CVE-2023-53687

CVE-2023-53687 affects the Linux kernel’s serial Samsung TTY path (s3c24xx_serial_getclk) where a memory leak occurs while iterating best clock candidates; if a better match is found, the previous clock and the new candidate must be freed, or a leak may occur. Public docs confirm the issue and th...

CVE-2026-43173

CVE-2026-43173 is a Linux kernel vulnerability in the net: ethernet: xscale driver where ixp46x_ptp_find() is invoked unconditionally from ixp4xx_get_ts_info(), even on systems without ixp46x support. This NULL pointer dereference can lead to a kernel crash/DoS when reading PTP-related info via e...

CVE-2026-43175

The CVE-2026-43175 issue affects the Linux kernel’s clk: rs9 component, where the 9FGV0841 driver registers 8 clk_hw instances but the code did not guarantee 8 slots, risking an out-of-bounds write to rs9_driver_data.clk_dif[4..7] and corruption of adjacent data. All connected sources consistentl...

CVE-2026-43177

In the Linux kernel ipu6 driver, CVE-2026-43177 is due to a runtime PM reference leak in probe error paths of the ipu6_pci_probe() routine. Several error paths jumped to cleanup without releasing the runtime PM reference, risking resource exhaustion and potential DoS. The published fixes add a pm...

CVE-2026-43183

In the Linux kernel, the media cx25821 driver fixes a resource leak in cx25821_dev_setup() where memory allocated via ioremap() is not released if setup fails. The patch adds release_mem_region() to free the memory region obtained by cx25821_get_resources(). This is the scope of CVE-2026-43183 as...

CVE-2026-43187

Summary: CVE-2026-43187 affects the Linux kernel XFS freemap handling in xattr leaf entries. The root cause is a bug in the freemap update logic in _leaf_add that can leave behind zero‑length freemap entries with a nonzero base, and later entries could be updated incorrectly so freemap entries ov...

CVE-2026-43188

CVE-2026-43188 affects the Linux kernel in the Ceph writeback path when fscrypt is enabled. The issue arises in move_dirty_folio_in_page_array() failing to allocate bounce buffers for encrypted folios and the shared rc variable being overwritten by ceph_process_folio_batch(); this could propagate...

CVE-2026-43189

The CVE-2026-43189 issue affects the Linux kernel’s media/v4l2-async matching workflow. When an async connection matches with a firmware node, a sub-device may be registered, its bound operation invoked, ancillary links created, and the connection added to the sub-device’s list before moving on t...

CVE-2026-43194

CVE-2026-43194 affects the Linux kernel networking stack where an error in handling transmit (xmit) failures for GSO frames can cause a single lost segment within a GSO frame to be misinterpreted as a complete frame loss. The issue arises when devices (e.g., veth) report errors during xmit; TCP m...

CVE-2026-43196

CVE-2026-43196 affects the Linux kernel PRUSS clock multiplexer path (pruss_clk_mux_setup). The issue is a double free: devm_add_action_or_reset() path frees a resource via pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on error, and a second of_node_put is executed after the p...

CVE-2026-43199

CVE-2026-43199 affects the Linux kernel net/mlx5e component. A scheduling-while-atomic bug occurred when mlx5e_ipsec_init_macs() queried hardware MAC via mlx5_query_mac_address() from an atomic context (mlx5e_ipsec_handle_event/workqueue), which can sleep. The fix uses the MAC address already pre...

CVE-2026-43204

Summary: CVE-2026-43204 affects the Linux kernel ASoC: qcom q6asm component, where DSP responses for closed data streams could still be processed, causing system lockups. Root cause: DSP responses arriving after stream closure were not unconditionally dropped. Fix: unconditionally drop all DSP re...

CVE-2026-43218

CVE-2026-43218 affects the Linux kernel driver for tw9903 (media: i2c/tw9903) where, in an error path of tw9903_probe(), memory allocated for V4L2 control processing (v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()) is not freed. The fix adds a call to v4l2_ctrl_handler_free() on the handler in ...

CVE-2026-43232

Summary: CVE-2026-43232 is a Linux kernel vulnerability in the FarSync WAN driver (net: wan: farsync) that causes a use-after-free when detaching a FarSync T-series card. The issue arises from a race between tasklets/work queues and card removal: fst_card_info is freed in fst_remove_one() but fst...

CVE-2026-43235

Summary: CVE-2026-43235 affects the Linux kernel iris media driver for SM8750. The vulnerability arises from two missing platform-data entries in the iris driver, which prevents proper internal buffer allocation and incomplete capability checks. What’s affected: Linux kernel/iris media driver (SM...

CVE-2026-43236

The CVE-2026-43236 vulnerability affects the Linux kernel’s drm/atmel-hlcdc component. The atmel_hlcdc_plane_atomic_duplicate_state() callback copied the drm_plane_state without duplicating the base state, leaving state->commit pointing to the old object and enabling a use-after-free in the ne...

