14139 matches found
CVE-2025-39769
The CVE refers to a Linux kernel issue in the bnxt_en driver where a lockdep warning could trigger during rmmod (bnxt_remove_one) due to an assertion on the netdev lock. The fix adds netdev_assert_locked_or_invisible() in bnxt_free_ntp_fltrs() so the assertion does not fire if the netdev is alrea...
CVE-2025-39777
The CVE-2025-39777 entry concerns the Linux kernel crypto: acomp component, where a control flow integrity (CFI) failure was caused by type punning. The issue could lead to a crash when CFG is enabled. The documented fix uses a consistent type for the workspace free function and ensures it is inv...
CVE-2025-39802
CVE-2025-39802 affects the Linux kernel’s poly1305 implementation (lib/crypto: arm/poly1305). The root cause is register corruption when SIMD is unusable; the patch restores a cheap SIMD usability check (may_use_simd) that was removed by a prior commit and ensures poly1305 code behaves safely rat...
CVE-2025-39803
CVE-2025-39803 affects the Linux kernel in the SCSI/UFShCD UFS path. The vulnerability arises from a warning path in the UIC command completion: when the UIC completion interrupt is re-enabled mid-processing, an interrupt could trigger and hit WARN_ON_ONCE(!cmd). The fix is a patch that removes t...
CVE-2025-39814
In CVE-2025-39814, the Linux kernel ice driver contains a NULL pointer dereference when resetting a device without RDMA support. Specifically, ice_unplug_aux_dev() dereferences pf->cdev_info->adev, and pf->cdev_info may be NULL, leading to a crash during reset described in the trace. A f...
CVE-2025-39837
The CVE-2025-39837 entry concerns the Linux kernel, specifically the platform/x86 asus-wmi subsystem. The issue stems from racey driver registrations where asus_wmi_register_driver() could be invoked concurrently by multiple drivers, causing unsafe list operations and potential memory corruption ...
CVE-2025-39894
CVE-2025-39894 affects the Linux kernel netfilter bridge path (br_netfilter) specifically br_nf_local_in(). The issue arises when a broadcast packet to a tap device added to a bridge triggers br_nf_local_in() to confirm a conntrack; if another conntrack with the same hash is added, a warning may ...
CVE-2025-39900
CVE-2025-39900: Linux kernel net_sched: gen_estimator est_timer vulnerability fixed. When CONFIG_PREEMPT_RT=y, timer callbacks could be preempted, risking seqcount/seqlock integrity. A fix in net/core/gen_estimator.c updates est_timer() by adopting preempt_disable_nested()/preempt_enable_nested()...
CVE-2025-39917
Summary (CVE-2025-39917) : Linux kernel bug in bpf_crypto_crypt allowed an out-of-bounds write when the destination dynptr size was smaller than the source, due to missing validation before crypto backend calls with len = src_len. The issue arises in the bpf_dynptr_data usage for src and the writ...
CVE-2025-39947
Affected software: Linux kernel with mlx5e uplink netdev handling. Issue: mlx5_uplink_netdev_get() may return a NULL pointer when the uplink netdevice is removed during unbind, leading to a kernel panic. Root cause: the uplink netdev pointer can be cleared while in use. Impact: potential kernel p...
CVE-2025-39954
The CVE-2025-39954 issue concerns the Linux kernel (clk: sunxi-ng: mp) where the P divider offset was omitted in the .recalc_rate readback for dual-divider clocks, causing the reported clock rate to be bogus or zero. The COMMITs in the connected sources indicate that the problem arises specifical...
CVE-2025-68223
CVE-2025-68223 concerns the Linux kernel code path for DRM/Radeon fence handling. The fix removes an attempted forward progress on the queue inside is_signaled, preventing a potential self-deadlock when the fence lock also serves as the wait-queue lock. The underlying issue was that dma-fence_ops...
CVE-2025-71074
The CVE-2025-71074 issue affects Linux kernel functionfs, where open/removal races can leave file->private_data as a freed object, causing UAF on read/write. Root cause: ffs->opened is misused; synchronization via atomic_dec_and_test() is insufficient. The fix approach, as documented, is to...
CVE-2025-71079
CVE-2025-71079 concerns a Linux kernel deadlock between nfc_unregister_device() and rfkill_fop_write() caused by lock-order inversion (device_lock vs rfkill_global_mutex). The fix moves rfkill_unregister() and rfkill_destroy() outside the device_lock section, storing the rfkill pointer in a local...
CVE-2025-71122
CVE-2025-71122 concerns Linux kernel iommufd/selftest: overflow in IOMMU_TEST_OP_ADD_RESERVED, discovered by syzkaller and fixed by validating the user input length in the test ioctl. Affects test kernels with CONFIG_IOMMUFD_TEST; no exploitation details provided in the available documents.
CVE-2025-71123
CVE-2025-71123 affects the Linux kernel Ext4 mount option parsing. The vulnerability stems from improper string copying in parse_apply_sb_mount_options(), where strscpy_pad() could copy a non-NUL-terminated string into a fixed-size destination, triggering fortify warnings (strnlen: detected buffe...
