CVE-2026-31749

Technical details for CVE-2026-31749 are not publicly provided in the supplied connected documents; no vendor/product/versions, root cause, or remediation are described beyond the initial summary. Monitor for updates.

CVE-2026-31761

CVE-2026-31761 concerns the Linux kernel IIO gyro driver for mpu3050. The issue is a race condition caused by calling iio_device_register() in an incorrect location during probe. The fix places iio_device_register() at the end of the probe function and aligns iio_device_unregister() accordingly. ...

CVE-2026-31765

Summary: CVE-2026-31765 affects the Linux kernel AMDGPU driver. A mismatch between the reserved trap area (AMDGPU_VA_RESERVED_TRAP_SIZE) and the allocated KFD GPU memory on systems with 64KB pages can cause a kernel crash, including a NULL pointer dereference, when running certain GPU tests (e.g....

CVE-2026-31766

The CVE-2026-31766 issue affects the Linux kernel AMDGPU driver: amdgpu_userq_get_doorbell_index() passes user-supplied doorbell_offset to amdgpu_doorbell_index_on_bar() without proper bounds checking. An arbitrarily large doorbell_offset can drive the computed doorbell index outside the allocate...

CVE-2026-31767

Summary: CVE-2026-31767 relates to the Linux kernel DRM/i915/dsi path and fixes an issue where DSC horizontal timing adjustments were applied in command mode, potentially causing a div-by-zero when calculating vtotal. The underlying fix prevents adjusting htotal based on compression ratio in comm...

CVE-2026-31769

The CVE-2026-31769 issue in the Linux kernel gpib module is resolved by adding a kernel-only descriptor_busy reference count in struct gpib_descriptor to prevent use-after-free of gpib_descriptor objects during concurrent IO ioctl handling (IBRD, IBWRT, IBCMD, IBWAIT). Each IO path increments des...

CVE-2026-43132

CVE-2026-43132 affects the Linux kernel dm-verity component. The issue arises when dm_bufio_client_create() fails inside verity_fec_ctr() and the subsequent call to dm_bufio_client_destroy() uses an ERR_PTR(), causing a crash. Red Hat specifies potential local DoS from this crash; Debian/Root-OS ...

CVE-2026-43230

The CVE-2026-43230 issue affects the Linux kernel’s Reliable Datagram Sockets (RDS) by not clearing the reconnect-pending bit when canceling the reconnect worker before it has been scheduled. This can cause the system to believe a reconnect is pending indefinitely, potentially impairing network o...

CVE-2026-43457

CVE-2026-43457 affects the Linux kernel MCTP over I2C receive path. When midev->allow_rx is false, a newly allocated skb is not consumed by netif_rx() and must be freed directly, otherwise a memory leak can occur leading to potential DoS through memory exhaustion. The available connected sourc...

CVE-2022-50494

CVE-2022-50494 is concrete: in the Linux kernel, intel_powerclamp could crash when CPU 0 is offline due to using smp_processor_id() in preemptible code. The EulerOS advisories (EulerOS-SA-2026-1029/1172) explicitly include this CVE and describe the fix as replacing smp_processor_id() with get_cpu...

CVE-2022-50530

Mode C: CVE-2022-50530 affects the Linux kernel blk-mq path. The vulnerability is a NULL pointer dereference in blk_mq_clear_rq_mapping(), triggered when set->tags[hctx_idx] is NULL during an allocation path that merged two steps into one. Root cause, per the report, is that tags may not be in...

CVE-2025-71103

CVE-2025-71103 pertains to the Linux kernel DRM MSM Adreno driver. The issue occurs on A7xx GPUs without IFPC support, where ifpc_reglist could be dereferenced in a7xx_patch_pwrup_reglist(), leading to a kernel crash with a NULL pointer dereference (pc : a6xx_hw_init...). The vulnerability has be...

CVE-2025-71109

CVE-2025-71109 covers a Linux kernel issue in MIPS ftrace involving memory corruption when the kernel is located beyond 32 bits. The root cause is the UASM_i_LA_mostly macro (and now UASM_i_LA) generating more than two instructions, while ftrace code stores only an int[2], risking overflow that c...

