14139 matches found
CVE-2026-23441
CVE-2026-23441 is a Linux kernel vulnerability in the net/mlx5e driver. The issue is a race condition where the ASO spinlock is released before the hardware finishes processing a WQE, causing a second operation to overwrite a shared DMA context. The fix introduces a private per-object IPSec ASO c...
CVE-2026-23445
Summary of CVE-2026-23445 (Linux kernel igc driver) Affected component: igc network driver in the Linux kernel, specifically the XDP TX timestamping path. Root cause: during shutdown of the TX ring, the code leaves behind stale xsk_meta pointers, causing the IRQ handler to touch invalid pointers ...
CVE-2026-31416
CVE-2026-31416 (Linux kernel) : Affected component is netfilter nfnetlink_log. The issue is caused by not accounting for the netlink header size when processing NL messages, which can lead to a WARN splat and potential drop of the affected netlink message, with no other ill effects reported in th...
CVE-2026-31421
CVE-2026-31421 – Linux kernel net/sched cls_fw NULL pointer dereference . Root cause: in fw_classify(), the old-method path uses tcf_block_q() and dereferences q->handle; for shared blocks, block->q is NULL, causing a NULL pointer dereference when a nonzero skb is classified. The fix preven...
CVE-2026-31427
The CVE-2026-31427 issue in Linux kernel netfilter/nf_conntrack_sip was fixed by initializing the rtp_addr before calling nf_nat_sip SDP hooks and tracking via a have_rtp_addr flag. If SDP has no m= lines, or contains only inactive/unrecognized media, the code now avoids calling sdp_session with ...
CVE-2026-31458
Technical details (affected product, vulnerable component, and remediation) are not provided in the connected documents. Monitor for updates.
CVE-2026-31476
In the Linux kernel component ksmbd, CVE-2026-31476 describes a logic flaw where a multichannel session binding request that fails (for example, due to a wrong password) could cause the targeted session to be marked SMB2_SESSION_EXPIRED. Because the failed binding may reference a session from ano...
CVE-2026-31485
The CVE-2026-31485 issue affects the Linux kernel SPI driver for the FSL LPSPI controller. Root cause: teardown order when unregistering the SPI controller can race with in-flight DMA transfers, causing a NULL pointer dereference (UAF) and an I/O error in DMA RX during a transfer. The documented ...
CVE-2026-31487
The CVE concerns the Linux kernel SPI subsystem. A flaw arises when a driver is probed via __driver_attach(): the bus match() callback is invoked without holding the device lock, allowing access to the driver_override field without proper synchronization, creating a use-after-free (UAF) risk. The...
CVE-2026-31489
This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...
CVE-2026-31498
Linux kernel CVE-2026-31498 affects Bluetooth L2CAP by exposing memory leaks during reconfiguration (ERTM data structures) and a zero-valued max_pdu_size path that can lead to an infinite loop in l2cap_segment_sdu. Root cause: reconfiguration previously re-initialized ERTM state and NULL’d sdu wi...
CVE-2026-31512
Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len
CVE-2026-31518
CVE-2026-31518 affects the Linux kernel espintcp path when using asynchronous crypto. If the TX queue for espintcp is full, esp_output_tail_tcp returns an error and the skb is not freed under earlier synchronous handling; with async crypto (esp_output_done) the skb must be dropped when esp_output...
CVE-2026-31522
CVE-2026-31522 affects the Linux kernel HID magicmouse driver. The root cause is in magicmouse_report_fixup(), which allocated a new buffer via kmemdup and failed to free it, while the caller does not own the returned pointer. This memory leak can enable local resource exhaustion, with the CVSS i...
CVE-2026-31558
The CVE-2026-31558 issue affects the Linux kernel LoongArch KVM component. The vulnerable code is kvm_get_vcpu_by_cpuid(), which accepts a cpuid as int; if cpuid is negative, the function could access kvm_arch::phyid_map::phys_map[] out of bounds. The documented fix makes kvm_get_vcpu_by_cpuid() ...
CVE-2026-31561
CVE-2026-31561 affects the Linux kernel: the fix removes the X86_CR4_FRED bit from the CR4 pinning mask to avoid a boot-time window where exceptions cannot be handled. The vulnerability is detailed as a problem where FRED was temporarily disabled during AP boot, which could let an attacker modify...
CVE-2026-31599
CVE-2026-31599 concerns a flaw in the Linux kernel vidtv driver where vidtv_pmt_stream_init can return NULL and the caller (vidtv_channel_pmt_match_sections) does not check for this, leading to a NULL pointer dereference in vidtv_psi_desc_assign and a general protection fault. The fixes add a NUL...
