14139 matches found
CVE-2026-43286
The CVE-2026-43286 entry is resolved in the Linux kernel’s hugetlb subsystem (mm/hugetlb). A fix for an underflow in hstate->resv_huge_pages was introduced by commit a833a693a490 to correct fallback behavior for subpools, but it created a new issue where the subpool’s used_hpages could remain ...
CVE-2026-43295
The CVE-2026-43295 entry concerns the Linux kernel rapidio subsystem. A memory-management bug in rio_scan_alloc_net() uses rio_free_net() instead of kfree() when idtab allocation fails, leaving the net object potentially unreleased. The fix replaces rio_free_net() with kfree(net) and sets mport-&...
CVE-2026-43296
The CVE-2026-43296 case affects the Linux kernel driver octeontx2-af, where the NIX SQ manager sticky mode can stall when multiple SQs share an SMQ and transmit concurrently, and transitions between sticky and non-sticky transmissions can deadlock the PSE, with additional credit drops when clocks...
CVE-2026-43316
CVE-2026-43316 affects the Linux kernel, specifically the media/solo6x10 component. A signed shift could exceed 32 bits when compiled with UBSAN_SHIFT enabled, triggering undefined behavior; remediation added by checking the existing max chip_id and using an unsigned shift. This removes runtime i...
CVE-2026-43319
CVE-2026-43319 affects the Linux kernel spidev driver. The vulnerability stemmed from inverted lock ordering between spi_lock and buf_lock across code paths (write/read use buf_lock then spi_lock; ioctl uses spi_lock then buf_lock), enabling potential deadlocks in multi-threaded access. The fix u...
CVE-2026-43364
Summary (CVE-2026-43364) : In the Linux kernel ublk subsystem, a local attacker can trigger a NULL pointer dereference by sending UPDATE_SIZE to a ublk device that has been added but not started, or that has been stopped. The root cause is missing state validation in ublk_ctrl_set_size(), which d...
CVE-2026-43367
The CVE-2026-43367 issue affects the Linux kernel, specifically the drm/amd component. It stems from NULL pointer dereferences during device cleanup on unsupported hardware, caused by missing NULL checks on a version pointer. The fixes add NULL checks to these cleanup paths and were cherry-picked...
CVE-2026-43378
CVE-2026-43378 affects the Linux kernel SMB server (smb2_open). A use-after-free arises because the opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window. Multiple sources (SUSE, Red Hat, Debian OSV, Ubuntu, Debian t...
CVE-2026-43381
Summary : CVE-2026-43381 affects the Linux kernel nouveau driver. When runtime-suspend is active, a userspace process accessing /dev/drm_dp_* can trigger a system crash instead of receiving a proper busy status. The root cause is in the nouveau/dpcd path, where aux transfers may incorrectly crash...
CVE-2026-43399
CVE-2026-43399 affects the Linux kernel amdgpu driver: a reference leak in amdgpu_userq_wait_ioctl occurs when an ioctl is aborted because the output array is too small. The fix drops references to syncobj and timeline fence during abort, and is cherry-picked from commit 68951e9c3e6bb22396bc42ef2...
CVE-2026-43413
The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...
CVE-2026-43425
The CVE-2026-43425 issue affects the Linux kernel mdc800 USB image driver. mdC800_device_read() submits a download URB and waits for completion; if a timeout occurs and the device is unresponsive, the URB may remain active. A subsequent read() can resubmit the still-active URB, triggering the ker...
CVE-2026-43441
CVE-2026-43441 relates to the Linux kernel bonding code. When IPv6 is disabled, receiving an IPv6 NS/NA on a bonded slave could reach bond_validate_na() and trigger a NULL pointer dereference in ipv6_chk_addr(). The fixes provided in the sources implement a guard: check ipv6_mod_enabled() (or ipv...
CVE-2026-43442
The CVE-2026-43442 issue affects the Linux kernel io_uring subsystem: when IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQARRAY, a flawed 128-byte SQE bounds check validates the logical SQ head instead of the physical SQE index. This can let an unprivileged local user remap a logical po...
CVE-2026-43466
Summary (CVE-2026-43466) : The Linux kernel mlx5e driver had a desync bug in the software DMA FIFO during TX error recovery. Specifically, during recovery, dma_fifo_cc was reset to 0 while dma_fifo_pc was not, causing producer/consumer to operate on misaligned indices. After recovery, new entries...
CVE-2026-53152
CVE-2026-53152 affects the Linux kernel dw_mmc-rockchip driver. Older RK SoCs (rk2928, rk3066, rk3188) lacked required private data, leading to NULL-pointer dereferences when the init code accessed missing phase/driver data. The vulnerability is resolved by the commit ff6f0286c896, which adds the...
CVE-2026-53215
CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...
