14139 matches found
CVE-2026-43009
The CVE-2026-43009 family concerns the Linux kernel BPF verifier. Connected sources describe a bug where backtrack_insn did not correctly account for atomic fetch variants (BPF_ATOMIC with BPF_FETCH) during memory-precision tracking, causing the verifier to prune paths incorrectly. The fix extend...
CVE-2026-43021
CVE-2026-43021 affects the Linux kernel Bluetooth hci_sync path. A failure in hci_cmd_sync_queue_once() can skip calling the destroy callback, causing leaks of references/memory. The issue manifests during error paths, potentially leaving resources allocated for the hci_sync queue. Public discuss...
CVE-2026-43028
The CVE-2026-43028 vulnerability affects the Linux kernel netfilter x_tables component. The root cause is that certain names were not guaranteed to be nul-terminated before being passed to functions that expect C strings, which could lead to misprocessing, system instability, or hazardous behavio...
CVE-2026-43046
CVE-2026-43046 affects the Linux kernel, specifically btrfs relocation logic where a non-zero drop_progress with drop_level == 0 can be observed in a read-back root_item. The root_item invariant is now validated in the tree-checker when reading from disk: if drop_progress.objectid is non-zero, dr...
CVE-2026-43059
CVE-2026-43059 affects the Linux kernel Bluetooth MGMT path. A change introducing mgmt_pending_valid() caused completion handlers to unlink commands from the pending list, which could lead to list corruption and potential memory safety issues. The patch fixes two issues: (1) in mgmt_add_adv_patte...
CVE-2026-43092
The CVE-2026-43092 issue affects the Linux kernel AF_XDP subsystem: bind now validates MTU against the usable frame space provided by UMEM chunks. Previously, zero-copy pool configurations could be accepted without confirming that the device MTU fits into the usable frame space, considering tailr...
CVE-2026-43131
CVE-2026-43131 affects the Linux kernel DRM AMD PM path. When SMU is disabled during Reliability, Availability, and Serviceability (RAS) initialization, a null pointer dereference can occur in drm/amd/pm, potentially causing a system crash (DoS). Public-availability details come from multiple sou...
CVE-2026-43162
In the Linux kernel, the media: tegra-video path has a memory leak in __tegra_channel_try_format() caused by failing to free the allocated __v4l2_subdev_state (sd_state) in two error paths after v4l2_subdev_call() failures. The fix introduces a cleanup label and goto-based error handling to ensur...
CVE-2026-43168
CVE-2026-43168 concerns the Linux kernel OCFS2 reflink preserve cleanup issue. Multiple connected sources confirm a bug in the cleanup of preserved xattr entries: the last pointer should be shifted by one unit after an array entry cleanup, and the first entry may not be cleaned when xh_count is 1...
CVE-2026-43169
The CVE-2026-43169 issue lies in the Linux kernel DRM_BUDDY code (drm/buddy) where contiguous allocations (and large non-contiguous allocations) are rounded up to a power of two or aligned, potentially producing a size > mm->size and triggering BUG_ON(order > mm->max_order). If such a...
CVE-2026-43179
Summary: CVE-2026-43179 affects the Linux kernel’s EROFS filesystem. The issue stems from incorrect early exits for invalid metabox-enabled images with metadata compression, which can trigger folio reference leaks. The problem does not apparently cause system crashes or other severe issues accord...
CVE-2026-43182
Concrete details are available: CVE-2026-43182 affects the Linux kernel’s media: ccs component. The root cause is a missing check for a non-zero MIN_X_OUTPUT_SIZE limit register value when computing the maximum M for scaler configuration, risking a division-by-zero. Exploitation status is not pro...
CVE-2026-43189
The CVE-2026-43189 issue affects the Linux kernel’s media/v4l2-async matching workflow. When an async connection matches with a firmware node, a sub-device may be registered, its bound operation invoked, ancillary links created, and the connection added to the sub-device’s list before moving on t...
CVE-2026-43204
Summary: CVE-2026-43204 affects the Linux kernel ASoC: qcom q6asm component, where DSP responses for closed data streams could still be processed, causing system lockups. Root cause: DSP responses arriving after stream closure were not unconditionally dropped. Fix: unconditionally drop all DSP re...
CVE-2026-43224
The CVE-2026-43224 entry concerns the Linux kernel io_uring/zcrx subsystem. A memory leak could occur when mapping fails in io_populate_area_dma() on PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA, as io_zcrx_map_area() would allocate a sgtable that isn’t freed due to the error path not freeing it when !is_...
CVE-2026-43231
CVE-2026-43231 : In the Linux kernel, the media: radio-keene driver has a memory-leak in usb_keene_probe() where the v4l2 control handler is not freed if registration fails. The underlying issue is that the v4l2_ctrl_handler is initialized and controls are added, but error paths after v4l2_device...
CVE-2026-43236
The CVE-2026-43236 vulnerability affects the Linux kernel’s drm/atmel-hlcdc component. The atmel_hlcdc_plane_atomic_duplicate_state() callback copied the drm_plane_state without duplicating the base state, leaving state->commit pointing to the old object and enabling a use-after-free in the ne...
