CVE-2023-53520

CVE-2023-53520 relates to the Linux kernel Bluetooth subsystem. A race can occur when an hci_dev object is freed by hci_unregister_dev() while hci_suspend_notifier may still access it, potentially causing a crash (as shown by the call trace in hci_suspend_sync). The patch fixes this by holding a ...

CVE-2023-53532

CVE-2023-53532 concerns the Linux kernel/ath11k on AHB WLAN hardware. The issue arises during deinitialization of firmware resources for chipsets with non-fixed firmware memory when TrustZone is not present. The code path unmapped memory that was never mapped during initialization, leading to a k...

CVE-2023-53550

Technical details about CVE-2023-53550 are not provided in the connected documents. The SUSE advisories listed reference this CVE but do not include affected versions, root cause, nor remediation specifics. Monitor for updates.

CVE-2023-53551

The CVE-2023-53551 issue affects the Linux kernel USB gadget, specifically the u_serial driver. The root cause was a potential null pointer dereference in gserial_resume that could occur if gserial_disconnect had already cleared gser->ioport and a wakeup interrupt fired afterward. The fix adds...

CVE-2023-53687

CVE-2023-53687 affects the Linux kernel’s serial Samsung TTY path (s3c24xx_serial_getclk) where a memory leak occurs while iterating best clock candidates; if a better match is found, the previous clock and the new candidate must be freed, or a leak may occur. Public docs confirm the issue and th...

CVE-2025-39928

CVE-2025-39928 affects the Linux kernel RTL9300 I2C driver. The vulnerability arises from not validating the transfer length in rtl9300_i2c_config_xfer, allowing a data length of 0 to underflow and be treated as 16 due to (len - 1) & 0xf, which can trigger a 16-byte write and potentially soft-bri...

CVE-2025-39960

Concrete details from connected sources show CVE-2025-39960 affecting the Linux kernel gpiolib/acpi path. The root cause is uninitialized acpi_gpio_info passed to __acpi_find_gpio(), leading to info->quirks usage in acpi_populate_gpio_lookup and breaking i2c_hid_cpi HID over I2C probes. The fi...

CVE-2025-71152

CVE-2025-71152 is a vulnerability reported in the Linux kernel and appears in multiple OS advisories. Connected entries indicate patches for Root Linux (rootio-linux) across Debian 11/12/13 variants, and additional OSV records show Debian-based and Chainguard advisories patching Root packages. Pu...

CVE-2025-71181

CVE-2025-71181 relates to the Linux kernel: the rust_binder change to remove spin_lock() in rust_shrink_free_page() during a Rust Binder port to 6.18 appears to fix a potential deadlock scenario described in the public advisories. The affected area is the Rust Binder integration within Linux, spe...

CVE-2026-23252

The CVE-2026-23252 issue affects the Linux kernel XFS code. The root cause is the xchk_xfile_*_descr macros calling kasprintf, which could fail to allocate memory when formatting strings larger than the non‑no-fail limit. The patch removes this path by passing static strings instead, eliminating ...

CVE-2026-23305

The CVE-2026-23305 entry concerns a Linux kernel issue in accel/rocket where unwinding in rocket_probe’s error path was incorrect. If rocket_core_init() fails (e.g., due to EPROBE_DEFER), the kernel must unwind by decrementing the incremented counter and, if it’s the first core failed to probe, c...

CVE-2026-23309

CVE-2026-23309 refers to a Linux kernel vulnerability in the tracing subsystem. The issue was a NULL pointer dereference in trigger_data_free() when data->cmd_ops->set_filter is evaluated after a failed trigger_data_alloc() and returning NULL. The root cause was that trigger_data_free() did...

CVE-2026-23311

CVE-2026-23311 is a Linux kernel issue in perf/core: Fix of an invalid wait context in ctx_sched_in(). Lockdep reports a bug where a pinned event wakeup could grab a wait-queue lock under perf-context lock; the fix switches to using irq_work and avoids grabbing the lock in the problematic context...

CVE-2026-23314

The CVE-2026-23314 entry describes a Linux kernel issue in the regulator/bq257xx subsystem: in bq257xx_reg_dt_parse_gpio(), if it fails to obtain a subchild, it may return without calling of_node_put(child), leaking a device node reference. The vulnerability is reported as resolved in the Linux k...

CVE-2026-23339

CVE-2026-23339 is resolved in the Linux kernel through fixes around NFC/NCI skb handling (nci_transceive error paths releasing skb) as cited by multiple OSV entries and kernel patches. Connected advisories show Root: Debian/Ubuntu/Mageia patches for rootio-linux, with multiple fixed versions (e.g...

CVE-2026-23378

CVE-2026-23378 concerns a Linux kernel net/sched issue in act_ife where metalist entries were appended on replace instead of replacing existing data, risking unbounded metadata growth and potential out-of-bounds encode errors. The root cause is fixed by adding metalist to the ife RCU data structu...