CVE-2022-50268
CVE-2022-50268 affects the Linux kernel mmap/moxart MMC host handling. The issue is in mmc_add_host(): if the function returns an error and the return value is not checked, memory allocated by mmc_alloc_host() could be leaked, potentially causing a kernel crash when removing an unreliably added d...
CVE-2022-50308
The CVE-2022-50308 entry concerns a Linux kernel ASoC issue for Qualcomm components. Root cause: devm_kcalloc may return NULL, so the return value must be checked to prevent NULL pointer dereference. The connected advisories confirm a patch to add checks in ASoC: qcom, resolving the vulnerability...
CVE-2022-50311
CVE-2022-50311 affects the Linux kernel: a refcount leak in cxl_calc_capp_routing due to of_get_next_parent() returning a node pointer with refcount incremented and a missing of_node_put() on the error path. The issue is resolved by adding the missing of_node_put() in the error path to balance th...
CVE-2022-50469
Technical details about CVE-2022-50469 (affected product/component/impact/remediation) are not provided in the supplied connected documents. Monitor for updates from vendors and security advisories.
CVE-2022-50496
CVE-2022-50496 is a Linux kernel use-after-free in the dm-cache component, triggered by concurrent destroy() with dm_resume() and dm_destroy(). The fix is to cancel the timer in destroy() to prevent the UAF, as described in the advisory and the related kernel commits referenced in the sources.
CVE-2022-50501
CVE-2022-50501: In the Linux kernel, media: coda: Add check for dcoda_iram_alloc. The vulnerability arises because dcoda_iram_alloc may return NULL, risking NULL pointer dereference. A fix was applied to check the return value to prevent dereferencing NULL, aligning with other components. This CV...
CVE-2022-50523
The CVE-2022-50523 issue affects the Linux kernel, specifically the Rockchip clock driver (clk: rockchip). The vulnerability arises in rockchip_clk_register_pll() where, on clk_register() failure, pll->rate_table may have been allocated via kmemdup() and is not freed, causing a memory leak. Th...
CVE-2022-50544
In CVE-2022-50544, the Linux kernel USB host xHCI code (xhci_alloc_stream_info) allocates a stream_ctx_array via xhci_alloc_stream_ctx and fails to free stream_info->stream_ctx_array on certain error paths, causing a memory leak. The documented fix releases stream_info->stream_ctx_array wit...
CVE-2023-53456
During CVE-2023-53456, the Linux kernel scsi/qla4xxx nlattrs parsing lacked length validation in three code paths: qla4xxx_set_chap_entry(), qla4xxx_iface_set_param(), and qla4xxx_sysfs_ddb_set_param(). This could allow out-of-bounds reads and leak heap data. The fix adds a nla_len check and retu...
CVE-2023-53479
In CVE-2023-53479, the Linux kernel cxl driver had a use-after-free in cxl_parse_cfmws() during cxl_decoder_add() fail path. KASAN/KFENCE observed a slab-use-after-free where a released cxld was accessed in a later dev_err() path. The root cause was dereferencing freed memory; the fix replaces th...
CVE-2023-53495
The CVE-2023-53495 issue in the Linux kernel concerns the mvpp2 ethernet driver (mvpp2_main). A fix was implemented to prevent an OOB write in mvpp2_ethtool_get_rxnfc() by validating rule_cnt before iterating over rules allocated in ethtool_get_rxnfc(). The underlying problem was that the rules b...
CVE-2023-53500
CVE-2023-53500 concerns the Linux kernel xfrm path. The issue is a slab-use-after-free in decode_session6 that can occur when an xfrm device is enqueued on a qdisc of type sfb, where the skb cb field may be modified during transmission. This leads to a use-after-free on the skb’s memory during IP...
CVE-2023-53521
CVE-2023-53521 affects the Linux kernel as reported by EulerOS advisories: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove(). The bug occurs when edev->components is zero, causing reads from edev->component[0] to access invalid memory, resulting in a slab-out-of-bounds condition (read ...
CVE-2023-53536
CVE-2023-53536 affects the Linux kernel in the blk-crypto subsystem. The issue stems from blk_crypto_evict_key() sometimes returning early without unlinking the key from the keyslot management structures, while the caller proceeds to free the blk_crypto_key. This mismatch can cause a use-after-fr...
CVE-2023-53554
CVE-2023-53554 affects the Linux kernel staging/ ks7010 driver: ks_wlan_set_encode_ext() uses exc->key_len (u16) from user, and if it exceeds IW_ENCODING_TOKEN_MAX (64) this can cause memory corruption. The connected advisories (SUSE/OpenVAS/Nessus blocks) confirm kernel remediation but do not...
CVE-2023-53572
CVE-2023-53572 affects Linux kernel clk: imx: scu. The vulnerability arises in a loop that frees clk; without using a safe list iterator it can dereference a freed item. The fix is to replace the loop with list_for_each_entry_safe(), preventing use-after-free. References indicate a resolved patch...