CVE-2026-43251

CVE-2026-43251 affects the Linux kernel HID prodikeys driver. A local attacker can connect a crafted USB device whose report descriptor bypasses the pm->input_ep82 check, leaving input_ep82 NULL and causing a crash (potential DoS). Multiple OSV entries show patches in rootio-linux packages for...

CVE-2026-43264

The CVE-2026-43264 issue affects the Linux kernel fbdev subsystem, specifically in of_get_display_timings() where of_parse_phandle() returns a device_node with an incremented refcount. On certain error paths, native_mode’s refcount isn’t decremented, causing a refcount leak and potential resource...

CVE-2026-43271

CVE-2026-43271 involves the Linux kernel md-cluster module where a race during MD array startup can cause a NULL pointer dereference in process_metadata_update when a METADATA_UPDATED message arrives before mddev->thread is initialized. The root cause is the code path that dereferences the thr...

CVE-2026-43272

CVE-2026-43272 concerns the Linux kernel ring-buffer component. The root cause is an uninitialized pointer in rb_meta_validate_events(), which can be dereferenced during a reader-page validation failure, potentially causing a system crash or instability. The issue is fixed by initializing orig_he...

CVE-2026-43454

CVE-2026-43454 concerns the Linux kernel nf_tables netfilter component. The issue arises when handling NETDEV_REGISTER notifications: a device may be registered twice because nft_netdev_hook_alloc() could have already added the device when the hook was created. The result is duplicate device regi...

CVE-2026-43457

CVE-2026-43457 affects the Linux kernel MCTP over I2C receive path. When midev->allow_rx is false, a newly allocated skb is not consumed by netif_rx() and must be freed directly, otherwise a memory leak can occur leading to potential DoS through memory exhaustion. The available connected sourc...

CVE-2026-46249

The CVE-2026-46249 issue affects the Linux kernel octeontx2-af PF driver. During a kexec reboot, the old AF state may persist if the PF driver probes before AF reinitializes, and if the RVUM block revision is not cleared on shutdown, PF can mis-detect AF readiness and access stale hardware, leadi...

CVE-2026-46262

CVE-2026-46262 concerns the Linux kernel ASoC fsl_xcvr module. The issue stems from a deadlock: a read lock is acquired while a write lock is already held in the same thread within fsl_xcvr_mode_put(), which is invoked by the upper ALSA core via snd_ctl_elem_write(). This caused a hung task. The ...

CVE-2022-50494

CVE-2022-50494 is concrete: in the Linux kernel, intel_powerclamp could crash when CPU 0 is offline due to using smp_processor_id() in preemptible code. The EulerOS advisories (EulerOS-SA-2026-1029/1172) explicitly include this CVE and describe the fix as replacing smp_processor_id() with get_cpu...

CVE-2022-50530

Mode C: CVE-2022-50530 affects the Linux kernel blk-mq path. The vulnerability is a NULL pointer dereference in blk_mq_clear_rq_mapping(), triggered when set->tags[hctx_idx] is NULL during an allocation path that merged two steps into one. Root cause, per the report, is that tags may not be in...

CVE-2023-53546

CVE-2023-53546 affects the Linux kernel mlx5 RDMA driver (net/mlx5). The issue is a memory leak in mlx5dr_cmd_create_reformat_ctx: if mlx5_cmd_exec fails, the buffer referenced by in is not released, causing a leak. The fix releases that memory after mlx5_cmd_exec, per kernel commit notes. Public...

CVE-2025-71103

CVE-2025-71103 pertains to the Linux kernel DRM MSM Adreno driver. The issue occurs on A7xx GPUs without IFPC support, where ifpc_reglist could be dereferenced in a7xx_patch_pwrup_reglist(), leading to a kernel crash with a NULL pointer dereference (pc : a6xx_hw_init...). The vulnerability has be...

CVE-2025-71270

CVE-2025-71270 concerns LoongArch Linux kernel: the fix enables exception handling for BPF memory accesses in JIT-compiled code. Specifically, do_ade() now handles EX_TYPE_BPF memory access exceptions during BPF_PROBE_MEM* operations by invoking the common fixup routine, stabilizing recoverable m...

CVE-2026-23298

CVE-2026-23298 affects the Linux kernel can: ucan subsystem. A zero-length message on a broken ucan device causes an infinite loop in ucan_read_bulk_callback(), hanging the system. The issue is linked to a historical fix in the kvaser_usb driver (commit 0c73772cd2b8) addressing a similar infinite...

CVE-2026-23299

CVE-2026-23299 relates to a Linux kernel Bluetooth issue where, when TX timestamping is enabled (SO_TIMESTAMPING), SKBs may be queued in the sk_error_queue during socket destruction and could leak if unread or if the controller is removed. The fixed mitigation is the addition of skb_queue_purge()...

CVE-2026-23323

CVE-2026-23323 concerns the Linux kernel macsmc-hwmon driver on Apple Silicon. The issue stems from two concrete bugs: (1) sensor population logic using the wrong prefix (volt- vs voltage-) and mis-assigning sensors from the voltage array to the temperature array, risking out-of-bounds access or ...

