Lucene search
K
LinuxLinux Kernel

14139 matches found

CVE
CVE
added 2026/04/03 3:15 p.m.17 views

CVE-2026-23441

CVE-2026-23441 is a Linux kernel vulnerability in the net/mlx5e driver. The issue is a race condition where the ASO spinlock is released before the hardware finishes processing a WQE, causing a second operation to overwrite a shared DMA context. The fix introduces a private per-object IPSec ASO c...

4.7CVSS5.7AI score0.00089EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.17 views

CVE-2026-23445

Summary of CVE-2026-23445 (Linux kernel igc driver) Affected component: igc network driver in the Linux kernel, specifically the XDP TX timestamping path. Root cause: during shutdown of the TX ring, the code leaves behind stale xsk_meta pointers, causing the IRQ handler to touch invalid pointers ...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/04/13 1:21 p.m.17 views

CVE-2026-31416

CVE-2026-31416 (Linux kernel) : Affected component is netfilter nfnetlink_log. The issue is caused by not accounting for the netlink header size when processing NL messages, which can lead to a WARN splat and potential drop of the affected netlink message, with no other ill effects reported in th...

5.5CVSS5.7AI score0.00115EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.17 views

CVE-2026-31421

CVE-2026-31421 – Linux kernel net/sched cls_fw NULL pointer dereference . Root cause: in fw_classify(), the old-method path uses tcf_block_q() and dereferences q->handle; for shared blocks, block->q is NULL, causing a NULL pointer dereference when a nonzero skb is classified. The fix preven...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.17 views

CVE-2026-31427

The CVE-2026-31427 issue in Linux kernel netfilter/nf_conntrack_sip was fixed by initializing the rtp_addr before calling nf_nat_sip SDP hooks and tracking via a have_rtp_addr flag. If SDP has no m= lines, or contains only inactive/unrecognized media, the code now avoids calling sdp_session with ...

5.5CVSS5.7AI score0.00115EPSS
CVE
CVE
added 2026/04/22 1:53 p.m.17 views

CVE-2026-31458

Technical details (affected product, vulnerable component, and remediation) are not provided in the connected documents. Monitor for updates.

5.5CVSS5.6AI score0.00122EPSS
Web
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31476

In the Linux kernel component ksmbd, CVE-2026-31476 describes a logic flaw where a multichannel session binding request that fails (for example, due to a wrong password) could cause the targeted session to be marked SMB2_SESSION_EXPIRED. Because the failed binding may reference a session from ano...

8.2CVSS5.6AI score0.00499EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31485

The CVE-2026-31485 issue affects the Linux kernel SPI driver for the FSL LPSPI controller. Root cause: teardown order when unregistering the SPI controller can race with in-flight DMA transfers, causing a NULL pointer dereference (UAF) and an I/O error in DMA RX during a transfer. The documented ...

7.8CVSS5.6AI score0.00126EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31487

The CVE concerns the Linux kernel SPI subsystem. A flaw arises when a driver is probed via __driver_attach(): the bus match() callback is invoked without holding the device lock, allowing access to the driver_override field without proper synchronization, creating a use-after-free (UAF) risk. The...

5.5CVSS5.6AI score0.00094EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31489

This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31498

Linux kernel CVE-2026-31498 affects Bluetooth L2CAP by exposing memory leaks during reconfiguration (ERTM data structures) and a zero-valued max_pdu_size path that can lead to an infinite loop in l2cap_segment_sdu. Root cause: reconfiguration previously re-initialized ERTM state and NULL’d sdu wi...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31518

CVE-2026-31518 affects the Linux kernel espintcp path when using asynchronous crypto. If the TX queue for espintcp is full, esp_output_tail_tcp returns an error and the skb is not freed under earlier synchronous handling; with async crypto (esp_output_done) the skb must be dropped when esp_output...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31522

CVE-2026-31522 affects the Linux kernel HID magicmouse driver. The root cause is in magicmouse_report_fixup(), which allocated a new buffer via kmemdup and failed to free it, while the caller does not own the returned pointer. This memory leak can enable local resource exhaustion, with the CVSS i...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.17 views

CVE-2026-31558

The CVE-2026-31558 issue affects the Linux kernel LoongArch KVM component. The vulnerable code is kvm_get_vcpu_by_cpuid(), which accepts a cpuid as int; if cpuid is negative, the function could access kvm_arch::phyid_map::phys_map[] out of bounds. The documented fix makes kvm_get_vcpu_by_cpuid() ...

