14139 matches found
CVE-2025-71153
Technical details for CVE-2025-71153 are not publicly available in the provided connected documents. Monitor for updates from security advisories and vendor PSNs to obtain affected products, impact, and remediation.
CVE-2025-71185
CVE-2025-71185 concerns the Linux kernel DMA engine TI dma-crossbar, specifically a leak of a crossbar device reference during am335x route allocation. The description states the fix is to drop the reference taken when looking up the crossbar platform device during am335x route allocation, addres...
CVE-2025-71222
CVE-2025-71222 (Linux kernel) : Affects the wifi wlcore path. The issue arises from an insufficient skb headroom check before skb_push, causing an skb_under_panic Oops in wl1271_tx_work when headroom is insufficient (typical 110 vs 94, leaving 16 bytes). The fix ensures proper headroom before skb...
CVE-2025-71314
In the Linux kernel, the drm/panthor component was updated to recover from panthor_gpu_flush_caches() failures that could block the memory subsystem. The fix introduces a reset path to recover when flush operations hang, and resets pending_reqs so new commands can be issued after a reset. If addi...
CVE-2026-23026
The CVE-2026-23026 entry concerns the Linux kernel DMA engine Qualcomm gpi driver. It fixes a memory leak in gpi_peripheral_config(): if krealloc() fails and returns NULL, the code directly assigns NULL to gchan->config, discarding the original memory. The patch uses a temporary variable to ho...
CVE-2026-23075
CVE-2026-23075 affects the Linux kernel CAN networking support. The issue arises from the esd_usb_read_bulk_callback() path where URBs for USB-in transfers are unanchored by the USB core after completion, leading to a memory leak if esd_usb_close() frees URBs that are no longer anchored. The fix ...
CVE-2026-23151
CVE-2026-23151 in the Linux kernel Bluetooth MGMT path fixes a memory leak in set_ssp_complete due to missing mgmt_pending_free(cmd) calls (and similarly in set_advertising_complete).Root cause: mgmt_pending_cmd structures and their data were not freed after SSP commands completed, after a prior ...
CVE-2026-23246
CVE-2026-23246 affects the Linux kernel wifi mac80211 bounds-check in the ML Reconfiguration path. The issue arises from linking link_id (0-15) to the link_removal_timeout array (size 15), allowing an out-of-bounds write when link_id equals 15. The advisories state to skip subelements with link_i...
CVE-2026-23251
The CVE-2026-23251 issue affects the Linux kernel XFS code: destructors xfarray/xfblob were invoked on possibly-invalid pointers. The patch ensures xf{array,blob}_destroy is only called for a valid pointer and clears it afterwards, improving memory safety. The fix was merged in commits between 6....
CVE-2026-23277
CVE-2026-23277 (TEQL NULL pointer dereference in iptunnel_xmit) is fixed in Linux kernel TEQL transmit path. When a GRE Gretap tunnel is TEQL slave, teql_master_xmit() transmits via netdev_start_xmit() without updating skb->dev to the slave. iptunnel_xmit then uses the original dev from skb-&g...
CVE-2026-23283
The vulnerability CVE-2026-23283 affects the Linux kernel regulator fp9931 component. In fp9931_hwmon_read(), when regmap_read() fails, the function returns the error without calling pm_runtime_put_autosuspend(), causing a PM runtime reference leak. This can lead to resource exhaustion and system...
CVE-2026-23286
CVE-2026-23286 affects the Linux kernel ATM LANE implementation. The root cause is a potential null pointer dereference in lec_arp_clear_vccs when multiple ARP entries share the same VCC: after the first entry frees vpriv and clears vcc->user_back, a subsequent entry may dereference a NULL vpr...
CVE-2026-23325
CVE-2026-23325 affects the Linux kernel wifi stack (mt76/mt7996). The flaw is an out-of-bounds access in mt7996_mac_write_txwi_80211() due to insufficient frame-length checks on management fields. Affected component: mt7996 hardware path in the kernel’s wifi driver. Impact per sources: potential ...
CVE-2026-23340
CVE-2026-23340 affects the Linux kernel net sched subsystem where qdisc_reset_all_tx_gt() can race with the lockless dequeue path, potentially causing use-after-free of skbs when the number of real TX queues changes (e.g., via ethtool -L on virtio-net). The fix is to serialize qdisc_reset() again...
CVE-2026-23372
CVE-2026-23372 affects the Linux kernel NFC rawsock path (rawsock_release) where tx_work can race with socket/device teardown, risking use-after-free or leaked references. The fix adds synchronization: set SEND_SHUTDOWN to prevent in-progress tx_work, use cancel_work_sync to wait for in-flight ex...
CVE-2026-23379
CVE-2026-23379 affects the Linux kernel net/sched ETS offload path. The root cause was an overflow in WRR weight computation (q_sum, q_psum) due to using 32-bit unsigned integers, which could lead to division by zero. The documented fix is to switch q_sum and q_psum to 64-bit integers, preventing...
CVE-2026-23424
The CVE-2026-23424 vulnerability affects the Linux kernel’s accel/amdxdna component, caused by insufficient validation of the command buffer payload count. The count field in the command header determines the payload size, and the data must not exceed the remaining buffer space. If not properly c...
