14139 matches found
CVE-2023-53633
CVE-2023-53633 pertains to the Linux kernel where the leak occurs in accel/qaic’s map_user_pages() path. If get_user_pages_fast() allocates some pages but not as many as requested, the current code fails to release the pages, causing a leak. The root cause is improper page accounting in the get_u...
CVE-2023-53639
Technical details about CVE-2023-53639 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, versions, and remediation information.
CVE-2023-53645
CVE-2023-53645 : Linux kernel patch fixes a use-after-free risk in BPF non-owning references by making bpf_refcount_acquire fallible. The fix changes the implementation (bpf_refcount_acquire_impl) to use refcount_inc_not_zero and return KF_RET_NULL, preventing increment on a possibly freed object...
CVE-2023-53646
CVE-2023-53646 affects the Linux kernel (drm/i915/perf) on Intel i915 perf paths. The issue arises from a global-out-of-bounds in xehp_is_valid_b_counter_addr due to how arrays are passed to reg_in_range_table; a sentinel was added to xehp_oa_b_counters to terminate the table, addressing a KASAN ...
CVE-2023-53669
The CVE-2023-53669 vulnerability affects the Linux kernel’s skb_copy_ubufs handling for BIG TCP payloads. The root cause was an assumption that payload could be copied using up to MAX_SKB_FRAGS order-0 pages, which breaks when BIG TCP can hold up to 512 KB per skb, causing crashes in TCP TX zeroc...
CVE-2023-53686
CVE-2023-53686: Linux kernel vulnerability in net/handshake/netlink.c fix null-ptr-deref in handshake_nl_done_doit(); ensures trace_handshake_cmd_done_err() is not called if socket lookup fails and is invoked before releasing the file to avoid dereferencing sock->sk. Affects kernel networking ...
CVE-2025-39908
CVE-2025-39908 : The Linux kernel vulnerability relates to the net: dev_ioctl: take ops lock in hwtstamp lower paths. The issue stems from hwtstamp callbacks not consistently running under the per-device ops lock in lower get/set paths; a patch in progress converts legacy ioctl flows to ndo_hwtst...
CVE-2025-39915
Summary: CVE-2025-39915 concerns the Linux kernel: a locking order issue where phy_config_inband() would acquire &pl->phydev->lock while phylink_major_config() had already acquired &pl->state_mutex, creating a potential deadlock when combined with phy_link_up/phy_link_down in the phylink...
CVE-2025-39921
The CVE affects the Linux kernel driver spi-microchip-core-qspi. During probe, op->max_freq is not valid (zero) in the supports_op callback, causing baud_rate_val to be INT_MAX and risking probe failure of the attached memory device. The root cause is that the per-op frequency switch logic add...
CVE-2025-71125
CVE-2025-71125 affects the Linux kernel tracing subsystem. Synthetic events lack a function to register perf events, causing a NULL function pointer to be passed to tracepoint register logic and triggering a kernel warning in tracepoint_add_func. The patch replaces this path with a -ENODEV return...
CVE-2025-71130
CVE-2025-71130 affects the Linux kernel drm/i915/gem path. The vulnerability was fixed by zero-initializing the eb.vma array (eb->vma[i].vma) to NULL when the eb structure is set up, ensuring all entries start NULL and are properly cleared if eb_add_vma() or related steps fail. The fix prevent...
CVE-2025-71136
CVE-2025-71136 affects the Linux kernel’s media: adv7842 path. The vulnerability arises when cp_read() or hdmi_read() return -EIO and these values are used as indexes in arrays within adv7842_cp_log_status(), causing possible out-of-bounds accesses. The issue is resolved by adding checks on retur...
CVE-2025-71181
CVE-2025-71181 relates to the Linux kernel: the rust_binder change to remove spin_lock() in rust_shrink_free_page() during a Rust Binder port to 6.18 appears to fix a potential deadlock scenario described in the public advisories. The affected area is the Rust Binder integration within Linux, spe...
CVE-2025-71290
CVE-2025-71290 concerns a memory leak in the Linux kernel’s misc: ti_fpc202 probe function. The root cause is not releasing a device node reference during iteration, leading to a leak. The remedy implemented is a code change that uses for_each_child_of_node_scoped() to ensure the node reference i...
CVE-2025-71303
The CVE-2025-71303 issue affects the Linux kernel driver accel/amdxdna. A race condition occurs when autosuspend is triggered and the rpm_on flag indicates a suspend/resume in progress; during the narrow window a userspace command can be processed before the device has resumed, leading to command...
CVE-2026-23008
CVE-2026-23008 affects the Linux kernel drm/vmwgfx path on HW version 10. The issue arises in KMS with 3D on HW10 when there are no GB Surfaces and no backing buffer for surface-backed framebuffers, leading to a possible NULL dereference and a driver crash that can cause a black screen. A fix was...
CVE-2026-23024
CVE-2026-23024 affects the Linux kernel: the idpf flow steering list could leak memory on module removal when entries remain. The fix iterates remaining entries during module unload and frees associated memory, guarded by a new flow_steer_list_lock to protect concurrent access. This is a memory-l...
