14139 matches found
CVE-2026-31779
The CVE-2026-31779 issue is in the Linux kernel’s wifi iw lwifi mvm path, specifically iwl_mvm_nd_match_info_handler(). A memcpy may copy more bytes than the dynamic notif->matches array can safely hold, enabling an out-of-bounds read and potential information disclosure. Debian and Red Hat ad...
CVE-2026-31782
The CVE-2026-31782 entry describes a Linux kernel perf/x86 issue where an auto counter reload could group software events with the x86_hybrid_pmu inside intel_pmu_hw_config. A container_of operation in intel_pmu_set_acr_caused_constr (via the hybrid helper) could read memory out of bounds. The fi...
CVE-2026-43014
Technical details for CVE-2026-43014 are not publicly available in the provided documents. The connected advisories mention generic kernel fixes but do not specify affected components, versions, or exploit conditions. Monitor for updates.
CVE-2026-43022
The CVE-2026-43022 issue affects the Linux kernel Bluetooth HCI synchronization path: hci_cmd_sync_queue_once() did not indicate when a queue item already existed, risking resource leaks. The fix changes hci_cmd_sync_queue_once() to return -EEXIST when a queue item already exists and requires upd...
CVE-2026-43031
The CVE concerns the Linux kernel xilinx axienet driver. When a TX packet spans multiple buffer descriptors, the current accounting in axienet_free_tx_chain summing per-BD lengths into an accumulator can lose earlier bytes if the packet completes across different polls, causing BQL to overestimat...
CVE-2026-43032
CVE-2026-43032 affects the Linux kernel NFC pn533/pn532 UART receive path. The root cause is that pn532_receive_buf() appends incoming bytes to dev->recv_skb and only clears the partial frame when a complete PN532 frame header is recognized, allowing a continuous invalid stream to grow the skb...
CVE-2026-43039
CVE-2026-43039 concerns the Linux kernel icssg-prueth driver. In ZC RX dispatch, emac_dispatch_skb_zc() allocates a new skb via napi_alloc_skb() but fails to copy the received packet data from the XDP buffer, causing uninitialized heap memory to be passed up the stack and potentially leaking kern...
CVE-2026-43067
Summary of CVE-2026-43067 (Linux kernel, ext4): A wraparound issue in block allocation for indirect-mmapped files could permit referencing blocks beyond the 32-bit block-number limit. The described root cause involves how ext4 allocates blocks for indirect-based files and how grouping logic could...
CVE-2026-43070
The CVE describes a Linux kernel BPF verifier flaw: after a BPF_END (byte swap), dst_reg->id is not reset to 0, which can cause the verifier to propagate learned bounds to a linked register, creating a risk of out-of-bounds memory accesses. The concrete impact is potential privilege/escalation...
CVE-2026-43079
CVE-2026-43079 affects the Linux kernel’s perf/x86/intel/uncore component. When NUMA is disabled and the system boots with fewer CPUs than those in die 0, the kernel continues to parse the discovery table for offline dies, which can trigger an array overflow at pmu->boxes[die] and may lead to ...
CVE-2026-43095
In CVE-2026-43095, the Linux kernel ASoC SDCA subsystem fixes an IRQ cleanup flaw. IRQs are currently enabled via sdca_irq_populate() from component probe using devm_request_threaded_irq(), which can cause IRQs to persist after a sound card teardown. Some IRQ handlers hold references to the card ...
CVE-2026-43098
Summary (concrete details from provided documents): CVE-2026-43098 affects the Linux kernel NFC subsystem, specifically the s3fwrn5 driver, where s3fwrn82_uart_read() may consume bytes into recv_skb and deliver a complete frame before a new receive buffer is allocated. If alloc_skb() fails, the c...
CVE-2026-43124
The CVE-2026-43124 issue affects Linux kernel pstore ram_core, where persistent_ram_vmap() could return a non-NULL pointer after vmap() failed, causing persistent_ram_buffer_map() to incorrectly report success and potentially dereference an invalid address on access, leading to a crash (DoS). Roo...
