14330 matches found
CVE-2026-53204
The CVE-2026-53204 issue concerns the Linux kernel firmware for Stratix 10 RSU (rsu_send_msg timeout). When wait_for_completion_interruptible_timeout() times out while an SMC call is pending, rsu_send_msg() could lead to a NULL dereference in stratix10_rsu_probe() due to error-path handling that ...
CVE-2026-53303
Technical details for CVE-2026-53303 are not publicly provided in the supplied documents; monitoring for updates is advised.
CVE-2026-53307
The CVE-2026-53307 issue affects the Linux kernel's pinctrl-generic code, where pinconf_generic_parse_dt_pinmux() did not properly validate the pinmux property, allowing an empty or invalid pinmux to produce a non-NULL allocator return and crash when dereferenced. This is addressed by a fix that ...
CVE-2026-53311
CVE-2026-53311 affects the Linux kernel’s FUSE subsystem: fuse_dentry_revalidate() may be invoked with a dentry whose d_time has not been initialised, originating from KMSAN observations during path resolution (lookup_open/d_revalidate). Multiple vendors and feeds document the fix as resolving th...
CVE-2026-53312
In CVE-2026-53312, a Linux kernel iommu/riscv vulnerability is resolved: an integer overflow in the invalidation path could cause an infinite loop when handling sign-extended page tables (ULONG_MAX) during a gather/end computation. The fix moves the +1 away from the potentially overflowed compari...
CVE-2026-53317
CVE-2026-53317 concerns the Linux kernel wifi driver stack (mt76/mt7921). A station AID value greater than 20 could trigger a firmware crash on AP interfaces (IFTYPE_AP) when a modified hostapd allocates AIDs starting at a high value (65 in testing). The issue is mitigated by a fix that imposes a...
CVE-2026-53320
Technical details of CVE-2026-53320 are not publicly provided in the supplied documents; no vendor/product/patch information is confirmed here. Monitor for updates.
CVE-2022-50467
CVE-2022-50467 affects the Linux kernel LPFC SCSI driver (lpfc). The vulnerability arises in lpfc_cmpl_ct_cmd_gft_id() where an abnormal exit path could call lpfc_nlp_put() with a null pointer to a nodelist structure, risking a null dereference. The changelog indicates the root cause was a missin...
CVE-2022-50530
Mode C: CVE-2022-50530 affects the Linux kernel blk-mq path. The vulnerability is a NULL pointer dereference in blk_mq_clear_rq_mapping(), triggered when set->tags[hctx_idx] is NULL during an allocation path that merged two steps into one. Root cause, per the report, is that tags may not be in...
CVE-2023-53546
CVE-2023-53546 affects the Linux kernel mlx5 RDMA driver (net/mlx5). The issue is a memory leak in mlx5dr_cmd_create_reformat_ctx: if mlx5_cmd_exec fails, the buffer referenced by in is not released, causing a leak. The fix releases that memory after mlx5_cmd_exec, per kernel commit notes. Public...
CVE-2023-53561
The CVE-2023-53561 issue affects the Linux kernel net: wwan: iosm component, causing a NULL pointer dereference during device removal in suspend/resume cycles. Root cause: ipc_imem_wwan_channel_init() may fail to obtain valid device capabilities, leading to no wwan struct allocation; later remova...
CVE-2023-53641
CVE-2023-53641 – Linux kernel (wifi: ath9k: hif_usb): The issue is a memory leak in remain_skb within ath9k_hif_usb_rx_stream(). remain_skb is allocated and only freed in the next rx_stream() call; if URBs are deallocated between calls (e.g., device deinit or suspend), the allocated skb can leak....
CVE-2025-39941
CVE-2025-39941 describes a race in zram slot handling in the Linux kernel. Parallel writes to the same zram index can leak zsmalloc handles because zs_free() may run too early; the fix requires resetting the zram entry right before assigning a new handle within the same slot lock scope. Documents...
CVE-2025-71103
CVE-2025-71103 pertains to the Linux kernel DRM MSM Adreno driver. The issue occurs on A7xx GPUs without IFPC support, where ifpc_reglist could be dereferenced in a7xx_patch_pwrup_reglist(), leading to a kernel crash with a NULL pointer dereference (pc : a6xx_hw_init...). The vulnerability has be...
CVE-2026-23263
CVE-2026-23263: In the Linux kernel, io_uring/zcrx had a page array leak that was not freed during sg init failure. The fix, committed as d9f595b9a65e, releases the previously leaked page array along with the leaked pages. Exploitation details are not provided in the supplied documents beyond the...
CVE-2026-23305
The CVE-2026-23305 entry concerns a Linux kernel issue in accel/rocket where unwinding in rocket_probe’s error path was incorrect. If rocket_core_init() fails (e.g., due to EPROBE_DEFER), the kernel must unwind by decrementing the incremented counter and, if it’s the first core failed to probe, c...