CVE-2026-23380

CVE-2026-23380 (Linux kernel) describes a local vulnerability in tracing buffers memory management. When a process forks, the child’s VMAs copy the parent’s without incrementing user_mapped, so exiting both processes may cause tracing_buffers_mmap_close() to run twice; on the second call user_map...

CVE-2026-23391

CVE-2026-23391 affects the Linux kernel netfilter xt_CT feature. The issue arises when templates reference nfqueue objects (e.g., helper, nfnetlink_cttimeout) that can be removed while packets are queued, potentially leaving pending packets. The vulnerability has been resolved by flushing enqueue...

CVE-2026-23396

The CVE-2026-23396 issue affects the Linux kernel mac80211 mesh code. The function mesh_matches_local() dereferenced ie->mesh_config without verifying presence, allowing a crafted CSA action frame that includes a Mesh ID IE but omits the Mesh Configuration IE to crash the kernel. The race is t...

CVE-2026-23421

The CVE-2026-23421 issue is a Linux kernel memory-leak in drm/xe/configfs where ctx_restore_mid_bb is allocated in wa_bb_store() but freed only partially by xe_config_device_release(), leaving ctx_restore_mid_bb[0].cs undisposed when a configfs device is removed. The vulnerability is described as...

CVE-2026-23434

CVE-2026-23434 affects the Linux kernel MTD NAND driver (mtd: rawnand) where nand_lock()/nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. The fix introduces serialisation by wrapping those lock/unlock calls with nand_get_device()/nand_release_device...

CVE-2026-23435

The CVE-2026-23435 entries describe a Linux kernel PMU/X86 perf vulnerability that was resolved. The root cause was a commit that moved cpuc->events[idx] assignment out of x86_pmu_start() into step 2 of x86_pmu_enable(), after PERF_HES_ARCH checks. This could allow a path that calls pmu->st...

CVE-2026-23459

The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...

CVE-2026-23463

The CVE-2026-23463 issue concerns a race condition in the Linux kernel’s QMAN/FQ handling (qbman) where fq_table[fq->idx] may be freed and reallocated concurrently when QMAN_FQ_FLAG_DYNAMIC_FQID is set. The root cause is a race between qman_destroy_fq() releasing the fqid and qman_create_fq() ...

CVE-2026-23465

CVE-2026-23465 affects the Linux kernel (btrfs) where logging the parent directory of a no-longer-existing conflicting inode could skip logging the directory’s new dentries, causing missing dentries after a power loss when an fsync occurs. The issue is resolved by logging new dir dentries wheneve...

CVE-2026-23469

CVE-2026-23469 concerns the Linux kernel’s drm/imagination driver, where a race between the Runtime PM suspend callback and the IRQ handler could let the IRQ thread access GPU registers while the GPU is suspended. The description in multiple sources states that synchronize_irq() should be awaited...

CVE-2026-31398

Summary (CVE-2026-31398) : A Linux kernel MMU issue in the rmap code affects lazyfree folios during batch unmapping. When a folio’s pages have a mix of writable and non-writable PTEs, the batch restoration path could mark the entire batch writable, breaking CoW semantics and potentially causing a...

CVE-2026-31416

CVE-2026-31416 (Linux kernel) : Affected component is netfilter nfnetlink_log. The issue is caused by not accounting for the netlink header size when processing NL messages, which can lead to a WARN splat and potential drop of the affected netlink message, with no other ill effects reported in th...

CVE-2026-31417

The CVE-2026-31417 issue affects the Linux kernel’s net/x25 implementation. Affected component: x25_sock.fraglen can overflow during packet accumulation, with the root cause involving missing overflow checks and an incorrect fraglen reset when fragment_queue is purged in x25_clear_queues(). The p...

CVE-2026-31423

The CVE-2026-31423 issue affects the Linux kernel’s net/sched sch_hfsc; rtsc_min() can divide by a value derived from the difference of large u64 slopes, risking a divide-by-zero when the difference equals 2^32. The fix widens the internal counter to u64 and replaces do_div() with div64_u64() to ...

CVE-2026-31440

CVE-2026-31440 affects the Linux kernel’s dmaengine idxd driver. The issue arises during device removal when a reset clears configuration registers, causing the prior check for event log support to fail if evl is no longer valid. The propagated fixes remove the check for “evl” enabled state and i...

CVE-2026-31443

CVE-2026-31443 : Linux kernel, dmaengine: idxd driver fix. When hardware does not support event logging and a Function Level Reset (FLR) occurs, the driver previously attempted to restore the event log even if it was never allocated, and may crash. The fix ensures the event log is only freed if i...

CVE-2026-31477

In CVE-2026-31477, the Linux kernel ksmbd component smb2_lock() had three error-handling issues after detaching smb_lock from lock_list: (1) non-UNLOCK path leaks smb_lock and its flock when vfs_lock_file() returns an unexpected error, (2) UNLOCK path leaks on -ENOENT with stale error code, and (...

CVE-2026-31493

The CVE-2026-31493 issue exists in Linux kernel RDMA/efa admin queue completion handling: when a command completes with an error, the code may print from a completion context that has already been freed, leading to use-after-free-like behavior. The root cause is use of a freed completion context ...