CVE-2026-31630
The CVE-2026-31630 issue affects the Linux kernel RXRPC procfs address formatting: AF_RXRPC procfs helpers used fixed 50-byte buffers to render local/remote socket addresses with "%pISpc", which is insufficient for the longest current IPv6-with-port forms (notably ISATAP paths). The root cause is...
CVE-2026-31644
CVE-2026-31644 affects the Linux kernel LAN966X network driver. The issue arises in lan966x_fdma_reload() when allocation of new RX buffers fails, causing the restore path to restart DMA with old descriptors whose pages were already freed, and because page_pool_put_full_page() can release pages b...
CVE-2026-31651
In CVE-2026-31651, the Linux kernel mmc: vub300 driver is affected by a NULL-deref/use-after-free on disconnect. The root cause is dropping the driver data reference without deregistering the controller, which can lead to NULL-pointer dereferences and a potential system crash (DoS) on local acces...
CVE-2026-31665
CVE-2026-31665 affects the Linux kernel netfilter nf_conntrack timeout destruction. The issue is a use-after-free where nft_ct_timeout_obj_destroy() frees the timeout object with kfree() immediately after nf_ct_untimeout(), potentially leaving RCU-protected references active. The documented fix d...
CVE-2026-31693
CVE-2026-31693 affects the Linux kernel CIFS implementation. The issue arises when replaying a request: certain local variables were not reinitialized after a replay label, which can cause unpredictable behavior and potentially denial of service or instability. The vulnerability is limited to the...
CVE-2026-31710
CVE-2026-31710 — Linux kernel CIFS SMB1 UNIX mounts: A fix addresses incorrect dir separators caused by not updating @cifs_sb->mnt_cifs_flags after reset_cifs_unix_caps() when mounting SMB1 UNIX shares. The root cause is that the POSIX ACLs/paths flags (CIFS_MOUNT_POSIXACL, CIFS_MOUNT_POSIX_PA...
CVE-2026-31737
Technical details (affected product/component/versions/root cause/impact or fixes) for CVE-2026-31737 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2026-31747
CVE-2026-31747 affects the Linux kernel code path for comedi me4000 firmware loading. The vulnerability arises when me4000_xilinx_download() blindly trusts the firmware file format and reads a header length from the first 4 bytes into file_length, then reads data from offset 16 of length file_len...
CVE-2026-31750
CVE-2026-31750 affects the Linux kernel comedi driver. The issue is a memory leak where chanlist was not freed in the exceptional exit path of do_cmd_ioctl because runflags may be unset; do_become_nonbusy() previously freed chanlist only when runflags were set. The fix adds a check in do_become_n...
CVE-2026-31773
The CVE-2026-31773 entry concerns the Linux kernel Bluetooth SMP implementation. The root cause is that the legacy responder path in smp_random() marks the STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH, which reflects the requested security level rather than the actual pairi...
CVE-2026-43010
CVE-2026-43010 : The Linux kernel fix addresses a bug where sleepable kprobe_multi programs could be attached in a non-sleepable context because bpf_kprobe_multi_link_attach() did not validate the sleepable flag. This allowed sleepable helpers (e.g., bpf_copy_from_user()) to be invoked from an at...
CVE-2026-43017
CVE-2026-43017 concerns the Linux kernel Bluetooth MGMT mesh path. It fixes missing validation of adv_data_len in mesh_send, which could allow out-of-bounds access in queued commands. The description and connected advisories indicate: affected software is the Linux kernel; root cause is failure t...
CVE-2026-43018
The CVE-2026-43018 entry is confirmed: a Use-After-Free in Linux kernel Bluetooth HCI event handling (hci_le_remote_conn_param_req_evt) due to insufficient locking during hci_conn lookup/access. The vulnerability arises from hci_conn lookup and field access not always being protected by the hdev ...
CVE-2026-43030
CVE-2026-43030 affects the Linux kernel BPF subsystem (regsafe). A logic error in regsafe() for pointers to packets when rold->reg->range == BEYOND_PKT_END and rcur->reg->range == N could allow a state where valid packet ranges are not explored, potentially enabling privilege escalati...
CVE-2026-43068
Linux kernel ext4: CVE-2026-43068 stems from a bug that could cause allocation of blocks from a corrupted block group, leading to repeated delayed block allocation failures and potential data loss. The issue arises in ext4_mb_find_by_goal() through ext4_mb_load_buddy and related bitmap checks, wh...
CVE-2026-43069
CVE-2026-43069 concerns the Linux kernel Bluetooth stack (hci_ll). The issue arises when download_firmware() succeeds in request_firmware() but returns invalid content (no data/zero size), causing a resource leak because firmware is not released. The fix introduced is to call release_firmware() b...
CVE-2026-43084
CVE-2026-43084 affects the Linux kernel netfilter nfnetlink_queue. The vulnerability stems from sharing a global hash table across all queues, allowing a parallel CPU to access a nf_queue_entry after it has been freed, causing a slab-use-after-free (KASAN) and potential crash/DoS. The fix is to m...