CVE-2026-23253
CVE-2026-23253 affects the Linux kernel dvb-core/dvb_dvr_open path where reinitializing the shared dvr_buffer waitqueue via dvb_ringbuffer_init() could leave stale waitqueue entries. The fix uses direct data/size assignment and calls dvb_ringbuffer_reset() instead, avoiding waitqueue/spinlock tou...
CVE-2026-23288
The CVE-2026-23288 issue is in the Linux kernel’s accel/amdxdna component. It describes an out-of-bounds write caused by clearing the command header with memset() before validating the remaining space in a command slot, when the slot space is smaller than the header. The root cause is performing ...
CVE-2026-23331
The CVE-2026-23331 issue concerns the Linux kernel UDP 4-tuple hash table: when an auto-bound UDP socket is bound, connected, and then disconnected, the socket may be moved to a new hash slot without removing the old entry, leaving garbage in the 4-tuple chain. The fix is to remove such a socket ...
CVE-2026-23335
CVE-2026-23335: Linux kernel RDMA/irdma create_user_ah() leak resolved. Root cause: the irdma_create_ah_resp struct contained 4 bytes (rsvd) that were never zeroed, leaking stack memory prior to ib_respond_udata(). Affected code paths thus exposed uninitialized stack content (4 bytes) in the resp...
CVE-2026-23345
The CVE-2026-23345 issue affects the Linux kernel on ARM64 with Graphics Control System (GCS) mappings when FEAT_LPA2 is enabled. The root cause is incorrect handling of PTE_SHARED bits in GCS memory mappings, which can trigger a kernel panic (DoS) due to a bad page table translation. The recomme...
CVE-2026-23357
CVE-2026-23357 affects the Linux kernel can/mcp251x driver. The deadlock occurred when free_irq() was called in the error path of mcp251x_open while mpc_lock was still held, potentially waiting for an IRQ handler. The fix moves free_irq() to after releasing the lock, and sets priv->force_quit ...
CVE-2026-23368
CVE-2026-23368 — Linux kernel : A deadlock (AB-BA) occurs when both LED_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled. The issue stems from LED_TRIGGER_PHY registering LED triggers during phy_attach while holding RTNL and then acquiring triggers_list_lock, while LEDS_TRIGGER_NETDEV enables an LE...
CVE-2026-23378
CVE-2026-23378 concerns a Linux kernel net/sched issue in act_ife where metalist entries were appended on replace instead of replacing existing data, risking unbounded metadata growth and potential out-of-bounds encode errors. The root cause is fixed by adding metalist to the ife RCU data structu...
CVE-2026-23385
In the Linux kernel netfilter nf_tables subsystem, CVE-2026-23385 describes a vulnerability where cloning a set during a flush operation could trigger a GFP_KERNEL memory allocation failure, producing a WARN splat and potentially destabilizing the system. The fix tightens clone handling by restri...
CVE-2026-23402
CVE-2026-23402 affects the Linux kernel KVM MMU on x86. The issue arises when overwriting a shadow-present SPTE with a different PFN, where KVM’s sanity check could allow harmful state changes in direct MMUs (i.e., MMUs without shadowed gPTEs). The problem is tracked in KVM’s mmu_set_spte path, a...
CVE-2026-23403
CVE-2026-23403 concerns the AppArmor memory leak in Linux kernel’s verify_header. The issue arises because a function sets *ns = NULL on every call, leaking the previously allocated namespace string across successive profile unpackings and causing namespace consistency checks to see NULL for *ns....
CVE-2026-23407
The CVE-2026-23407 issue affects the Linux kernel AppArmor DFA verification. The root cause is a missing bounds check on DEFAULT_TABLE in verify_dfa(), which can read k = DEFAULT_TABLE[j] as an index without validation when traversing the differential encoding chain, allowing out-of-bounds reads/...
CVE-2026-23446
CVE-2026-23446 affects the Linux kernel aqc111 USB driver. The vulnerability arises when aqc111_suspend uses the PM variant of write_cmd during suspend, causing pm_runtime_resume_and_get to propagate a suspend wait into rpm_resume on the parent, which can block and hang the network stack. The doc...
CVE-2026-23475
CVE-2026-23475 affects the Linux kernel SPI subsystem. The issue was a NULL pointer dereference window in per‑CPU controller statistics: stats were allocated only after controller registration with driver core, so early sysfs access could dereference NULL. The fix moves statistics allocation to t...
CVE-2026-31410
CVE-2026-31410 has concrete patch evidence across multiple OSV entries. Root-OS shows Root:Ubuntu-24.04 and Root:Ubuntu-22.04 patched in the rootio-linux package, with multiple fixed versions available. Debian-backed advisories also indicate Linux kernel vulnerabilities including CVE-2026-31410 a...
CVE-2026-31425
The CVE-2026-31425 issue concerns a Linux kernel RDS path (rds_ib_get_mr/rds_ib_post_reg_frmr) where FRWR/memory registration could dereference a NULL i_cm_id/qp on outgoing connections before rdma_cm_id is established. Connected docs confirm the vulnerability is addressed by patches in several d...