CVE-2026-43191
CVE-2026-43191 concerns the Linux kernel DRM/AMD display path, specifically the PHY FSM transition from TX_EN to PLL_ON for TMDS on DCN35. The issue stems from a backport from DCN401 intended to fix turning off the PHY PLL during TMDS disable, which could cause OTG to hang and affect DCHVM invali...
CVE-2026-43202
CVE-2026-43202 affects the Linux kernel fbdev vt8500lcdfb driver. The root cause is a memory leak: fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed on error paths due to missing dma_free_coherent() cleanup. This can exhaust system memory and cause DoS. Multiple OSV...
CVE-2026-43225
CVE-2026-43225 involves a memory leak in the Linux kernel RTL8723BS staging path. Specifically, cfg80211_inform_bss_frame() may return NULL on a failure path, and the allocated buffer buf was not freed before an early return. This could leak memory. The issue is resolved by ensuring buf is freed ...
CVE-2026-43262
CVE-2026-43262 stems from a Linux kernel gfs2 fiemap page fault: gfs2_fiemap() calls iomap_fiemap() while holding the inode glock, risking recursive glock taking if the fiemap buffer maps to the same inode. The fix disables page faults for iomap_fiemap() and faults in the buffer by hand when need...
CVE-2026-43313
CVE-2026-43313 relates to a NULL-pointer dereference in the ACPI processor driver (acpi_processor_errata_piix4) of the Linux kernel. The code first assigns an IDE device to dev, then overwrites it with an ISA device using two successive pci_get_subsys lookups. If the first lookup succeeds but the...
CVE-2026-43350
In the Linux kernel, a vulnerability in the SMB client path can allow a malicious server to exploit an ACE with sid_unix_NFS_mode by providing an ACE with only two subauthorities. parse_dacl() would treat this as an NFS mode SID and read sub_auth[2], potentially reading four bytes past the end of...
CVE-2026-43359
The CVE-2026-43359 detail points to a Linux kernel Btrfs issue: when calling the set received ioctl, repeated use of the same received UUID on multiple subvolumes could overflow metadata and abort the transaction, forcing the filesystem into read-only mode. The root cause is an item overflow duri...
CVE-2026-43375
CVE-2026-43375 concerns the Linux kernel in the MCTP path. A leak occurs during probe failures because the driver saves a reference to the USB device but fails to release it on error paths. The fix drops the redundant device reference to prevent memory leaks when the probe fails, simplifying driv...
CVE-2026-43395
In the Linux kernel, the vulnerability CVE-2026-43395 affects the drm/xe/sync subsystem. During xe_sync_entry_parse(), references (syncobj, fence, chain fence, or user fence) can be allocated before a later failure path is reached, leaving partially initialized state and leaking refs. The fix rou...
CVE-2026-43426
The CVE pertains to the Linux kernel Renesas USBHS driver. A use-after-free occurs in usbhs_remove() when resources (including the pipe array) are freed while the interrupt handler (usbhs_interrupt) is still registered, allowing a potentially concurrent ISR to access freed memory. The documented ...
CVE-2026-43456
CVE-2026-43456 affects the Linux kernel bonding driver. When a non-Ethernet device (e.g., GRE tunnel) is enslaved to a bond, bond_setup_by_slave() copies the slave’s header_ops to the bond device, causing a type confusion in header callbacks (e.g., ipgre_header) that use netdev_priv(dev). The res...
CVE-2026-43459
CVE-2026-43459 concerns the Linux kernel ASoC subsystem: when unbinding a sound card while a PCM stream is active, a use-after-free can occur due to teardown ordering. The fix adds a flush in soc_cleanup_card_resources() after snd_card_disconnect_sync() and before soc_remove_dais()/soc_remove_lin...