CVE-2023-53577
CVE-2023-53577 affects the Linux kernel in the bpf/cpumap path: the kthread responsible for per-CPU map updates may be stopped prematurely, leading to a warning when XDP frames/skbs remain queued in ptr_ring. The root cause is tied to the prior memory-leak fix in cpu_map_update_elem and the kthre...
CVE-2023-53586
Technical details for CVE-2023-53586 are not present in the provided documents. The included advisories list the CVE but do not expose products, versions, impacts, or fixes here. Monitor vendor advisories for updates.
CVE-2023-53596
In CVE-2023-53596, the Linux kernel patch fixes a resource leak by ensuring devm resources are released on device_del() even for bus-less/driver-less devices. The current code only calls devres_release_all() when the device has a bus and has been probed, which could leave device-managed resources...
CVE-2023-53605
CVE-2023-53605 refers to a Linux kernel issue in the DRM AMD display driver where a memory leak occurred in the dc_construct_ctx() path. The fix, as described in the initial document, is a commit that resolves the leak in that function. The entry indicates a local attack vector with low attack co...
CVE-2023-53618
The CVE-2023-53618 entry corresponds to a Linux kernel issue affecting Btrfs reloc trees. The problem was an invalid reloc tree root key being present for quota-related reloc trees, which could lead to a crash via an ASSERT() in prepare_to_merge() when the reloc tree is not properly referenced by...
CVE-2023-53638
Technical details for CVE-2023-53638 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2023-53650
CVE-2023-53650 : In the Linux kernel, the fbdev: omapfb lcd_mipid path fixes an error path in mipid_spi_probe. If mipid_detect() fails, the code must free the allocated md to avoid a memory leak. Affects the fbdev/omapfb mipid probe code; underlying impact is a potential memory leak on failure. T...
CVE-2023-53651
Summary: CVE-2023-53651 is addressed in SUSE SUSE-SU-2025:4320-1 (kernel updates for SLE 15 SP5 and related branches). The issue concerns the Linux kernel timer handling during driver unbind or probe failures, where failure to stop the exc3000 timer can cause a use-after-free/oops. The provided c...
CVE-2023-53668
CVE-2023-53668 affects the Linux kernel ring-buffer subsystem used by tracing_read_pipe/trace_pipe. The issue is a deadloop where a non-empty buffer cannot be read because rb_num_of_entries() == 0, leading to endless waiting when user-space buffers aren’t filled. Root cause: when the ringbuffer i...
CVE-2023-53675
CVE-2023-53675 affects the Linux kernel’s SCSI SES path. The vulnerability arises from potential out-of-bounds accesses to desc_ptr in ses_enclosure_data_process(), and the fix sanitizes these accesses. The accompanying metrics indicate a high-severity, local-privilege context with impact on conf...
CVE-2023-53683
Technical details about CVE-2023-53683 are not publicly provided in the connected documents. Monitor for updates from vendor advisories and security feeds to obtain affected products, versions, impact, and remediation when available.
CVE-2025-39939
The CVE-2025-39939 issue affects the Linux kernel (iommu/s390) where zpci_get_iommu_ctrs() could read a bad address for identity-domain devices, causing memory corruption. The root cause is that identity domains are not backed by an s390_domain, leading to an invalid to_s390_domain() result and o...
CVE-2025-68823
CVE-2025-68823: Linux kernel ublk deadlock when reading partition table. If a process (e.g., udev) opens a ublk block device to read the partition table via bdev_open(), a deadlock can occur because blkdev_release() re-acquires disk->open_mutex in the same context. The fix disables bottom halv...
CVE-2025-71117
CVE-2025-71117 corresponds to a Linux kernel fix that removes queue freezing from several sysfs store callbacks to prevent deadlocks (notably with dm-multipath and the queue_if_no_path option). Affected sysfs attributes include io_poll_delay, io_timeout, nomerges, read_ahead_kb, and rq_affinity. ...
CVE-2025-71142
CVE-2025-71142 : In the Linux kernel, a warning is triggered when disabling a remote cpuset partition under certain CPU-hotplug scenarios, due to an incorrect relationship between effective_xcpus and subpartitions_cpus. The fix per the advisory and related documents changes the warning logic to o...
CVE-2025-71146
CVE-2025-71146 affects the Linux kernel, specifically the netfilter nf_conncount subsystem. The issue is a leak of ct (connection tracking) objects in error paths where the refcounted check was skipped and the function returned early. The root cause, per the description, is that the refcounted ch...
CVE-2025-71153
Technical details for CVE-2025-71153 are not publicly available in the provided connected documents. Monitor for updates from security advisories and vendor PSNs to obtain affected products, impact, and remediation.