CVE-2025-71124

CVE-2025-71124 —Linux kernel DRM MSM A6XX path fix: moved preempt_prepare_postamble() to after validating preempt_postamble_ptr to prevent NULL pointer dereference when postamble allocation fails. Impact described as crash risk; patch available in Patchwork 687659; no exploitation details provide...

CVE-2025-71187

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-23298

CVE-2026-23298 affects the Linux kernel can: ucan subsystem. A zero-length message on a broken ucan device causes an infinite loop in ucan_read_bulk_callback(), hanging the system. The issue is linked to a historical fix in the kvaser_usb driver (commit 0c73772cd2b8) addressing a similar infinite...

CVE-2026-23324

CVE-2026-23324 : In the Linux kernel, the issue affects the can: usb: etas_es58x driver where an urb anchored with the anchor pattern must be anchored before submitting it in the read bulk callback. If not anchored, the urb could be leaked when usb_kill_anchored_urbs() runs. The fixes apply to th...

CVE-2026-23337

The CVE-2026-23337 entry concerns the Linux kernel, specifically the pinconf-generic driver in the pinctrl subsystem. The root cause is a memory leak in pinconf_generic_parse_dt_config() when parse_dt_cfg() fails and exits early, bypassing cleanup. The resulting leak is of the cfg buffer. The fix...

CVE-2026-23355

The CVE-2026-23355 issue affects the Linux kernel libata subsystem. It describes a defect where queued work for a deferred command (deferred_qc) is not canceled when cleared, allowing a WARN_ON() condition to fire later if ap->ops->qc_defer() returns non-zero. The root cause is that, althou...

CVE-2026-23356

The CVE-2026-23356 issue affects the Linux kernel DRBD subsystem. A logic bug in drbd_al_begin_io_nonblock() could mis-handle a reference-counted extent when lc_get_cumulative() and lc_try_lock() timing collided, risking a crash or incorrect assumption that an activity log extent is active during...

CVE-2026-23365

The CVE-2026-23365 entry concerns the Linux kernel kalmia USB driver, where probing code must validate the device’s endpoints before binding. If a malicious device omits or mismatches expected endpoints, the driver may access invalid endpoints and crash. The issue is resolved in upstream kernel b...

CVE-2026-23431

CVE-2026-23431 affects the Linux kernel component amlogic-spisg (spi driver). The issue is a memory leak in aml_spisg_probe() where ctlr allocated via spi_alloc_target()/spi_alloc_host() is not released on several error paths, causing leaks if probe fails after initial allocation. The fix uses me...

CVE-2026-23432

CVE-2026-23432 : In the Linux kernel mshv component, there is a use-after-free in the error path of mshv_map_user_memory . The problem occurs when, in the error path, the code calls vfree() directly on a region while the MMU notifier remains registered; if userspace later unmaps that memory, the ...

CVE-2026-31427

The CVE-2026-31427 issue in Linux kernel netfilter/nf_conntrack_sip was fixed by initializing the rtp_addr before calling nf_nat_sip SDP hooks and tracking via a have_rtp_addr flag. If SDP has no m= lines, or contains only inactive/unrecognized media, the code now avoids calling sdp_session with ...

CVE-2026-31501

The CVE-2026-31501 issue affects the Linux kernel net: ti: icssg-prueth driver and is a use-after-free in the RX path. cpp i5_hdesc_get_psdata() returns a pointer into the CPPI descriptor, and the descriptor is freed via k3_cppi_desc_pool_free() before psdata[0]/psdata[1] are used by emac_rx_time...

CVE-2026-31544

The CVE-2026-31544 issue affects the Linux kernel firmware component arm_scmi, where the helper __scmi_event_handler_get_ops could yield a NULL instead of an ERR_PTR when an event handler is missing or not created. This caused a NULL dereference in the notify error path, potentially leading to a ...

CVE-2026-31757

CVE-2026-31757 affects the Linux kernel USB subsystem (usbio). The issue is a memory leak where, if usb_submit_urb() fails during device probing (usbio_probe()), the previously allocated URB is not freed. The fix directs control flow to an error path (err_free_urb) to properly release the URB and...