CVE-2026-31433
CVE-2026-31433 affects the Linux kernel ksmbd module. A vulnerability arises when processing a compound SMB request of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION): the code lacked a validation check on the client-provided OutputBufferLength before copying a filename into the smb2_file_all...
CVE-2026-31439
The CVE-2026-31439 entry refers to a Linux kernel issue in dmaengine: xilinx: xdma, where devm_regmap_init_mmio could return an ERR_PTR and the error handling/ messaging were incorrect. The description and connected advisories confirm this is a kernel regression/fix in the regmap init path, with ...
CVE-2026-31452
CVE-2026-31452 affects the Linux kernel ext4 filesystem. Connected sources confirm a concrete vulnerability in inline data storage: when truncate() increases a file beyond the inline capacity, ext4 currently risks the inode inline flag and the file size becoming inconsistent. The fix introduces a...
CVE-2026-31464
Summary (CVE-2026-31464): In the Linux kernel, the scsi: ibmvfc driver is fixed to cure an out-of-bounds access during target discovery. A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directl...
CVE-2026-31484
In the Linux kernel, CVE-2026-31484 is addressed in io_uring/fdinfo: fix OOB read during SQE_MIXED wrap checks in __io_uring_show_fdinfo(). The issue occurred when processing 128-byte SQEs on IORING_SETUP_SQE_MIXED rings: the previous wrap condition (++sq_head & sq_mask) == 0 could pass while the...
CVE-2026-31539
The CVE-2026-31539 entry describes a race condition in the Linux kernel smbdirect module where credits for receive buffers can be granted to a peer that has already consumed them. This could enable resource exhaustion and a DoS condition. The root cause is improper counting of posted recv_io cred...
CVE-2026-31552
CVE-2026-31552 affects the Linux kernel wlcore wifi path. A memory-allocation failure in wl1271_tx_allocate()/wl1271_prepare_tx_frame() could yield -EAGAIN and be misinterpreted by wlcore_tx_work_locked() as a full aggregation buffer, causing a retry loop under wl->mutex with GFP_ATOMIC. This ...
CVE-2026-31553
CVE-2026-31553 affects the Linux kernel KVM on arm64. The issue stems from computing descriptor addresses in __kvm_at_swap_desc() using (u64 __user )hva + offset, which miscomputes when offset ≠ 0, effectively performing offset 8. The correction is to use hva + offset to obtain the correct S1/S2 ...
CVE-2026-31560
CVE-2026-31560 affects the Linux kernel spi-dw-dma path. When completing an SPI transaction, an error in handling a missing device message can lead to a system crash; the recommended fix is to obtain the device from the struct spi_controller* (dev from the controller). The vulnerability has been ...
CVE-2026-31571
The CVE-2026-31571 entry concerns the Linux kernel DRM/I915: unlink_nv12_plane() could clobber plane state after plane_atomic_check() when a Y-plane is repurposed as a normal plane. The fix is to unlink the NV12 planes before computing the new plane state, preventing the race condition that could...
CVE-2026-31674
The CVE-2026-31674 issue affects the Linux kernel netfilter ip6t_rt module, where processing IPv6 routing header (RT) match rules can overflow addrnr if it exceeds IP6T_RT_HOPS. The root cause is rt_mt6() using addrnr outside rtinfo->addrs[] bounds. A patch added validation of addrnr during ru...
CVE-2026-31697
The CVE-2026-31697 entry concerns the Linux kernel crypto: ccp driver. The issue arises when retrieving the CPU ID: if the firmware command fails (notably with an invalid length), copying the firmware ID to userspace can overflow a kernel buffer and leak data to userspace. Public reports describe...
CVE-2026-31730
CVE-2026-31730 affects the Linux kernel fastrpc component, where a double-free of cctx->remote_heap could occur if INIT_CREATE_STATIC ioctl hits an error path and the rpmsg device is removed. The root cause is that fastrpc_init_create_static_process() frees cctx->remote_heap on the err_map ...
CVE-2026-31752
CVE-2026-31752 affects the Linux kernel bridge/networking path: br_nd_send validates IPv6 neighbor discovery options, and a malformed ND option could cause the parser to read beyond the intended option span or read an LLADDR payload that is too short. The issue is mitigated by option-length check...
CVE-2026-31756
Technical details about CVE-2026-31756 are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to confirm affected products, impact, and fixes.
CVE-2026-31759
CVE-2026-31759 affects the Linux kernel USB ULPI path (usb: ulpi) where a double free could occur in ulpi_register_interface() after a failed device_register(), because the error path freed ulpi twice. The root cause is a missing delegation of cleanup to put_device() via ulpi_dev_release(), preve...
CVE-2026-43004
In the Linux kernel, CVE-2026-43004 affects the stm32-ospi driver. The root cause was a premature exit in the remove() callback when pm_runtime_resume_and_get() failed, causing cleanup of the SPI controller and other resources to be skipped. The fix removes the early return so cleanup always comp...