CVE-2026-23437
CVE-2026-23437 (Linux kernel) concerns the net: shaper module. A missing liveness check occurs when a netdev is looked up during prep of Netlink operations, a reference is taken, and later the code uses the netdev’s lock or RCU protections. The conversion from a ref to a locked netdev may proceed...
CVE-2026-23442
The CVE-2026-23442 issue affects the Linux kernel’s IPv6 SRv6 handling. Specifically, __in6_dev_get() may return NULL when a device has no IPv6 configuration (e.g., MTU too small or after NETDEV_UNREGISTER), which could lead to NULL pointer dereferences in seg6_hmac_validate_skb() and ipv6_srh_rc...
CVE-2026-23447
The CVE-2026-23447 issue concerns the Linux kernel USB CDC NCM driver (cdc_ncm). The root cause is a bounds-check failure in handling NDP32 frames where the DPE array size is not correctly validated against the skb length due to neglecting ndpoffset, allowing out-of-bounds reads when an NDP32 sit...
CVE-2026-23474
CVE-2026-23474 concerns a Linux kernel issue related to RedBoot partition table parsing that could trigger a buffer overflow when Fortify-derived checks mis-handle dynamic allocation sizing. The connected OSV/Nessus data indicate this vulnerability has been addressed in multiple distros via patch...
CVE-2026-31389
CVE-2026-31389 affects the Linux kernel SPI subsystem. The vulnerability is a use-after-free that can occur during controller registration if per-CPU statistics allocation fails, potentially leading to access of freed driver resources and unclocked register accesses. The issue is mitigated by a p...
CVE-2026-31401
The CVE-2026-31401 issue affects the Linux kernel HID BPF path, specifically hid_hw_request. The vulnerability arises from an uncontrolled/arbitrary return value from dispatch_hid_bpf_raw_requests() (via struct_ops), which can cause a buffer overflow and memory corruption. Exploitation is describ...
CVE-2026-31434
CVE-2026-31434 affects the Linux kernel's btrfs subsystem. The root cause is a leak of kobject names for sub-group space_info entries: during removal, kobject_init_and_add is paired with allocations, but the corresponding btrfs_sysfs_remove_space_info() is not called on freed elements, causing le...
CVE-2026-31444
CVE-2026-31444 affects ksmbd in the Linux kernel. The vulnerability arises from two flaws in the oplock publication sequence inside smb_grant_oplock(): (1) opinfo is linked into ci->m_op_list before add_lease_global_list(), so if that call fails, a freed node is dereferenced by concurrent read...
CVE-2026-31453
The CVE-2026-31453 issue affects the Linux kernel XFS path. The root cause is use-after-free-like behavior: after xfsaild_push_item() calls iop_push(), the log item could be freed if the AIL lock is dropped, allowing a freed log item to be dereferenced by tracepoints in the switch that follow. Th...
CVE-2026-31469
The CVE-2026-31469 issue affects the Linux kernel virtio_net driver, where a Use-After-Free can occur when IFF_XMIT_DST_RELEASE is cleared and napi_tx is disabled, if the network namespace is destroyed while pending skbs remain in the transmit path. The root cause is the dst_ops reference being f...
CVE-2026-31486
The CVE-2026-31486 entry concerns the Linux kernel hwmon/pmbus/core regulator operations (get_voltage, set_voltage, list_voltage) not being mutex-protected, risking race conditions when accessing PMBus registers and shared data. The fix reworks pmbus_regulator_notify() to perform notifications vi...
CVE-2026-31496
Summary: CVE-2026-31496 affects the Linux kernel netfilter nf_conntrack_expect handling across network namespaces. The root cause is a failure to skip or isolate expectations that do not reside in the target netns, enabling a local user to access or view nf_conntrack_expect entries from other nam...
CVE-2026-31519
CVE-2026-31519 affects the Linux kernel btrfs subsystem. A race during subvolume creation and orphan cleanup can leave a valid subvolume’s dentry in a broken state, marked as a broken entry in the directory cache, preventing deletion or new writes in that location. Root cause: btrfs_orphan_cleanu...
CVE-2026-31521
The CVE-2026-31521 issue is in the Linux kernel module loader’s simplify_symbols() where an out-of-bounds st_shndx (eg SHN_XINDEX) could cause a kernel panic. The patch adds validation of st_shndx against the valid range before using it, preventing the potential crash. Several OSV entries (Debian...
CVE-2026-31537
In the Linux kernel SMB server, CVE-2026-31537 arises from improper handling of smbdirect_socket.send_io.bcredits, which can corrupt the stream of reassembled data transfer messages when triggering an immediate (empty) send. The fix introduces a single batch credit per connection; code obtaining ...
CVE-2026-31541
CVE-2026-31541: In the Linux kernel tracing subsystem, when copy_trace_marker is enabled, deleting a tracing instance could bypass synchronization and leave a Use-After-Free (UAF) due to incorrect ordering of flag clearing and marker list updates. The fix moves clearing of all flags below the upd...