CVE-2026-43242
CVE-2026-43242 concerns a leak in the Linux kernel’s driver for TI K3 SoC (soc: ti: k3-socinfo). The vulnerability arises when an mmio regmap is allocated during probe but not freed on probe failure, risking resource exhaustion and potential system instability. The fix uses a device-managed alloc...
CVE-2026-43246
The CVE-2026-43246 issue affects the Linux kernel driver media: i2c/tw9906 (tw9906_probe). The root cause is a memory leak where memory allocated for the V4L2 control handler (v4l2_ctrl_handler_init and v4l2_ctrl_new_std) is not freed in an error path, potentially causing resource exhaustion or i...
CVE-2026-43271
CVE-2026-43271 involves the Linux kernel md-cluster module where a race during MD array startup can cause a NULL pointer dereference in process_metadata_update when a METADATA_UPDATED message arrives before mddev->thread is initialized. The root cause is the code path that dereferences the thr...
CVE-2026-43314
CVE-2026-43314 affects the Linux kernel device mapper (dm) driver. The issue arises when an I/O timeout failure is injected into a dm device; because dm does not implement its own timeout handler, the request can leak and hang indefinitely. The root cause is the presence of blk_should_fake_timeou...
CVE-2026-43355
CVE-2026-43355 affects the Linux kernel bh1780 light sensor driver (iio: light). The root cause is a PM runtime reference-count leak: pm_runtime_put_autosuspend() was not guaranteed to run after pm_runtime_get_sync() if the read operation failed. The fixed response moves the autosuspend call befo...
CVE-2026-43369
Summary (CVE-2026-43369): In the Linux kernel’s drm/amd driver, if GPU initialization fails due to an unsupported hardware block, some IP blocks may have a NULL version pointer. During device cleanup, amdgpu_device_set_pg_state and amdgpu_device_set_cg_state access adev->ip_blocks[i].version w...
CVE-2026-43370
The CVE-2026-43370 issue affects the Linux kernel DRM/AMDGPU subsystem, specifically a use-after-free race in VM acquisition. Root cause: a non-atomic vm->process_info assignment could race when parent and child processes sharing a drm_file both attempt to acquire the same VM after fork(). The...
CVE-2026-43394
CVE-2026-43394 (Linux kernel) : A local credential reference leak in nfsd_nl_listener_set_doit() occurs because get_current_cred() is used without a corresponding put_cred(). The function runs in process context during sendmsg(), and current->cred remains valid, so the extra refcount is unnece...
CVE-2026-43398
The CVE-2026-43398 entry concerns the Linux kernel amdgpu driver. A vulnerability arises from improper input validation in the userq_wait ioctl (amdgpu_userq_wait_ioctl), where excessively large input values can cause an Out-Of-Memory (OOM) situation, leading to Denial of Service. The root cause ...
CVE-2026-43404
CVE-2026-43404: In the Linux kernel mm subsystem, hmm_range_fault() can livelock if folio_trylock() fails during device-private folio migration; the spinning waiter may be starved if a dependent work item on the same CPU never runs, causing a DoS-like livelock. Conditions include: migration path ...
CVE-2026-43419
CVE-2026-43419 affects the Linux kernel Ceph filesystem component, where ceph_mdsc_build_path() could leak memory via a path pointer obtained with __getname() if not freed or transferred. The fixes add __putname() calls in error paths and ensure the pointer is freed when ownership isn’t passed to...
CVE-2026-43433
The CVE-2026-43433 entry refers to a Linux kernel issue in the rust_binder component: a TOCTOU opportunity where a local process that can write to its own VMA could alter the offsets array before it is read back during a transaction, potentially enabling privilege escalation to the sender. The fi...
CVE-2026-43447
Summary: CVE-2026-43447 affects the Linux kernel iavf driver. A race condition arises when a PTP worker that caches PHC time is not stopped during adapter reset/disable, potentially freeing AQ-backed resources while the worker runs. If the worker calls into ptp commands during teardown, memory/lo...
CVE-2026-43448
CVE-2026-43448 corresponds to a race in the Linux kernel nvme-pci driver (nvme_poll_irqdisable) where a device can be disabled between operations, causing nvme_poll_irqdisable() to race with nvme_reset_work() and leading to an unbalanced IRQ enable (IRQ 10 in the crash log). The root cause is a m...
CVE-2026-43454
CVE-2026-43454 concerns the Linux kernel nf_tables netfilter component. The issue arises when handling NETDEV_REGISTER notifications: a device may be registered twice because nft_netdev_hook_alloc() could have already added the device when the hook was created. The result is duplicate device regi...
CVE-2026-43468
CVE-2026-43468 affects the Linux kernel net/mlx5 subsystem, where a deadlock can occur between the devlink lock and the esw->work_queue. The deadlock trace involves esw_functions_changed_event_handler executing esw_vfs_changed_event_handler, while eswitch_mode_set acquires the devlink lock and...
CVE-2026-45896
CVE-2026-45896 affects the Linux kernel driver mtd_intel_dg. The bug occurs when the regions array is indexed before its size (nregions) is set, causing a UBSAN array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15. The issue is triggered by accessing regions before nregions is e...
