Lucene search
K
LinuxLinux Kernel

14139 matches found

CVE
CVE
added 2026/03/25 10:26 a.m.9 views

CVE-2026-23301

The CVE-2026-23301 issue affects the Linux kernel ASoC SDCA component, specifically the find_sdca_entity_iot() path that allocates a string for an Entity name but does not verify the allocation result. Red Hat and Debian-family advisories describe this as a local vulnerability that could enable a...

5.5CVSS5.7AI score0.00107EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.9 views

CVE-2026-23323

CVE-2026-23323 concerns the Linux kernel macsmc-hwmon driver on Apple Silicon. The issue stems from two concrete bugs: (1) sensor population logic using the wrong prefix (volt- vs voltage-) and mis-assigning sensors from the voltage array to the temperature array, risking out-of-bounds access or ...

7.8CVSS5.7AI score0.00134EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.9 views

CVE-2026-23353

Summary (CVE-2026-23353) A bug in the Linux kernel ice network driver causes a kernel NULL pointer dereference during the ethtool offline loopback test after ICE conversion to page pool. The root cause is not initializing libeth for the receive (RX) ring, leading to a crash when the loopback test...

5.5CVSS5.7AI score0.00112EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.9 views

CVE-2026-23365

The CVE-2026-23365 entry concerns the Linux kernel kalmia USB driver, where probing code must validate the device’s endpoints before binding. If a malicious device omits or mismatches expected endpoints, the driver may access invalid endpoints and crash. The issue is resolved in upstream kernel b...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.9 views

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.9 views

CVE-2026-23449

Summary (CVE-2026-23449) : The Linux kernel vulnerability is in the TEQL scheduler path (net/sched/teql) where a lockless Qdisc root can cause a double-free in skb_release_data via an unsafe qdisc_reset path. The underlying issue occurs when teql_master_xmit fails to use seq_lock to guard qdisc_r...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:30 p.m.9 views

CVE-2026-31535

Summary: CVE-2026-31535 affects the Linux kernel SMB client receive credit management. A race in handling smbdirect_socket.recv_io.credits.available can cause over- or under-counted credits, potentially destabilizing the SMB receive path. The root cause is a window where a peer might have consume...

4.7CVSS5.4AI score0.00088EPSS
CVE
CVE
added 2026/04/24 2:33 p.m.9 views

CVE-2026-31545

The CVE-2026-31545 issue affects the Linux kernel NFC subsystem (nxp-nci driver), where GPIOs could sleep due to a sleep path regression that triggered a WARN_ON and affected GPIOs connected to I2C GPIO expanders. The vulnerability is resolved by enabling the firmware-driven sleep behavior for th...

5.5CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.9 views

CVE-2026-31584

CVE-2026-31584 - Linux kernel (MediaTek vcodec) use-after-free in encoder release path : The fops_vcodec_release() frees the context (ctx) without cancelling or synchronizing pending/running encode work, allowing the mtk_venc_worker to dereference freed ctx. Root cause: v4l2_m2m_ctx_release() wai...

7.8CVSS5.6AI score0.00126EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.9 views

CVE-2026-31742

The CVE-2026-31742 issue affects the Linux kernel’s virtual terminal (vt) handling of alternate screen mode. When entering alt screen, vc_uni_lines is saved to vc_saved_uni_lines and vc_uni_lines is set to NULL. A subsequent console resize can skip reallocating the unicode buffer because vc_uni_l...

7.8CVSS6AI score0.00127EPSS
CVE
CVE
added 2026/05/01 2:14 p.m.9 views

CVE-2026-31757

CVE-2026-31757 affects the Linux kernel USB subsystem (usbio). The issue is a memory leak where, if usb_submit_urb() fails during device probing (usbio_probe()), the previously allocated URB is not freed. The fix directs control flow to an error path (err_free_urb) to properly release the URB and...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53140

The CVE-2026-53140 issue pertains to the Linux kernel drm/v3d driver. A fault in v3d_rewrite_csd_job_wg_counts_from_indirect() maps both the indirect buffer and the workgroup buffer and, if any workgroup count read from the buffer is zero, the cleanup is skipped on an early exit, leaking the virt...