8.8CVSS5.4AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.17 views

CVE-2026-31561

CVE-2026-31561 affects the Linux kernel: the fix removes the X86_CR4_FRED bit from the CR4 pinning mask to avoid a boot-time window where exceptions cannot be handled. The vulnerability is detailed as a problem where FRED was temporarily disabled during AP boot, which could let an attacker modify...

5.5CVSS5.5AI score0.00122EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.17 views

CVE-2026-31599

CVE-2026-31599 concerns a flaw in the Linux kernel vidtv driver where vidtv_pmt_stream_init can return NULL and the caller (vidtv_channel_pmt_match_sections) does not check for this, leading to a NULL pointer dereference in vidtv_psi_desc_assign and a general protection fault. The fixes add a NUL...

5.5CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.17 views

CVE-2026-31630

The CVE-2026-31630 issue affects the Linux kernel RXRPC procfs address formatting: AF_RXRPC procfs helpers used fixed 50-byte buffers to render local/remote socket addresses with "%pISpc", which is insufficient for the longest current IPv6-with-port forms (notably ISATAP paths). The root cause is...

7.8CVSS5.5AI score0.00132EPSS
CVE
CVE
added 2026/04/24 2:44 p.m.17 views

CVE-2026-31644

CVE-2026-31644 affects the Linux kernel LAN966X network driver. The issue arises in lan966x_fdma_reload() when allocation of new RX buffers fails, causing the restore path to restart DMA with old descriptors whose pages were already freed, and because page_pool_put_full_page() can release pages b...

7.8CVSS5.5AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.17 views

CVE-2026-31651

In CVE-2026-31651, the Linux kernel mmc: vub300 driver is affected by a NULL-deref/use-after-free on disconnect. The root cause is dropping the driver data reference without deregistering the controller, which can lead to NULL-pointer dereferences and a potential system crash (DoS) on local acces...

5.5CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.17 views

CVE-2026-31665

CVE-2026-31665 affects the Linux kernel netfilter nf_conntrack timeout destruction. The issue is a use-after-free where nft_ct_timeout_obj_destroy() frees the timeout object with kfree() immediately after nf_ct_untimeout(), potentially leaving RCU-protected references active. The documented fix d...

7.8CVSS5.6AI score0.00117EPSS
CVE
CVE
added 2026/04/30 11:47 a.m.17 views

CVE-2026-31693

CVE-2026-31693 affects the Linux kernel CIFS implementation. The issue arises when replaying a request: certain local variables were not reinitialized after a replay label, which can cause unpredictable behavior and potentially denial of service or instability. The vulnerability is limited to the...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.17 views

CVE-2026-31710

CVE-2026-31710 — Linux kernel CIFS SMB1 UNIX mounts: A fix addresses incorrect dir separators caused by not updating @cifs_sb->mnt_cifs_flags after reset_cifs_unix_caps() when mounting SMB1 UNIX shares. The root cause is that the POSIX ACLs/paths flags (CIFS_MOUNT_POSIXACL, CIFS_MOUNT_POSIX_PA...

5.5CVSS5.7AI score0.001EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.17 views

CVE-2026-31737

Technical details (affected product/component/versions/root cause/impact or fixes) for CVE-2026-31737 are not publicly available in the provided connected documents. Monitor for updates.

