second revalidation. The fix changes the control flow so CNTBT curso...
CVE-2026-23263
CVE-2026-23263: In the Linux kernel, io_uring/zcrx had a page array leak that was not freed during sg init failure. The fix, committed as d9f595b9a65e, releases the previously leaked page array along with the leaked pages. Exploitation details are not provided in the supplied documents beyond the...
CVE-2026-23287
The CVE-2026-23287 issue affects the Linux kernel’s PLIC interrupt handling for SiFive irqchip, where a race between affinity changes and interrupt enable bits could freeze an interrupt. Root cause: completion handling could ignore or mis-handle an interrupt if the hart affinity change left the e...
CVE-2026-23302
Summary (CVE-2026-23302): The Linux kernel patch resolves a data-race in data-path pointers sk->sk_data_ready and sk->sk_write_space, where skmsg and possibly other layers could modify these pointers while others may read them concurrently. The fix adds corresponding READ_ONCE()/WRITE_ONCE(...
CVE-2026-23304
The connected advisories confirm CVE-2026-23304 affects the Linux kernel IPv6 routing code. Root cause: l3mdev_master_dev_rcu() can return NULL when a slave device is un-slaved from a VRF, and ip6_rt_get_dev_rcu() used by ip6_rt_pcpu_alloc() did not fall back to loopback, causing a NULL pointer d...
CVE-2026-23316
CVE-2026-23316 – Linux kernel ARM64 multipath hash seed alignment fix . The issue arises in the ARM64 Linux kernel when reading the 8-byte struct sysctl_fib_multipath_hash_seed (user_seed and mp_seed) atomically with READ_ONCE(). Under Clang+LTO, this full-structure read emits a 64-bit load-acqui...
CVE-2026-23317
The CVE-2026-23317 entry describes a Linux kernel vulnerability in drm/vmwgfx, specifically vmw_translate_ptr. The root cause was a previous change where a pointer-returning lookup was replaced by an error-code-returning lookup with the pointer as an out parameter; the error path was not updated,...
CVE-2026-23318
CVE-2026-23318 affects the Linux kernel ALSA USB-audio UAC3 header validation. The validator table for UAC3 AC header descriptors used UAC_VERSION_2 instead of UAC_VERSION_3, so real UAC3 devices were not validated and could trigger out-of-bounds reads when the driver accesses unvalidated descrip...
CVE-2026-23329
CVE-2026-23329 affects the Linux kernel libie_fwlog_deinit in the ixgbe driver flow. The vulnerability arises when unloading the driver (even if firmware logging was never initialized), enabling a call path that can lead to a kernel oops and Denial of Service. Reproduced by unloading the ixgbe dr...
CVE-2026-23332
The CVE-2026-23332 issue affects the Linux kernel cpufreq/ intel_pstate driver. When booted with nosmt or maxcpus and attempting to disable turbo via /sys/devices/system/cpu/intel_pstate/no_turbo, a NULL pointer dereference can occur because for_each_possible_cpu() may consider offline CPUs and a...
CVE-2026-23336
Summary: CVE-2026-23336 affects the Linux kernel’s wifi cfg80211 path, where a use-after-free can occur during wiphy_unregister() if rfkill_block work isn’t cancelled. The issue manifests in cfg80211_shutdown_all_interfaces via a KASAN use-after-free and is triggered when unregistering a wireless...
CVE-2026-23339
CVE-2026-23339 is resolved in the Linux kernel through fixes around NFC/NCI skb handling (nci_transceive error paths releasing skb) as cited by multiple OSV entries and kernel patches. Connected advisories show Root: Debian/Ubuntu/Mageia patches for rootio-linux, with multiple fixed versions (e.g...
CVE-2026-23349
CVE-2026-23349 concerns the Linux kernel HID subsystem, specifically the pidff module. The issue arises from not clearing all conditional effect bits, which can lead to NULL pointer dereferences and potential system instability. The root cause is improper handling of the ffbit flag where some con...
CVE-2026-23354
CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...