5.5CVSS6AI score0.00168EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53151

CVE-2026-53151 concerns the Linux kernel AF_RXRPC subsystem, where legacy parsing of the SACK table could trigger an invalid buffer access when processing fragmented UDP packets. The fix updates rxrpc_input_soft_acks() and rxrpc_input_ack() logic so that SACK contents are not copied into a flat b...

9.8CVSS6AI score0.00497EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53169

In the Linux kernel, accel/ethosu has been fixed to reject NPU_OP_RESIZE commands from userspace. The driver previously used an unconditional WARN_ON(1) in DRM_IOCTL_ETHOSU_GEM_CREATE, enabling kernel log spam and, if panic_on_warn was set, potential DoS via a local unprivileged user. The patch r...

5.5CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53173

Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...

7.8CVSS5.9AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53179

CVE-2026-53179 affects the Linux kernel, specifically the staging rtl8723bs driver. The vulnerability is a buffer over-read in rtw_update_protection: a pointer inside the ies buffer is used with the full ie_length, allowing reads beyond the intended data. This is a local impact issue with HIGH se...

7.1CVSS6AI score0.00175EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53185

CVE-2026-53185 concerns the Linux kernel zram subsystem. The issue is a use-after-free in zram_bvec_write_partial(), where zram_read_page() can dispatch reads asynchronously for ZRAM_WB slots and return before the backing read completes. The caller may then operate on a buffer that is freed, risk...

7.8CVSS5.8AI score0.00099EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53187

The CVE-2026-53187 issue affects the Linux kernel RDMA/core: the cpu_id supplied via UVERBS_ATTR_ALLOC_DMAH_CPU_ID is passed to cpumask_test_cpu() without validating it against nr_cpu_ids, leading to an out-of-bounds read of the cpumask bitmap. On kernels built with CONFIG_DEBUG_PER_CPU_MAPS this...

7.1CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53203

CVE-2026-53203 affects the Linux kernel’s accel/ivpu component. A buffer overflow can occur when the firmware returns a metric-stream info size larger than the allocated buffer during get_info_ioctl; if this happens, the operation could copy beyond the buffer. Remediation implemented in the publi...

7.1CVSS6AI score0.00153EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53208

The CVE-2026-53208 entry concerns the Linux kernel Bluetooth subsystem: BR/EDR signaling packets are not enforcing MTUsig, allowing a remote BR/EDR peer within radio range (before pairing) to send a single 681-byte signaling packet containing multiple L2CAP_ECHO_REQ commands, which can trigger 16...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53223

CVE-2026-53223 (Linux kernel) : A networking timestamping bug in net: guard timestamp cmsgs to real error queue skbs where skb_is_err_queue() incorrectly treated PACKET_OUTGOING as the sole marker for sk_error_queue. This misclassification affects AF_PACKET sockets, allowing timestamp-related con...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.9 views

CVE-2026-53302

The CVE-2026-53302 issue is in the Linux kernel cryptographic module (EIP93 hardware accelerator). The root cause is in eip93_hmac_setkey(): it allocates a temporary ahash transform for HMAC key material using a driver name (e.g., sha256-eip93) but masks CRYPTO_ALG_ASYNC, which excludes async alg...

5.5CVSS5.9AI score0.00166EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53304

CVE-2026-53304 affects the Linux kernel SCSI generic (sg) driver, specifically the def_reserved_size default buffer size for each /dev/sgX. The root cause is a bypass of sg_proc_write_dressz limits, allowing an invalid value to be written via the module parameter, which can trigger a soft lockup....

5.5CVSS5.9AI score0.00185EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53308

The CVE-2026-53308 issue concerns the Linux kernel max77705 power supply driver. The root cause is improper management of a workqueue and interrupt handlers during device removal, which could lead to use-after-free of memory after the workqueue is destroyed but before the interrupt is freed via t...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53310

CVE-2026-53310 affects the Linux kernel’s soc/tegra: cbb component. The root cause was a misused base address during target timeout lookup: the code read target timeout registers from cbb->regs while applying offsets from a different fabric’s target map, which could trigger a kernel page fault...