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.17 views

CVE-2026-31747

CVE-2026-31747 affects the Linux kernel code path for comedi me4000 firmware loading. The vulnerability arises when me4000_xilinx_download() blindly trusts the firmware file format and reads a header length from the first 4 bytes into file_length, then reads data from offset 16 of length file_len...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.17 views

CVE-2026-31750

CVE-2026-31750 affects the Linux kernel comedi driver. The issue is a memory leak where chanlist was not freed in the exceptional exit path of do_cmd_ioctl because runflags may be unset; do_become_nonbusy() previously freed chanlist only when runflags were set. The fix adds a check in do_become_n...

5.5CVSS5.7AI score0.00107EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-31773

The CVE-2026-31773 entry concerns the Linux kernel Bluetooth SMP implementation. The root cause is that the legacy responder path in smp_random() marks the STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH, which reflects the requested security level rather than the actual pairi...

8.8CVSS5.8AI score0.00282EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-43010

CVE-2026-43010 : The Linux kernel fix addresses a bug where sleepable kprobe_multi programs could be attached in a non-sleepable context because bpf_kprobe_multi_link_attach() did not validate the sleepable flag. This allowed sleepable helpers (e.g., bpf_copy_from_user()) to be invoked from an at...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-43017

CVE-2026-43017 concerns the Linux kernel Bluetooth MGMT mesh path. It fixes missing validation of adv_data_len in mesh_send, which could allow out-of-bounds access in queued commands. The description and connected advisories indicate: affected software is the Linux kernel; root cause is failure t...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-43018

The CVE-2026-43018 entry is confirmed: a Use-After-Free in Linux kernel Bluetooth HCI event handling (hci_le_remote_conn_param_req_evt) due to insufficient locking during hci_conn lookup/access. The vulnerability arises from hci_conn lookup and field access not always being protected by the hdev ...

8.8CVSS5.8AI score0.00256EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-43030

CVE-2026-43030 affects the Linux kernel BPF subsystem (regsafe). A logic error in regsafe() for pointers to packets when rold->reg->range == BEYOND_PKT_END and rcur->reg->range == N could allow a state where valid packet ranges are not explored, potentially enabling privilege escalati...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/05 3:23 p.m.17 views

CVE-2026-43068

Linux kernel ext4: CVE-2026-43068 stems from a bug that could cause allocation of blocks from a corrupted block group, leading to repeated delayed block allocation failures and potential data loss. The issue arises in ext4_mb_find_by_goal() through ext4_mb_load_buddy and related bitmap checks, wh...

5.5CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2026/05/05 3:23 p.m.17 views

CVE-2026-43069

CVE-2026-43069 concerns the Linux kernel Bluetooth stack (hci_ll). The issue arises when download_firmware() succeeds in request_firmware() but returns invalid content (no data/zero size), causing a resource leak because firmware is not released. The fix introduced is to call release_firmware() b...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.17 views

CVE-2026-43084

CVE-2026-43084 affects the Linux kernel netfilter nfnetlink_queue. The vulnerability stems from sharing a global hash table across all queues, allowing a parallel CPU to access a nf_queue_entry after it has been freed, causing a slab-use-after-free (KASAN) and potential crash/DoS. The fix is to m...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.17 views

CVE-2026-43104

The CVE-2026-43104 entry concerns the Linux kernel DRM vc4 driver. Root cause: a memory leak in the hang state path where vc4_save_hang_state() could return early without freeing previously allocated kernel_state. Remediation: consolidated early return paths and added missing kfree() calls. Impac...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43123

Summary: CVE-2026-43123 affects the Linux kernel’s fbcon component. The root cause is a missing return-value check in con2fb_acquire_newinfo(); if fbcon_open() fails during this call, info->fbcon_par may be NULL and dereferenced, potentially crashing the system. The provided documents indicate...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43129

The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...

5.5CVSS6AI score0.00122EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43141

Summary : CVE-2026-43141 affects the Linux kernel ntb_hw_switchtec code, where the number of MW LUTs can be configured to zero. In that scenario, a call to rounddown_pow_of_two could trigger undefined behavior. The patch ensures rounddown_pow_of_two is only applied to a valid value. Impact : Unde...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43146

CVE-2026-43146 relates to the Linux kernel iris media driver. The root cause was that internal buffers were enqueued in buffers->list before a DMA allocation completed. If dma_alloc_attrs() failed with -ENOMEM, a partially initialized buffer remained in the list, risking inconsistent state and...