CVE-2026-23324

CVE-2026-23324 : In the Linux kernel, the issue affects the can: usb: etas_es58x driver where an urb anchored with the anchor pattern must be anchored before submitting it in the read bulk callback. If not anchored, the urb could be leaked when usb_kill_anchored_urbs() runs. The fixes apply to th...

CVE-2026-23342

CVE-2026-23342 describes a race in the Linux kernel’s PREEMPT_RT path for BPF cpumap/xdp_bulk_queue. The issue arises when bq_enqueue() and __cpu_map_flush() run concurrently on the same CPU, breaking assumptions about atomicity and enabling races such as double __list_del_clearprev() and concurr...

CVE-2026-23353

Summary (CVE-2026-23353) A bug in the Linux kernel ice network driver causes a kernel NULL pointer dereference during the ethtool offline loopback test after ICE conversion to page pool. The root cause is not initializing libeth for the receive (RX) ring, leading to a crash when the loopback test...

CVE-2026-23355

The CVE-2026-23355 issue affects the Linux kernel libata subsystem. It describes a defect where queued work for a deferred command (deferred_qc) is not canceled when cleared, allowing a WARN_ON() condition to fire later if ap->ops->qc_defer() returns non-zero. The root cause is that, althou...

CVE-2026-23356

The CVE-2026-23356 issue affects the Linux kernel DRBD subsystem. A logic bug in drbd_al_begin_io_nonblock() could mis-handle a reference-counted extent when lc_get_cumulative() and lc_try_lock() timing collided, risking a crash or incorrect assumption that an activity log extent is active during...

CVE-2026-23365

The CVE-2026-23365 entry concerns the Linux kernel kalmia USB driver, where probing code must validate the device’s endpoints before binding. If a malicious device omits or mismatches expected endpoints, the driver may access invalid endpoints and crash. The issue is resolved in upstream kernel b...

CVE-2026-23377

CVE-2026-23377 affects the Linux kernel in the ice network driver under XDP. The root cause is an incorrect use of frag_size in XDP RxQ info, which should reflect the whole buffer size but was treated as a DMA write length, causing negative tailroom and potential kernel panic when crafting packet...

CVE-2026-23385

In the Linux kernel netfilter nf_tables subsystem, CVE-2026-23385 describes a vulnerability where cloning a set during a flush operation could trigger a GFP_KERNEL memory allocation failure, producing a WARN splat and potentially destabilizing the system. The fix tightens clone handling by restri...

CVE-2026-23431

CVE-2026-23431 affects the Linux kernel component amlogic-spisg (spi driver). The issue is a memory leak in aml_spisg_probe() where ctlr allocated via spi_alloc_target()/spi_alloc_host() is not released on several error paths, causing leaks if probe fails after initial allocation. The fix uses me...

CVE-2026-23432

CVE-2026-23432 : In the Linux kernel mshv component, there is a use-after-free in the error path of mshv_map_user_memory . The problem occurs when, in the error path, the code calls vfree() directly on a region while the MMU notifier remains registered; if userspace later unmaps that memory, the ...

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

CVE-2026-23449

Summary (CVE-2026-23449) : The Linux kernel vulnerability is in the TEQL scheduler path (net/sched/teql) where a lockless Qdisc root can cause a double-free in skb_release_data via an unsafe qdisc_reset path. The underlying issue occurs when teql_master_xmit fails to use seq_lock to guard qdisc_r...

CVE-2026-31404

In CVE-2026-31404, the Linux kernel NFSD component suffers a Use-After-Free: svc_export_put() releases sub-objects (path_put, auth_domain_put) immediately, before the RCU grace period, risking NULL pointer dereferences when cache_clean drops references concurrently. Fixes described in the CVE not...

CVE-2026-31427

The CVE-2026-31427 issue in Linux kernel netfilter/nf_conntrack_sip was fixed by initializing the rtp_addr before calling nf_nat_sip SDP hooks and tracking via a have_rtp_addr flag. If SDP has no m= lines, or contains only inactive/unrecognized media, the code now avoids calling sdp_session with ...

CVE-2026-31455

CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...

CVE-2026-31513

Summary: CVE-2026-31513 affects the Linux kernel Bluetooth L2CAP code. A stack-out-of-bounds read occurs in l2cap_ecred_conn_req when handling a malformed Enhanced Credit Based Connection Request with more SCIDs than allowed. The bug arises from computing rsp_len before validating the number of S...

CVE-2026-31535

Summary: CVE-2026-31535 affects the Linux kernel SMB client receive credit management. A race in handling smbdirect_socket.recv_io.credits.available can cause over- or under-counted credits, potentially destabilizing the SMB receive path. The root cause is a window where a peer might have consume...

CVE-2026-31583

The CVE-2026-31583 issue affects the Linux kernel em28xx media driver. A race in em28xx_v4l2_open() occurs because dev->v4l2 is read without holding dev->lock, racing with em28xx_v4l2_init()/em28xx_v4l2_fini() that free the structure and set dev->v4l2 to NULL under lock. This leads to us...