CVE-2026-43211

CVE-2026-43211 – Linux kernel PCI slot lock handling fix The issue arises in PCI lock management: pci_slot_trylock() incorrectly handled unlocking when nested locks fail, due to an extra pci_dev_unlock(dev) on the failure path after delegating to pci_bus_trylock(). This could trigger a warning ab...

CVE-2026-43213

The CVE-2026-43213 issue centers on the Linux kernel WiFi driver rtw89_pci, where an abnormal TX release report sequence number can cause an out-of-bounds access to wd_ring->pages, leading to a NULL pointer dereference and kernel crash (DoS). Public reports confirm this affects the rtw89_pci c...

CVE-2026-43223

CVE-2026-43223 concerns the Linux kernel media driver pvrusb2. The issue arises when pvr2_send_request_ex() submits a write URB and, if the subsequent read URB submission fails (e.g., due to -ENOMEM), returns early without waiting for the write to complete. Because the same URB structure is reuse...

CVE-2026-43224

The CVE-2026-43224 entry concerns the Linux kernel io_uring/zcrx subsystem. A memory leak could occur when mapping fails in io_populate_area_dma() on PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA, as io_zcrx_map_area() would allocate a sgtable that isn’t freed due to the error path not freeing it when !is_...

CVE-2026-43228

The CVE-2026-43228 entry concerns the Linux kernel hfs component where 64-bit CNID counts (next_id, folder_count, file_count) triggered kernel panics when MDB was corrupted. Root cause: BUG_ON-based overflow checks replaced by proper error handling. Impact: local DoS via kernel panic with a corru...

CVE-2026-43238

CVE-2026-43238 is a Linux kernel issue in the net/sched act_skbedit module. The bug arises in tcf_skbedit_hash() when calculating mapping_mod = queue_mapping_max - queue_mapping + 1, which could reach 65536 for full u16 queue ranges. This value cannot fit in a u16 and previously wrapped to 0, cau...

CVE-2026-43240

CVE-2026-43240 concerns the Linux kernel (x86/kexec) where a second-stage kernel booted with a memory-limiting parameter (mem=…) may place the IMA kexec buffer outside the accessible RAM, causing a kernel panic. The vulnerability arises from a missing range validation for the carried IMA measurem...

CVE-2026-43242

CVE-2026-43242 concerns a leak in the Linux kernel’s driver for TI K3 SoC (soc: ti: k3-socinfo). The vulnerability arises when an mmio regmap is allocated during probe but not freed on probe failure, risking resource exhaustion and potential system instability. The fix uses a device-managed alloc...

CVE-2026-43248

In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...

CVE-2026-43267

The CVE-2026-43267 issue affects the Linux kernel wifi stack, specifically the rt89 beacon tracking path. The root cause is that the bss_conf->beacon_int value can be zero, which leads to a division-by-zero in subsequent calculations. The fix introduces a safe default by setting beacon interva...

CVE-2026-43273

CVE-2026-43273 concerns the Linux kernel Ceph file system module, where ceph_zero_partial_object() lacked proper snapshot context for OSD write operations. This omission can cause data inconsistencies within snapshots, potentially affecting data integrity of previously snapshotted data. Affected ...

CVE-2026-43311

CVE-2026-43311 resolves a Linux kernel Tegra PMC issue where generic_handle_irq() was called from a non-interrupt context during system suspend resume, causing kernel warnings. The fix defers the call to an IRQ work, enabling safe execution in hard IRQ context. For PREEMPT_RT kernels, the patch u...

CVE-2026-43348

The CVE-2026-43348 issue affects the Linux kernel’s mshv_vtl path: when registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the calculation of pgmap->vmemmap_shift can exceed MAX_FOLIO_ORDER, causing a WARN and -EINVAL during memremap_pages(). The root cause is failing to clamp the computed shif...

CVE-2026-43391

CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...

CVE-2026-43417

CVE-2026-43417 affects the Linux kernel, specifically the vfork()/CLONE_VM handling in sched/mmcid. The bug occurs when the number of tasks in a process is smaller than MMCID users, causing the system to loop through the task list and double-count already processed tasks. If this double processin...

CVE-2026-43422

In CVE-2026-43422, the Linux kernel USB legacy NCM driver had a NULL pointer dereference in gncm_bind caused by deferring net_device allocation. The fix defers allocation until later in the binding process and stores qmult, host_addr, and dev_addr into ncm_opts->net_opts during gncm_bind so th...

CVE-2026-43440

CVE-2026-43440 affects the Linux kernel net/mana driver, where during mana_gd_setup() cleanup a workqueue pointer (service_wq) could remain non-NULL after destroy_workqueue(), leading to a potential use-after-free if the pointer is checked after a failed setup. Connected advisories confirm the ro...

CVE-2026-43455

In CVE-2026-43455, multiple sources confirm a race in the Linux kernel MCTP module: mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_key() without holding key->lock, while both mctp_dev_set_key() and mctp_dev_release_key() require the lock. This can allow concurrent path...