5.5CVSS5.9AI score0.00126EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43152

The CVE-2026-43152 issue is in the Linux kernel HID subsystem (hid-pl): if probe errors during device init are not handled, a NULL pointer dereference can occur when a device using Force Feedback is interacted with. Exploitation details are not provided in the documents, but the vulnerability is ...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43173

CVE-2026-43173 is a Linux kernel vulnerability in the net: ethernet: xscale driver where ixp46x_ptp_find() is invoked unconditionally from ixp4xx_get_ts_info(), even on systems without ixp46x support. This NULL pointer dereference can lead to a kernel crash/DoS when reading PTP-related info via e...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43186

The CVE-2026-43186 issue affects the Linux kernel IOAM code path for IPv6 (IOAM6). A crafted packet could cause a heap-buffer overflow in __ioam6_fill_trace_data() on the receive path by setting nodelen inconsistently with trace->type, leading to writes beyond the allocated region and possible...

9.8CVSS5.9AI score0.00642EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.17 views

CVE-2026-43207

The vulnerability CVE-2026-43207 affects the Linux kernel mtk-mdp media driver. Root cause: improper error handling in the probe function can cause resource leaks; a missing check for vpu_get_plat_device() may dereference a NULL and the function increases the platform device reference count, risk...

7.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.17 views

CVE-2026-43255

The CVE-2026-43255 entry concerns the Linux kernel component for wireless Libertus (wifi: libertas). The vulnerability arises when usb_tx_block() submits cardp->tx_urb without guaranteeing the previous URB has completed; a second call during active URB state can trigger a warning (“URB submitt...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.17 views

CVE-2026-43259

CVE-2026-43259 affects the Linux kernel in the phy: fsl-imx8mq-usb driver. The vulnerability arises from missing platform_set_drvdata(), with data intended for use in remove(). The fixed code adds the missing platform_set_drvdata() call in the driver. Impact, as per the CVE details, is consistent...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/06 11:29 a.m.17 views

CVE-2026-43282

CVE-2026-43282 affects the Linux kernel, specifically the RDMA ionic driver. The issue is in ionic_query_port(), which calls ib_device_get_netdev() without validating the return value, risking a NULL pointer dereference. The documented fix is to check the returned netdev and return -ENODEV if it ...

5.5CVSS5.7AI score0.00112EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.17 views

CVE-2026-43285

Linux kernel mm/slab: do not access current->mems_allowed_seq if !allow_spin. The issue arises when get_from_any_partial() runs in NMI context, since seqcount_spinlock_t is not NMI-safe and can trigger a deadlock in the write/read sequence. Affected code path can lead to inconsistent lock stat...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.17 views

CVE-2026-43286

The CVE-2026-43286 entry is resolved in the Linux kernel’s hugetlb subsystem (mm/hugetlb). A fix for an underflow in hstate->resv_huge_pages was introduced by commit a833a693a490 to correct fallback behavior for subpools, but it created a new issue where the subpool’s used_hpages could remain ...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.17 views

CVE-2026-43295

The CVE-2026-43295 entry concerns the Linux kernel rapidio subsystem. A memory-management bug in rio_scan_alloc_net() uses rio_free_net() instead of kfree() when idtab allocation fails, leaving the net object potentially unreleased. The fix replaces rio_free_net() with kfree(net) and sets mport-&...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 1:11 p.m.17 views

CVE-2026-43296

The CVE-2026-43296 case affects the Linux kernel driver octeontx2-af, where the NIX SQ manager sticky mode can stall when multiple SQs share an SMQ and transmit concurrently, and transitions between sticky and non-sticky transmissions can deadlock the PSE, with additional credit drops when clocks...

7.5CVSS5.8AI score0.00387EPSS
Total number of security vulnerabilities14139