CVE-2026-31781

CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...

CVE-2026-43167

CVE-2026-43167 relates to the Linux kernel xfrm subsystem where a reference-count leak in xfrm_state occurs when a network device is unregistered. The issue stems from an IPsec hardware-offload API change (commit d77e38e612a0) that made xfrm_dev_unregister() a no-op, even though xfrm_dev_state_ad...

CVE-2026-46269

CVE-2026-46269 affects the Linux kernel pinctrl driver for canaan k230. A NULL pointer dereference occurs during devicetree parsing when probing k230_pinctrl_parse_functions() accesses info->pctl_dev->dev before pctl_dev is initialized, causing a kernel crash (local DoS). The root cause is ...

CVE-2023-53546

CVE-2023-53546 affects the Linux kernel mlx5 RDMA driver (net/mlx5). The issue is a memory leak in mlx5dr_cmd_create_reformat_ctx: if mlx5_cmd_exec fails, the buffer referenced by in is not released, causing a leak. The fix releases that memory after mlx5_cmd_exec, per kernel commit notes. Public...

CVE-2023-53561

The CVE-2023-53561 issue affects the Linux kernel net: wwan: iosm component, causing a NULL pointer dereference during device removal in suspend/resume cycles. Root cause: ipc_imem_wwan_channel_init() may fail to obtain valid device capabilities, leading to no wwan struct allocation; later remova...

CVE-2026-23299

CVE-2026-23299 relates to a Linux kernel Bluetooth issue where, when TX timestamping is enabled (SO_TIMESTAMPING), SKBs may be queued in the sk_error_queue during socket destruction and could leak if unread or if the controller is removed. The fixed mitigation is the addition of skb_queue_purge()...

CVE-2026-23301

The CVE-2026-23301 issue affects the Linux kernel ASoC SDCA component, specifically the find_sdca_entity_iot() path that allocates a string for an Entity name but does not verify the allocation result. Red Hat and Debian-family advisories describe this as a local vulnerability that could enable a...

CVE-2026-23377

CVE-2026-23377 affects the Linux kernel in the ice network driver under XDP. The root cause is an incorrect use of frag_size in XDP RxQ info, which should reflect the whole buffer size but was treated as a DMA write length, causing negative tailroom and potential kernel panic when crafting packet...

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

CVE-2026-23449

Summary (CVE-2026-23449) : The Linux kernel vulnerability is in the TEQL scheduler path (net/sched/teql) where a lockless Qdisc root can cause a double-free in skb_release_data via an unsafe qdisc_reset path. The underlying issue occurs when teql_master_xmit fails to use seq_lock to guard qdisc_r...

CVE-2026-31535

Summary: CVE-2026-31535 affects the Linux kernel SMB client receive credit management. A race in handling smbdirect_socket.recv_io.credits.available can cause over- or under-counted credits, potentially destabilizing the SMB receive path. The root cause is a window where a peer might have consume...

CVE-2026-31584

CVE-2026-31584 - Linux kernel (MediaTek vcodec) use-after-free in encoder release path : The fops_vcodec_release() frees the context (ctx) without cancelling or synchronizing pending/running encode work, allowing the mtk_venc_worker to dereference freed ctx. Root cause: v4l2_m2m_ctx_release() wai...

CVE-2026-31742

The CVE-2026-31742 issue affects the Linux kernel’s virtual terminal (vt) handling of alternate screen mode. When entering alt screen, vc_uni_lines is saved to vc_saved_uni_lines and vc_uni_lines is set to NULL. A subsequent console resize can skip reallocating the unicode buffer because vc_uni_l...

CVE-2026-31545

The CVE-2026-31545 issue affects the Linux kernel NFC subsystem (nxp-nci driver), where GPIOs could sleep due to a sleep path regression that triggered a WARN_ON and affected GPIOs connected to I2C GPIO expanders. The vulnerability is resolved by enabling the firmware-driven sleep behavior for th...