CVE-2026-31500

The CVE-2026-31500 issue affects the Linux kernel Bluetooth Intel btintel driver. A data race allowed two __hci_cmd_sync() paths (HCI_OP_RESET and Intel-exception-info) to run without hci_req_sync_lock, risking concurrent access to hdev->req_status/req_rsp and a slab-use-after-free in kfree_sk...

CVE-2026-31538

CVE-2026-31538 (Linux kernel SMB server) : A race condition in the SMB server’s recv credits logic (smbdirect_socket.recv_io.credits.available) can cause credits to be granted that may already have been consumed by the peer due to mismatched counting of posted recv_io versus granted credits. The ...

CVE-2026-31550

CVE-2026-31550 is a Linux kernel issue in the bcm2835-power component. The bcm2835_asb_control() polling loop could fail to properly disable the V3D master ASB on BCM2711 under heavy workloads, leaving the V3D in a broken state and potentially causing bus faults or system hangs. The mitigation in...

CVE-2026-31556

CVE-2026-31556 concerns the Linux kernel XFS quota scrub path. Multiple connected sources document the issue: in xfs, during quota scrubbing, xchk_quota_item could return early after xchk_fblock_process_error without dropping the dquot lock dq->q_qlock, risking lock leaks or deadlocks in later...

CVE-2026-31564

CVE-2026-31564 (LoongArch KVM) : The Linux kernel fix addresses a faulty address calculation in the LoongArch KVM implementation, specifically in kvm_eiointc_regs_access(). The code previously derived the register base address by adding an offset to an array base address treated as a u64, which c...

CVE-2026-31605

This CVE concerns the Linux kernel udlfb driver, where FBIOPUT_VSCREENINFO could trigger a divide-by-zero when pixclock is used directly in the udlfb path. The issue mirrors a prior fix in fb_dev paths and has been resolved in the kernel with related commits (e.g., addressing divide-by-zero in si...

CVE-2026-31620

CVE-2026-31620 affects the Linux kernel ALSA usx2y driver (TASCAM US-144MKII). A malicious USB device can present a configuration with bInterfaceNumber=1 but no interface 0, causing usb_ifnum_to_if(dev,0) to dereference NULL. This can crash the kernel (DoS). The fix is to properly check the retur...

CVE-2026-31621

The CVE-2026-31621 issue affects the Linux kernel bnge driver: on failure of auxiliary_device_add(), the error path calls auxiliary_device_uninit() but does not return, causing a null dereference when cleanup runs bnge_aux_dev_release() (bd->auxr_dev is freed and then dereferenced). Red Hat re...

CVE-2026-31729

CVE-2026-31729 affects the Linux kernel USB Type-C Unified Connector and Switch Interface (UCSI) path. A malicious or malfunctioning USB‑C device can report an out‑of‑range connector number in the CCI, which is used to index ucsi_connector_change(); the underlying array is allocated for the devic...

CVE-2026-31733

CVE-2026-31733 concerns the Linux kernel’s sched_ext component, where the direct dispatch state (ddsp_dsq_id) could remain set across paths, causing a spurious warning in mark_direct_dispatch(). The root cause is that ddsp_dsq_id was only cleared in dispatch_enqueue(), and not consistently cleare...

CVE-2026-31746

CVE-2026-31746 concerns the Linux kernel’s s390/zcrypt component. When Common Cryptographic Architecture (CCA) cards are used as accelerators for clear key RSA requests (ME and CRT), a memory leak occurs due to an unreleased memory allocation in the AP message handling. The issue stems from a rew...

CVE-2026-31753

CVE-2026-31753 affects the Linux kernel’s auxdisplay/line-display path. A NULL dereference in linedisp_release can occur if the enclosing linedisp object has already been detached when the release callback runs, causing a crash while freeing display resources. The fix retrieves the enclosing obje...

CVE-2026-31755

Rooted in the Linux kernel usb cdns3 gadget: when an endpoint is disabled or unconfigured, ep->desc can be NULL and __cdns3_gadget_ep_queue() may dereference it, causing a kernel crash. A patch adds a check and returns -ESHUTDOWN for unconfigured endpoints. Upstream fixes exist (commit referen...

CVE-2026-31758

The CVE-2026-31758 entry affects the Linux kernel usbtmc implementation. The vulnerability arises when releasing USB Test & Measurement Channels: pending anchored URBs are not flushed or killed during usbtmc_release, allowing use-after-free conditions (notably in the Host Controller Driver giveba...

CVE-2026-31761

CVE-2026-31761 concerns the Linux kernel IIO gyro driver for mpu3050. The issue is a race condition caused by calling iio_device_register() in an incorrect location during probe. The fix places iio_device_register() at the end of the probe function and aligns iio_device_unregister() accordingly. ...

CVE-2026-31770

The CVE-2026-31770 issue affects the Linux kernel hwmon/occ path. In occ_show_power_1(), the accumulator could be divided by update_tag without checking for zero when no samples have been collected, leading to a division-by-zero crash. A fix reuses occ_get_powr_avg() (which handles the zero-sampl...