CVE-2026-43463

Summary: Multiple sources confirm a Linux kernel vulnerability in rxrpc and afs where rxrpc_kernel_lookup_peer() could return error pointers in addition to NULL, risking instability. The fix changes rxrpc_kernel_lookup_peer() to return -ENOMEM on allocation failure (instead of NULL) and updates c...

CVE-2026-43464

Summary: CVE-2026-43464 affects the Linux kernel mlx5e driver in XDP multi-buffer scenarios. When XDP programs modify buffer layout via bpf_xdp_pull_data() or bpf_xdp_adjust_tail(), the driver previously failed to count dropped fragments, causing negative page reference counts during cleanup and ...

CVE-2026-43467

CVE-2026-43467 affects the Linux kernel mlx5_core/mlx5_eswitch stack. Root cause: when moving a device to switchdev mode on a system that does not support IPsec, the code erroneously cleans up IPsec resources, triggering a local crash/DoS. With concrete details from multiple vendors (Red Hat, SUS...

CVE-2026-46245

CVE-2026-46245 affects the AMDGPU display driver in the Linux kernel. The vulnerability arises in amdgpu_dm_hpd_init() where a NULL dc_link could be dereferenced while setting up HPD interrupts, despite an earlier check for polling decisions. The provided patch assigns dc_link early and skips con...

CVE-2026-46258

The CVE-2026-46258 issue is in the Linux kernel’s gpio: cdev module, where in linehandle_create() a NULL dereference could occur when lh is dereferenced after a retain_and_null_ptr(lh). The vulnerability is resolved by avoiding the dereference and using handlereq.lines, which holds the same value...

CVE-2026-46263

CVE-2026-46263 is a Linux kernel issue in drm/amd/display where eng_id may index stream_enc_regs beyond its 5-element size, causing out-of-bounds access. The fix adds an explicit bounds check (using ARRAY_SIZE) before indexing stream_enc_regs[eng_id], preventing access when eng_id is ENGINE_ID_DI...

CVE-2026-46268

The CVE relates to the Linux kernel PCI/P2PDMA subsystem. A warning in p2pmem_alloc_mmap() was triggered by an assertion VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) after the initial page refcount was changed to zero by a prior patch. The issue arises only when CONFIG_DEBUG_VM is enabled, produci...

CVE-2022-50447

The CVE pertains to the Linux kernel Bluetooth subsystem. A crash in the HCI path occurs when connecting multiple ISO sockets without DEFER_SETUP, caused by a NULL pointer dereference in hci_create_cis_sync, leading to a KASAN crash. The vulnerability is described in CVE-2022-50447 as fixed by th...

CVE-2022-50467

CVE-2022-50467 affects the Linux kernel LPFC SCSI driver (lpfc). The vulnerability arises in lpfc_cmpl_ct_cmd_gft_id() where an abnormal exit path could call lpfc_nlp_put() with a null pointer to a nodelist structure, risking a null dereference. The changelog indicates the root cause was a missin...

CVE-2022-50485

The CVE-2022-50485 entry concerns the Linux kernel ext4 subsystem. A new EXT4_IGET_BAD flag is added to ext4_iget() to prevent returning a bad inode; previously, boot loader inodes could be returned as bad inodes, bypassing some checks and potentially causing a kernel panic. The mitigation is a p...

CVE-2022-50555

CVE-2022-50555 (Linux kernel tipc_topsrv_accept) has a concrete fix across multiple advisories. The issue allowed a null pointer dereference when srv->listener could be NULL if tipc_topsrv_stop() ran concurrently with tipc_topsrv_accept. The patch adds a protection: check srv->listener unde...

CVE-2023-53451

CVE-2023-53451 concerns a NULL pointer dereference in the Linux kernel scsi: qla2xxx path (root cause: potential dereference of cur_dsd). Connected advisories list the CVE among kernel fixes and indicate a fix was applied upstream; EulerOS/SUSE Nessus entries enumerate this CVE as addressed in ke...

CVE-2023-53470

CVE-2023-53470 – Linux kernel issue : The vulnerability arises from a missing NULL check after devlink_alloc(), risking kernel panic when devlink_priv() is called on a NULL result. A fix adds the NULL check; as a result, driver load may fail but the kernel will not panic. Documents show the issue...

CVE-2023-53532

CVE-2023-53532 concerns the Linux kernel/ath11k on AHB WLAN hardware. The issue arises during deinitialization of firmware resources for chipsets with non-fixed firmware memory when TrustZone is not present. The code path unmapped memory that was never mapped during initialization, leading to a k...

CVE-2023-53561

The CVE-2023-53561 issue affects the Linux kernel net: wwan: iosm component, causing a NULL pointer dereference during device removal in suspend/resume cycles. Root cause: ipc_imem_wwan_channel_init() may fail to obtain valid device capabilities, leading to no wwan struct allocation; later remova...