CVE-2026-43465
CVE-2026-43465: Linux kernel mlx5e XDP multi-buf frag counting flaw. When XDP programs modify the XDP buffer layout (via bpf_xdp_pull_data/bpf_xdp_adjust_tail), the driver failed to count dropped fragments, risking negative page fragment reference counting and potential instability. Public report...
CVE-2026-43470
CVE-2026-43470 affects the Linux kernel NFS implementation. When an alias found via nfs3_do_create/nfs_add_or_obtain /d_splice_alias corresponds to a directory, the code could forget the alias while keeping the original negative dentry, causing an oops in nfs_atomic_open_v23/finish_open. The issu...
CVE-2026-46269
CVE-2026-46269 affects the Linux kernel pinctrl driver for canaan k230. A NULL pointer dereference occurs during devicetree parsing when probing k230_pinctrl_parse_functions() accesses info->pctl_dev->dev before pctl_dev is initialized, causing a kernel crash (local DoS). The root cause is ...
CVE-2026-53168
The CVE-2026-53168 issue affects the Linux kernel FUSE implementation. It concerns fuse_notify() pagecache operations on directories, where FUSE_NOTIFY_STORE/RETRIEVE could allow the FUSE daemon to access pagecache contents in kernel-internal storage for directories using FOPEN_CACHE_DIR. The fix...
CVE-2026-53181
CVE-2026-53181 affects the Linux kernel vsock/vmci stack. On failing handshake, vmci_transport_recv_listen() could leave sk_ack_backlog incremented (due to missing sk_acceptq_removed() call), allowing backlog growth toward sk_max_ack_backlog and a possible listener denial of new connections (-ECO...
CVE-2026-53191
CVE-2026-53191 affects the Linux kernel io_uring/net path. In bundle recv retries (with incremental mode and provided buffer rings IOU_PBUF_RING_INC), a memory handling bug caused IORING_CQE_F_BUF_MORE to be dropped during flag merge, allowing the kernel to leave a stale BUF_MORE in carried flags...
CVE-2022-50426
CVE-2022-50426 affects the Linux kernel remoteproc path for imx_dsp_rproc. The issue arises from a workqueue that may run after rproc_stop_subdevices releases resources, allowing rproc_vq_interrupt to access freed rpmsg endpoints. The fix adds mutex protection in imx_dsp_rproc_vq_work to skip rpr...
CVE-2022-50459
CVE-2022-50459 affects the Linux kernel’s iSCSI TCP path (scsi: iscsi: iscsi_tcp) where a NULL pointer dereference can occur if a socket is freed while accessed via sysfs. Details describe the sequence: sock_hold() on struct sock, then sockfd_put() frees the socket, __sock_release() clears sock-&...
CVE-2022-50475
CVE-2022-50475 : In the Linux kernel, the RDMA/core path fixes an issue where the ib_port structure could be invalid when accessing a sysfs node. The vulnerability arises if ib_port is not properly set before adding the sysfs kobject and not reset after its removal, which could lead to a NULL poi...
CVE-2022-50508
CVE-2022-50508 affects the Linux kernel wifi driver for MT76x0/MT76x02. After commit ba45841ca5eb, MT76x02 relies on ht[0-7] rate_power for vht mcs{0,7} but uses vth[0-1] rate_power for vht mcs{8,9}, which can cause a possible out-of-bounds access in the function mt76x0_phy_get_target_power. The ...
CVE-2022-50512
CVE-2022-50512 affects the Linux kernel ext4 filesystem. The root cause is a potential memory leak in ext4_fc_record_regions(): krealloc may return NULL, leaving state->fc_regions NULL but not freeing the previous allocation, causing a memory leak. Multiple connected sources (NVD, OSV, OpenVAS...
CVE-2022-50533
CVE-2022-50533 concerns a Linux kernel issue in the wifi/mac80211 mlme handling where a failed association to an AP without a link 0 could trigger a null-pointer dereference in tracing. The observed root cause was that sdata->vif.valid_links is cleared and then ap_mld_addr or link 0 BSS may be...