CVE-2026-53167
CVE-2026-53167 affects the Linux kernel’s FUSE path: FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios since !uptodate folios may contain uninitialized data. The vulnerability is scoped to systems without automatic page-alloc zero init (CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1). E...
CVE-2026-53180
CVE-2026-53180 involves a Linux kernel timers/migration livelock. The issue arises when tmigr_handle_remote_cpu() skips timer_expire_remote() if cpu == smp_processor_id(), under the incorrect assumption that the local softirq path already handled this CPU’s timers. Jiffies can advance after local...
CVE-2026-53183
CVE-2026-53183 affects the Linux kernel MPTCP implementation. The issue allows the TCP subflow receive window to shrink independently of the netns, which can inflate the MPTCP receive window and cause incoming data to exceed the receiver’s rcvbuf, potentially leading to DoS or a system becoming u...
CVE-2026-53209
The CVE-2026-53209 issue affects the Linux kernel Bluetooth subsystem (hci_sync). When hci_adv_bcast_annoucement() tries to prepend the Broadcast Announcement service data to an already-full extended advertising payload, the combined data could exceed the temporary buffer used to rebuild advertis...
CVE-2026-53212
The CVE-2026-53212 issue affects the Linux kernel nft_tunnel implementation within netfilter, where nft_tunnel_obj_destroy() used metadata_dst_free() to free a metadata_dst, bypassing dst_entry refcount accounting. This could leave in-flight packets that hold references (via dst_hold()) dangling,...
CVE-2026-53301
The CVE-2026-53301 entry refers to a Linux kernel issue: reset: amlogic: t7 where missing reset operations can cause a kernel null pointer dereference. The description notes this SOC’s reset is not currently used. Connected sources indicate this is a kernel-level fix (null reset ops) with referen...
CVE-2026-53319
Mode C: Normal (details available) CVE-2026-53319 affects the Linux kernel block writeback throttling (blk-wbt) code. The issue arises in wbt_init_enable_default(), which previously used WARN_ON_ONCE to report failures from wbt_alloc() and wbt_init(). These failure paths are expected: wbt_alloc()...
CVE-2022-50305
CVE-2022-50305 is a Linux kernel ASoC issue: sof_es8336_remove() could cause use-after-free because cancel_delayed_work() may not wait for the work function to finish. The fix uses cancel_delayed_work_sync() to ensure the work is cancelled, not running, and cannot be re-scheduled. Affected compon...
CVE-2022-50430
CVE-2022-50430 affects the Linux kernel mmc vub300 driver. The fix prevents calling blocking operations when the current task is not TASK_RUNNING by ensuring vub300_enable_sdio_irq() uses proper mutex usage and marks the current task as TASK_RUNNING in a sleepable context. This reduces a potentia...
CVE-2022-50437
CVE-2022-50437 - Linux kernel (drm/msm/hdmi) : A memory corruption issue was fixed by adding a missing sanity check on the bridge counter to prevent writing beyond the fixed-sized bridge array when there are more than eight bridges. Affects the Linux kernel with drm/msm/hdmi; patch resolves data ...
CVE-2022-50460
The CVE-2022-50460 issue is in the Linux kernel CIFS logic: an xid leak in cifs_flock() when flock is used can leak xid on early return (-ENOLCK). Multiple connected advisories (Astra Linux, Unity Linux, EulerOS, SUSE) cite the same description and confirm a fix in the kernel. The vulnerability i...
CVE-2022-50468
CVE-2022-50468 affects the Linux kernel, specifically the Cros USB PD notifier driver (platform/chrome: cros_usbpd_notify). The issue arises because cros_usbpd_notify_init() does not check the return value of platform_driver_register(), allowing cros_usbpd_notify to install even if registration f...
CVE-2023-53450
The CVE-2023-53450 entry concerns the Linux kernel ext4 subsystem. A malicious fuzzer that overwrites the ext4 superblock while mounted can set s_first_data_block to a very large value, causing the block-group calculation to underflow and trigger a BUG_ON. The fix changes the BUG_ON to ext4_warni...
CVE-2023-53466
CVE-2023-53466 pertains to the Linux kernel wifi driver mt76 mt7915. The issue is a memory leak in the mt7915_mcu_exit path. The security update fixes by always purging mcu skb queues in mt7915_mcu_exit, even if mt7915_firmware_state fails. This mirrors the vulnerability being addressed in OSV-20...
CVE-2023-53483
CVE-2023-53483 affects the Linux kernel, specifically the ACPI processor code. The vulnerability arises in fch_misc_setup() where devm_kzalloc() may return NULL and lead to a NULL pointer dereference if clk_data->name is NULL. The CVE entry indicates this issue has been resolved in the Linux k...
CVE-2023-53534
Based on the UNPATCHED_CVE_2023_53534.NASL entry, CVE-2023-53534 affects the Linux kernel DRM/Mediatek path (mtk_drm_crtc). The root cause is a missing validation for devm_kcalloc return values, which may be NULL, risking NULL pointer dereference. The advisory notes that this vulnerability has be...