CVE-2023-53657

CVE-2023-53657 affects the Linux kernel (ice subsystem) with a NULL dereference risk from ice_eswitch_port_start_xmit when switchdev configuration isn’t fully finished. The vulnerability is addressed by a fix that guards against proceeding before switchdev is configured. Multiple advisories note ...

CVE-2023-53663

CVE-2023-53663 concerns the Linux kernel KVM nSVM nested-VM path. The issue occurs when nested TSC scaling support is checked on nested SVM VMRUN and an MSR write together with a guest CPUID update hides the feature, causing the guest to trigger a WARN repeatedly (sequence shown) instead of a cor...

CVE-2025-71106

CVE-2025-71106 - Linux kernel fix . The vulnerability concerns the filesystems_freeze_callback() check (freeze_all_ptr) introduced by the commit “power: always freeze efivarfs.” The check was inverted, causing all file systems to be frozen when filesystem_freeze_enabled is false. This could trigg...

CVE-2025-71109

CVE-2025-71109 covers a Linux kernel issue in MIPS ftrace involving memory corruption when the kernel is located beyond 32 bits. The root cause is the UASM_i_LA_mostly macro (and now UASM_i_LA) generating more than two instructions, while ftrace code stores only an int[2], risking overflow that c...

CVE-2025-71110

Technical details about CVE-2025-71110 are not publicly available in the provided connected documents. No specific affected products, versions, or remediation information are disclosed here; monitor for updates.

CVE-2025-71123

CVE-2025-71123 affects the Linux kernel Ext4 mount option parsing. The vulnerability stems from improper string copying in parse_apply_sb_mount_options(), where strscpy_pad() could copy a non-NUL-terminated string into a fixed-size destination, triggering fortify warnings (strnlen: detected buffe...

CVE-2025-71124

CVE-2025-71124 —Linux kernel DRM MSM A6XX path fix: moved preempt_prepare_postamble() to after validating preempt_postamble_ptr to prevent NULL pointer dereference when postamble allocation fails. Impact described as crash risk; patch available in Patchwork 687659; no exploitation details provide...

CVE-2025-71152

CVE-2025-71152 is a vulnerability reported in the Linux kernel and appears in multiple OS advisories. Connected entries indicate patches for Root Linux (rootio-linux) across Debian 11/12/13 variants, and additional OSV records show Debian-based and Chainguard advisories patching Root packages. Pu...

CVE-2025-71187

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2025-71271

CVE-2025-71271 affects the Linux kernel hfsplus filesystem driver. A bug introduced during the move to the new mount API could leak filesystem-specific data (sb->s_fs_info) if setup_bdev_super() fails after a new superblock is allocated but before hfsplus_fill_super() takes ownership. The leak...

CVE-2025-71287

The CVE-2025-71287 issue affects the Linux kernel driver mtk-smi for memory handling during larb probes. The root cause is failure to drop the reference to the SMI device on late probe failure or driver unbind, causing a memory leak that could lead to resource exhaustion and potential DoS. The vu...

CVE-2025-71292

Summary (CVE-2025-71292): The Linux kernel JFS component has a vulnerability where, if a directory’s link count (nlink) is at its maximum and a rename operation affects a child directory, the nlink can wrap from -1 to 0, triggering an erroneous drop_nlink warning. Multiple sources indicate this h...

CVE-2026-23252

The CVE-2026-23252 issue affects the Linux kernel XFS code. The root cause is the xchk_xfile_*_descr macros calling kasprintf, which could fail to allocate memory when formatting strings larger than the non‑no-fail limit. The patch removes this path by passing static strings instead, eliminating ...

CVE-2026-23261

CVE-2026-23261 corresponds to a Linux kernel NVMe over Fabrics issue where nvme_fc_init_ctrl leaks admin blk-mq resources if subsequent steps fail during controller setup. The fix ensures the admin_tagset is freed by checking ctrl->ctrl.admin_tagset in the fail_ctrl path and calling nvme_remov...

CVE-2026-23297

CVE-2026-23297 affects the Linux kernel’s NFS daemon (nfsd). The issue is a memory leak of struct cred caused by how nfsd_nl_threads_set_doit() passes current credentials to nfsd_svc() and later to _svc_xprt_create() without transferring ownership, leaving a refcount leak. SYZBOT identified a lea...

CVE-2026-23303

The CVE-2026-23303 vulnerability affects the Linux kernel SMB client: when logging is enabled, cifs_set_cifscreds can emit plaintext credentials (username/password) to logs. The issue is fixed by removing the debug log, preventing credential exposure. The connected advisories confirm the flaw exi...

CVE-2026-23305

The CVE-2026-23305 entry concerns a Linux kernel issue in accel/rocket where unwinding in rocket_probe’s error path was incorrect. If rocket_core_init() fails (e.g., due to EPROBE_DEFER), the kernel must unwind by decrementing the incremented counter and, if it’s the first core failed to probe, c...