5.5CVSS5.8AI score0.00154EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53313

CVE-2026-53313 is a Linux kernel vulnerability in the drm/amd/display path where NULL pointer dereference can occur in logging paths. Specifically, in dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(), code checked if (!dc_dmub_srv || !dc_dmub_srv->dmub) and then invoked DC...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53317

CVE-2026-53317 concerns the Linux kernel wifi driver stack (mt76/mt7921). A station AID value greater than 20 could trigger a firmware crash on AP interfaces (IFTYPE_AP) when a modified hostapd allocates AIDs starting at a high value (65 in testing). The issue is mitigated by a fix that imposes a...

5.5CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-53318

The CVE-2026-53318 affects the Linux kernel wifi subsystem, specifically the mt76: mt7925 driver. A NULL pointer dereference in mt7925_tx_check_aggr() is addressed by moving the NULL check for 'sta' before it is dereferenced, which prevents a possible crash (DoS). This fix is described as resolve...

5.5CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2026/01/14 3:6 p.m.8 views

CVE-2025-71124

CVE-2025-71124 —Linux kernel DRM MSM A6XX path fix: moved preempt_prepare_postamble() to after validating preempt_postamble_ptr to prevent NULL pointer dereference when postamble allocation fails. Impact described as crash risk; patch available in Patchwork 687659; no exploitation details provide...

5.5CVSS6.1AI score0.00137EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.8 views

CVE-2026-23432

CVE-2026-23432 : In the Linux kernel mshv component, there is a use-after-free in the error path of mshv_map_user_memory . The problem occurs when, in the error path, the code calls vfree() directly on a region while the MMU notifier remains registered; if userspace later unmaps that memory, the ...

7.8CVSS5.7AI score0.0012EPSS
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53128

CVE-2026-53128 affects the Linux kernel DRBD path, specifically drbd_adm_dump_devices(). The root cause is that rcu_read_lock() was not held across the RCU read section before rcu_read_unlock(), as flagged by the Clang thread-safety analyzer. The CVE is tracked in OSV and Debian advisories, with ...

5.5CVSS5.7AI score0.0018EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53156

The CVE-2026-53156 entry concerns a Linux kernel vmem core use-after-free in error paths. The description specifies that several error paths call __nvmem_device_put() which may free the underlying memory and other resources, and the code may continue to use the nvmem structure. The fix is to ensu...

7.8CVSS5.7AI score0.00168EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53210

The CVE-2026-53210 issue is in the Linux kernel’s Trusted Execution Environment (TEE) subsystem. A shm leak occurs in register_shm_helper() when TEE_IOC_SHM_REGISTER registers a zero-length shared memory, because shm is allocated before iov_iter_npages() and not freed if it returns 0; the code pa...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53307

The CVE-2026-53307 issue affects the Linux kernel's pinctrl-generic code, where pinconf_generic_parse_dt_pinmux() did not properly validate the pinmux property, allowing an empty or invalid pinmux to produce a non-NULL allocator return and crash when dereferenced. This is addressed by a fix that ...

5.5CVSS5.8AI score0.00154EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53311

CVE-2026-53311 affects the Linux kernel’s FUSE subsystem: fuse_dentry_revalidate() may be invoked with a dentry whose d_time has not been initialised, originating from KMSAN observations during path resolution (lookup_open/d_revalidate). Multiple vendors and feeds document the fix as resolving th...

5.5CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2026/03/25 10:26 a.m.7 views

CVE-2026-23299

CVE-2026-23299 relates to a Linux kernel Bluetooth issue where, when TX timestamping is enabled (SO_TIMESTAMPING), SKBs may be queued in the sk_error_queue during socket destruction and could leak if unread or if the controller is removed. The fixed mitigation is the addition of skb_queue_purge()...

5.5CVSS5.6AI score0.00121EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53220

CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53162

Summary (CVE-2026-53162) : In the Linux kernel memcg subsystem, a non-NMI-safe path around random-number generation during NMI handling could corrupt the ChaCha batch state, enabling memcg charge draining. The fix replaces the get_random_u32_below() path with a per-CPU round-robin counter stored ...

7.8CVSS5.8AI score0.00136EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53188

The CVE-2026-53188 entry concerns a Linux kernel RDMA/core flaw where fops passed to ib_get_ucaps() could be spoofed via a block device sharing a dev_t with a character device (char/block alias). The root cause is insufficient validation of f_ops, allowing a local attacker with access to device n...

8.8CVSS5.8AI score0.00136EPSS
Total number of security vulnerabilities14139