CVE-2025-71128
CVE-2025-71128 is a Linux kernel vulnerability affecting GRE ERSPAN processing. The issue stems from the ip_tunnel_info structure’s flexible array member options, protected by a count options_len, where the counter must be initialized before first referencing options. The GRE ERSPAN code performe...
CVE-2025-71159
CVE-2025-71159 relates to a Linux kernel vulnerability in the Btrfs filesystem. The issue is a memory-ordering/race condition in btrfs_get_or_create_delayed_node(), where the delayed_node refcount was set before acquiring the root->delayed_nodes lock, allowing stores to node->refs and btrfs...
CVE-2025-71180
CVE-2025-71180 affects the Linux kernel’s interrupt handling: the IRQF_NO_THREAD flag should not be used with code that may take a spinlock, as warned by CONFIG_PROVE_RAW_LOCK_NESTING. The issue occurs when an IRQ handler may either use IRQF_NO_THREAD or acquire a spinlock_t, leading to a potenti...
CVE-2025-71186
Technical details (affected component, root cause, impact, and patch information) for CVE-2025-71186 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vendor/security bulletins.
CVE-2025-71191
Technical details for CVE-2025-71191 are not publicly available in the provided documents; monitor for official advisories for affected products and fixes.
CVE-2025-71237
CVE-2025-71237 corresponds to a Linux kernel nilfs2 issue where an underflow during FITRIM end_block calculation can produce a negative nblocks, turning into a large positive value and causing the block layer to hang while processing a discard. The description and connected advisories confirm the...
CVE-2025-71289
Summary: CVE-2025-71289 affects the Linux kernel NTFS3 driver. The issue occurs when truncating files: if attr_set_size() fails, the error is silently ignored and the inode may be left in an inconsistent state, potentially impacting data integrity. The NVD entry lists a local, low-complexity atta...
CVE-2025-71293
CVE-2025-71293 concerns the Linux kernel amdgpu ras issue where, if eeprom contained only invalid addresses, allocation could be skipped and lead to a NULL pointer dereference when reading bad pages. The fix moves the ras data allocation before the bad-page check, resolving a NULL pointer derefer...
CVE-2025-71299
CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...
CVE-2026-22989
CVE-2026-22989 affects the Linux kernel NFS server (nfsd). The issue occurs when unlocking the filesystem via an administrative interface while nfsd is not running, causing nfsd4_revoke_states() to access freed state structures (eg conf_id_hashtbl) during server shutdown and potentially crash. Th...
CVE-2026-22995
The CVE concerns a Linux kernel race in ublk_partition_scan_work that can cause a use-after-free of ub->ub_disk due to a race between async partition scanning and device teardown. The vulnerability occurs when ublk_ctrl_start_dev() schedules partition_scan_work after add_disk(), and ublk_stop_...
CVE-2026-23018
CVE-2026-23018 describes a Linux kernel vulnerability in the btrfs code path. In btrfs_read_locked_inode(), a path with a read-locked leaf from a subvolume tree is used while calling btrfs_init_file_extent_tree(), which may perform GFP_KERNEL allocations and trigger memory reclaim. This can creat...
CVE-2026-23065
CVE-2026-23065 is a Linux kernel issue affecting the x86/amd platform where a tmp buffer allocated in wbrf_record() is leaked on error in acpi_evaluate_dsm(). The vulnerability’s root cause is a memory leak in the error path, fixed by explicitly freeing the tmp buffer in the error handling path o...
CVE-2026-23081
Summary: CVE-2026-23081 affects the Linux kernel intel-xway PHY driver, where an OF node reference-count leakage could occur. The root cause is improper management of Open Firmware (OF) node refcounts when checking the presence of the 'leds' child node. The fix adds a correct refcount maintenance...
CVE-2026-23143
CVE-2026-23143 affects the Linux kernel virtio_net driver. The root cause is a misalignment between struct virtio_net_rss_config_trailer and rss_hash_key_data in struct virtnet_info, causing the RSS key to be shifted by one byte (last byte truncated and an possibly uninitialized byte prepended). ...
CVE-2026-23144
CVE-2026-23144 affects the Linux kernel in mm/damon/sysfs where, on context dir setup failure, subdirectories under attrs/ aren’t cleaned up. This leaves the DAMON sysfs interface effectively broken until reboot and leaks memory from unremoved directories. The issue is fixed by cleaning up those ...
CVE-2026-23156
CVE-2026-23156 affects Linux kernel efivarfs: efivar_entry_get() may return success even if __efivar_entry_get() fails, potentially enabling uninitialized heap data to be copied to userspace via efivarfs_file_read(). The root cause is error propagation being suppressed; the fix is to return the e...
CVE-2026-23186
CVE-2026-23186 pertains to the Linux kernel hwmon driver for the ACPI power meter. The issue arises when acpi_power_meter_notify() calls hwmon_device_unregister() while holding a lock also acquired by sysfs callbacks, creating potential deadlocks between sysfs access and device removal. Fixes inc...
CVE-2026-23249
Summary (CVE-2026-23249) : In Linux kernel XFS, during free-space and inode btree repair, revalidation calls xchk_allocbt for BNOBT and CNTBT can race: the first call nullifies the CNTBT cursor, causing a NULL dereference on the second revalidation. The fix changes the control flow so CNTBT curso...