CVE-2026-31547
CVE-2026-31547 affects the Linux kernel DRM/xe driver. The flaw is a missing outer runtime PM reference in ccs_mode_store, where ccs_mode_store() calls xe_gt_reset() which invokes xe_pm_runtime_get_noresume() that requires an outer runtime PM reference. The result is a runtime PM protection warni...
CVE-2026-31551
The CVE-2026-31551 entry relates to the Linux kernel mac80211 wifi subsystem. A race in aql_enable_write() during concurrent debugfs writes can cause a static_branch_dec() underflow because the code checks static_key_false(&aql_disable.key) and then later increments/decrements the static branch, ...
CVE-2026-31583
The CVE-2026-31583 issue affects the Linux kernel em28xx media driver. A race in em28xx_v4l2_open() occurs because dev->v4l2 is read without holding dev->lock, racing with em28xx_v4l2_init()/em28xx_v4l2_fini() that free the structure and set dev->v4l2 to NULL under lock. This leads to us...
CVE-2026-31598
Summary of CVE-2026-31598 (ocfs2 deadlock) : In the Linux kernel OCFS2, a potential deadlock arises from ABBA lock ordering between unlink and dio_end_io_write. The path in unlink acquires inode_lock (orphan_dir_inode) before ip_alloc_sem, while dio_end_io_write acquires ip_alloc_sem first, then ...
CVE-2026-31604
The CVE-2026-31604 issue concerns the Linux kernel’s wifi: rtw88 driver. A memory leak arose because the driver grabbing a reference to the USB device during probe did not release it on all probe errors (e.g., descriptor parsing failures) while the interface remained bound to a driver. The fix dr...
CVE-2026-31632
CVE-2026-31632 affects the Linux kernel rxrpc component. The issue is a memory leak in rxgk_verify_response() caused by not cleaning up the rxgk context it creates; a fix has been applied to ensure the rxgk context is properly cleaned up. The available documents do not provide exploit details or ...
CVE-2026-31634
The CVE-2026-31634 item concerns the Linux kernel rxrpc subsystem. Affected component: rxrpc_server_keyring() within the rxrpc code path. Root cause: a reference count leak that could occur if the code path handles security pointers improperly. The provided patch fixes the leak by adding a check ...
CVE-2026-31652
The CVE-2026-31652 issue is in the Linux kernel’s DAMON feature. When damon_stat_start() allocates damon_ctx and damon_call() subsequently fails, the damon_ctx object is not deallocated, causing a memory leak if DAMON is re-enabled. The leak is not resolved by deallocating after damon_call() fail...
CVE-2026-31679
Summary: CVE-2026-31679 affects the Linux kernel openvswitch code. The vulnerability arises from improper validation of MPLS payload lengths in SET/SET_MASKED actions: openvswitch accepted OVS_KEY_ATTR_MPLS as a variable-sized payload, while action handling expects fixed-size MPLS data (struct ov...
CVE-2026-31691
The CVE-2026-31691 vulnerability affects the Linux kernel igb driver. It describes a race where igb_down() calls napi_synchronize() before napi_disable(), causing a hang: napi_synchronize() waits on NAPI_STATE_SCHED that never clears, blocking TX and leaving the TX queue stalled. The fix removes ...
CVE-2026-31713
The CVE concerns the Linux kernel FUSE handling during sync init. When a FUSE server exits unexpectedly while processing FUSE_INIT, the mounting thread keeps the device fd open, preventing an abort and causing filesystem creation to hang. This is a regression relative to the async mount path, whe...
CVE-2026-31722
In the Linux kernel, CVE-2026-31722 affects the USB gadget RNDIS function (f_rndis). The issue arises when the net_device is allocated during function instance creation and registered under the gadget device as its sysfs parent; during unbind, the parent is destroyed but the net_device can persis...
CVE-2026-31723
The CVE-2026-31723 issue affects the Linux kernel’s usb: gadget: f_subset component, where net_device resources are allocated during function instance creation and registered under the gadget device. On unbind, the parent device can be destroyed while the net_device remains, creating dangling sys...
CVE-2026-31744
Summary: CVE-2026-31744 concerns the Linux kernel energy model code path that processes perf domain IDs. The function dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() and uses its return value without verifying it; if a caller supplies a non-existent perf domain ID, em_...
CVE-2026-31753
CVE-2026-31753 affects the Linux kernel’s auxdisplay/line-display path. A NULL dereference in linedisp_release can occur if the enclosing linedisp object has already been detached when the release callback runs, causing a crash while freeing display resources. The fix retrieves the enclosing obje...
CVE-2026-31768
The CVE-2026-31768 issue affects the Linux kernel driver iio: adc: ti-adc161s626, where SPI read operations used non-DMA-safe stack memory. The mitigation is to allocate a DMA-safe buffer and perform spi_read() into that buffer, replacing stack-based buffers. Since the read would require only up ...
CVE-2026-31778
Summary: CVE-2026-31778 affects the Linux kernel ALSA caiaq driver (init_card) and is caused by an off-by-one in a whitespace-stripping loop that copies a card id. The 16-byte local buffer can be filled without leaving space for the terminating null, causing a non-null-terminated string to be pas...