CVE-2026-43104
The CVE-2026-43104 entry concerns the Linux kernel DRM vc4 driver. Root cause: a memory leak in the hang state path where vc4_save_hang_state() could return early without freeing previously allocated kernel_state. Remediation: consolidated early return paths and added missing kfree() calls. Impac...
CVE-2026-43123
Summary: CVE-2026-43123 affects the Linux kernel’s fbcon component. The root cause is a missing return-value check in con2fb_acquire_newinfo(); if fbcon_open() fails during this call, info->fbcon_par may be NULL and dereferenced, potentially crashing the system. The provided documents indicate...
CVE-2026-43129
The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...
CVE-2026-43141
Summary : CVE-2026-43141 affects the Linux kernel ntb_hw_switchtec code, where the number of MW LUTs can be configured to zero. In that scenario, a call to rounddown_pow_of_two could trigger undefined behavior. The patch ensures rounddown_pow_of_two is only applied to a valid value. Impact : Unde...
CVE-2026-43146
CVE-2026-43146 relates to the Linux kernel iris media driver. The root cause was that internal buffers were enqueued in buffers->list before a DMA allocation completed. If dma_alloc_attrs() failed with -ENOMEM, a partially initialized buffer remained in the list, risking inconsistent state and...
CVE-2026-43152
The CVE-2026-43152 issue is in the Linux kernel HID subsystem (hid-pl): if probe errors during device init are not handled, a NULL pointer dereference can occur when a device using Force Feedback is interacted with. Exploitation details are not provided in the documents, but the vulnerability is ...
CVE-2026-43173
CVE-2026-43173 is a Linux kernel vulnerability in the net: ethernet: xscale driver where ixp46x_ptp_find() is invoked unconditionally from ixp4xx_get_ts_info(), even on systems without ixp46x support. This NULL pointer dereference can lead to a kernel crash/DoS when reading PTP-related info via e...
CVE-2026-43186
The CVE-2026-43186 issue affects the Linux kernel IOAM code path for IPv6 (IOAM6). A crafted packet could cause a heap-buffer overflow in __ioam6_fill_trace_data() on the receive path by setting nodelen inconsistently with trace->type, leading to writes beyond the allocated region and possible...
CVE-2026-43207
The vulnerability CVE-2026-43207 affects the Linux kernel mtk-mdp media driver. Root cause: improper error handling in the probe function can cause resource leaks; a missing check for vpu_get_plat_device() may dereference a NULL and the function increases the platform device reference count, risk...
CVE-2026-43255
The CVE-2026-43255 entry concerns the Linux kernel component for wireless Libertus (wifi: libertas). The vulnerability arises when usb_tx_block() submits cardp->tx_urb without guaranteeing the previous URB has completed; a second call during active URB state can trigger a warning (“URB submitt...
CVE-2026-43259
CVE-2026-43259 affects the Linux kernel in the phy: fsl-imx8mq-usb driver. The vulnerability arises from missing platform_set_drvdata(), with data intended for use in remove(). The fixed code adds the missing platform_set_drvdata() call in the driver. Impact, as per the CVE details, is consistent...
CVE-2026-43282
CVE-2026-43282 affects the Linux kernel, specifically the RDMA ionic driver. The issue is in ionic_query_port(), which calls ib_device_get_netdev() without validating the return value, risking a NULL pointer dereference. The documented fix is to check the returned netdev and return -ENODEV if it ...
CVE-2026-43285
Linux kernel mm/slab: do not access current->mems_allowed_seq if !allow_spin. The issue arises when get_from_any_partial() runs in NMI context, since seqcount_spinlock_t is not NMI-safe and can trigger a deadlock in the write/read sequence. Affected code path can lead to inconsistent lock stat...
CVE-2026-43286
The CVE-2026-43286 entry is resolved in the Linux kernel’s hugetlb subsystem (mm/hugetlb). A fix for an underflow in hstate->resv_huge_pages was introduced by commit a833a693a490 to correct fallback behavior for subpools, but it created a new issue where the subpool’s used_hpages could remain ...
CVE-2026-43295
The CVE-2026-43295 entry concerns the Linux kernel rapidio subsystem. A memory-management bug in rio_scan_alloc_net() uses rio_free_net() instead of kfree() when idtab allocation fails, leaving the net object potentially unreleased. The fix replaces rio_free_net() with kfree(net) and sets mport-&...
CVE-2026-43296
The CVE-2026-43296 case affects the Linux kernel driver octeontx2-af, where the NIX SQ manager sticky mode can stall when multiple SQs share an SMQ and transmit concurrently, and transitions between sticky and non-sticky transmissions can deadlock the PSE, with additional credit drops when clocks...