CVE-2026-23258
CVE-2026-23258 is acknowledged in OSV entries as a vulnerability present in the Linux kernel context via the Root:Ubuntu rootio-linux package. Ubuntu security advisories indicate patches are available for Ubuntu 22.04 LTS and 24.04 LTS (Root:Ubuntu:22.04 and Root:Ubuntu:24.04) with multiple fixed...
CVE-2026-23282
CVE-2026-23282 affects the Linux kernel SMB client (smb2_unlink). The root cause is uninitialised iov structures when SMB2_open_init() or SMB2_close_init() fails (e.g., on reconnect), which can cause oopses when SMB2_open_free(), SMB2_close_free(), or smb2_set_related() are invoked. The fix initi...
CVE-2026-23300
The CVE-2026-23300 issue is a Linux kernel vulnerability in IPv6 routing where creating a standalone nexthop object (e.g., ip -6 nexthop add id 100 dev lo) caused a crash when later referenced by an IPv4 route. Root cause: fib6_nh_init() incorrectly treated such nexthops as rejects due to an abse...
CVE-2026-23308
CVE-2026-23308 concerns a Linux kernel pinctrl equilibrium warning trace on load. The issue arises because eqbr_irq_mask() calls gpiochip_disable_irq() and eqbr_irq_ack() is also invoked, causing a warning for every GPIO during load. A fix was implemented by not using eqbr_irq_mask() and eqbr_irq...
CVE-2026-23310
Summary: CVE-2026-23310 affects the Linux kernel bonding/kern XDP path. If a bond is in 802.3ad or balance-xor mode and an XDP program is loaded, changing xmit_hash_policy to vlan+srcmac can escape the existing guard, leaving bond->xdp_prog set and causing an incompatible state during tear-dow...
CVE-2026-23328
CVE-2026-23328 – Linux kernel (accel/amdxdna): The vulnerability is a NULL pointer dereference in mgmt_chann when the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(), which may set mgmt_chann to NULL and cause a later NULL dereference in aie2_hw_stop(). The fixed patch introduce...
CVE-2026-23347
CVE-2026-23347 : Linux kernel vulnerability where the read bulk callback in the USB can driver (f81604) failed to anchor the urb before submitting in the anchor pattern. This could lead to urb leakage if usb_kill_anchored_urbs() is invoked. The issue is addressed by anchoring the urb in the read ...
CVE-2026-23367
CVE-2026-23367 – Linux kernel (wifi: radiotap: reject radiotap with unknown bits) The issue arises in the radiotap parser used for the radiotap namespace. If an undefined field (field 18) is present, the alignment/size is unknown and iterator->_next_ns_data is not initialized for non-visible v...
CVE-2026-23374
CVE-2026-23374 affects the Linux kernel blktrace path. The root cause is tracing_record_cmdline() using __this_cpu_read()/__this_cpu_write() on a per-CPU variable while preemption is enabled, which is unsafe and triggers a kernel BUG in preemptible code through __blk_add_trace() paths. Public wri...
CVE-2026-23382
The CVE-2026-23382 entry concerns the Linux kernel HID subsystem. The issue arises when raw HID event callbacks can fire for a device that has not been claimed, potentially leading to a crash due to a missing HID_CLAIMED_INPUT guard. The fix, described in the upstream commit 2ff5baa9b527, adds th...
CVE-2026-23384
CVE-2026-23384 : In the Linux kernel's RDMA/ionic component, a kernel stack leak was fixed in the function ionic_create_cq(). The resp structure leaks 7 bytes from rsvd[7], and up to 4 additional bytes in cqid[2] (potentially 11 bytes total) if udma_mask only has bit 0 set and cqid[1] is not writ...
CVE-2026-23395
CVE-2026-23395 affects the Linux kernel Bluetooth L2CAP handling of ECRED connection requests. The issue stems from accepting multiple L2CAP_ECRED_CONN_REQs regardless of the command identifier, which can cause multiple requests to be marked pending (FLAG_DEFER_SETUP) and may lead to allocating m...
CVE-2026-23414
CVE-2026-23414 is addressed in the Linux kernel TLS code. The vulnerability involved the async_hold queue that pins encrypted input skbs while AEAD operations reference scatterlist data. The fix centralizes purge of async_hold in tls_decrypt_async_wait(), ensuring all callers (recvmsg drain path,...
CVE-2026-23422
CVE-2026-23422 concerns the Linux kernel’s dpaa2-switch component. An out-of-bounds if_id detected in the IRQ handler could leave the interrupt status uncleared, potentially causing an interrupt storm and a DoS-like condition. The technical details in connected documents show the root cause as mi...
CVE-2026-23425
CVE-2026-23425 (Linux kernel KVM arm64) — The issue stems from non-protected pKVM guests where the hypervisor copies only the KVM_ARCH_FLAG_ID_REGS_INITIALIZED flag from the host to the hypervisor during pkvm_init_features_from_host, while the actual id_regs data are not initialized. This can cau...