CVE-2022-50549
CVE-2022-50549 describes an ABBA deadlock in the Linux kernel’s dm-thin path where concurrent drop_caches and dm thin worker activity can cause a deadlock between shrink_slab (holding shrinker_rwsem) and dm_pool_abort_metadata (holding dm_block/root locks). The result is a hung task as shown by t...
CVE-2023-53184
The CVE-2023-53184 entry concerns a Linux kernel vulnerability in arm64 SME (SVE state handling). The root cause is that the vector length is updated after allocating the SVE state, causing allocation with the old length and potential memory corruption from an undersized buffer. The fix moves the...
CVE-2023-53478
CVE-2023-53478 concerns the Linux kernel’s tracing/synthetic subsystem. The vulnerability arises from races on freeing the last_cmd variable, which can be accessed concurrently by multiple processes manipulating the synthetic_events node, enabling use-after-free or double-free conditions. The con...
CVE-2023-53498
In the provided documents, CVE-2023-53498 is described as a Linux kernel vulnerability in the AMD display driver (drm/amd/display). The issue arises when amdgpu_dm_fini() may dereference adev->dm.dc if the pointer is NULL, allowing a NULL pointer dereference. The remediation is a code fix that...
CVE-2023-53503
In the Linux kernel, the vulnerability CVE-2023-53503 affects ext4: ext4_get_group_info() could underflow when computing a block group if s_first_data_block is set to an extremely large value due to a malicious attacker with write access to the block device while the filesystem is mounted. This c...
CVE-2023-53504
Technical details for CVE-2023-53504 are not publicly available in the provided documents; monitor for updates.
CVE-2023-53512
CVE-2023-53512 : Linux kernel scsi/mpt3sas memory leak fixed by adding a forgotten kfree() in the affected path. The vulnerability is resolved in kernel updates; the connected advisories (Unity Linux/EulerOS NASL entries) reference the same fix and confirm remediation via patch version. Cards emp...
CVE-2023-53532
CVE-2023-53532 concerns the Linux kernel/ath11k on AHB WLAN hardware. The issue arises during deinitialization of firmware resources for chipsets with non-fixed firmware memory when TrustZone is not present. The code path unmapped memory that was never mapped during initialization, leading to a k...
CVE-2023-53533
CVE-2023-53533 is reported as resolved in the Linux kernel, addressing a refcount leak in the raspberrypi-ts driver during rpi_ts_probe. The root cause involves a reference taken by rpi_firmware_get() that is not released in error paths; the patch adds the use of devm_rpi_firmware_get() to manage...
CVE-2023-53547
CVE-2023-53547 concerns the Linux kernel DRM/AMDGPU SDMA v4 component. The fixed issue is a sw_fini error in SDMA 4.2.2 that could trigger a general protection fault (likely address 0xd5e5a4ae79d24a32) during firmware release, as shown in the stack trace including release_firmware and amdgpu_ucod...
CVE-2023-53599
CVE-2023-53599: In the Linux kernel, the af_alg crypto path for gcm-aes-s390 had a missing initialisation in af_alg_alloc_areq. The bug could cause an oops when gcm_walk_start() runs on req->dst because req->dst was incorrectly set from areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling...
CVE-2023-53629
CVE-2023-53629 concerns the Linux kernel, specifically a use-after-free in the DLM midcomms path (dlm_midcomms_commit_mhandle) while processing DLM messages in softirq context. The issue manifested as a KASAN use-after-free leading to a read of size 4 from a user-controlled address in a lock_tort...
CVE-2023-53630
CVE-2023-53630 affects the Linux kernel iommufd path. The issue: batch_last_index could be computed incorrectly, causing an unmap to run past the end of pages and corrupt unmapped pages. This is mitigated by a kernel fix that uses start_index when calculating batch_last_index, preventing out-of-b...