CVE-2026-23311
CVE-2026-23311 is a Linux kernel issue in perf/core: Fix of an invalid wait context in ctx_sched_in(). Lockdep reports a bug where a pinned event wakeup could grab a wait-queue lock under perf-context lock; the fix switches to using irq_work and avoids grabbing the lock in the problematic context...
CVE-2026-23314
The CVE-2026-23314 entry describes a Linux kernel issue in the regulator/bq257xx subsystem: in bq257xx_reg_dt_parse_gpio(), if it fails to obtain a subchild, it may return without calling of_node_put(child), leaking a device node reference. The vulnerability is reported as resolved in the Linux k...
CVE-2026-23323
CVE-2026-23323 concerns the Linux kernel macsmc-hwmon driver on Apple Silicon. The issue stems from two concrete bugs: (1) sensor population logic using the wrong prefix (volt- vs voltage-) and mis-assigning sensors from the voltage array to the temperature array, risking out-of-bounds access or ...
CVE-2026-23324
CVE-2026-23324 : In the Linux kernel, the issue affects the can: usb: etas_es58x driver where an urb anchored with the anchor pattern must be anchored before submitting it in the read bulk callback. If not anchored, the urb could be leaked when usb_kill_anchored_urbs() runs. The fixes apply to th...
CVE-2026-23329
CVE-2026-23329 affects the Linux kernel libie_fwlog_deinit in the ixgbe driver flow. The vulnerability arises when unloading the driver (even if firmware logging was never initialized), enabling a call path that can lead to a kernel oops and Denial of Service. Reproduced by unloading the ixgbe dr...
CVE-2026-23342
CVE-2026-23342 describes a race in the Linux kernel’s PREEMPT_RT path for BPF cpumap/xdp_bulk_queue. The issue arises when bq_enqueue() and __cpu_map_flush() run concurrently on the same CPU, breaking assumptions about atomicity and enabling races such as double __list_del_clearprev() and concurr...
CVE-2026-23365
The CVE-2026-23365 entry concerns the Linux kernel kalmia USB driver, where probing code must validate the device’s endpoints before binding. If a malicious device omits or mismatches expected endpoints, the driver may access invalid endpoints and crash. The issue is resolved in upstream kernel b...
CVE-2026-23449
Summary (CVE-2026-23449) : The Linux kernel vulnerability is in the TEQL scheduler path (net/sched/teql) where a lockless Qdisc root can cause a double-free in skb_release_data via an unsafe qdisc_reset path. The underlying issue occurs when teql_master_xmit fails to use seq_lock to guard qdisc_r...
CVE-2026-31606
The CVE-2026-31606 issue affects the Linux kernel USB HID gadget driver. When a /dev/hidg* device is still open, unbind/bind operations can reinitialize a live cdev, which is unsafe and can crash the system. The core problem is calling cdev_init while the cdev is still in use; the fix is to alloc...
CVE-2026-31733
CVE-2026-31733 concerns the Linux kernel’s sched_ext component, where the direct dispatch state (ddsp_dsq_id) could remain set across paths, causing a spurious warning in mark_direct_dispatch(). The root cause is that ddsp_dsq_id was only cleared in dispatch_enqueue(), and not consistently cleare...
CVE-2026-31742
The CVE-2026-31742 issue affects the Linux kernel’s virtual terminal (vt) handling of alternate screen mode. When entering alt screen, vc_uni_lines is saved to vc_saved_uni_lines and vc_uni_lines is set to NULL. A subsequent console resize can skip reallocating the unicode buffer because vc_uni_l...
CVE-2026-31746
CVE-2026-31746 concerns the Linux kernel’s s390/zcrypt component. When Common Cryptographic Architecture (CCA) cards are used as accelerators for clear key RSA requests (ME and CRT), a memory leak occurs due to an unreleased memory allocation in the AP message handling. The issue stems from a rew...
CVE-2026-31769
The CVE-2026-31769 issue in the Linux kernel gpib module is resolved by adding a kernel-only descriptor_busy reference count in struct gpib_descriptor to prevent use-after-free of gpib_descriptor objects during concurrent IO ioctl handling (IBRD, IBWRT, IBCMD, IBWAIT). Each IO path increments des...
CVE-2026-31781
CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...
CVE-2026-43132
CVE-2026-43132 affects the Linux kernel dm-verity component. The issue arises when dm_bufio_client_create() fails inside verity_fec_ctr() and the subsequent call to dm_bufio_client_destroy() uses an ERR_PTR(), causing a crash. Red Hat specifies potential local DoS from this crash; Debian/Root-OS ...
CVE-2026-43235
Summary: CVE-2026-43235 affects the Linux kernel iris media driver for SM8750. The vulnerability arises from two missing platform-data entries in the iris driver, which prevents proper internal buffer allocation and incomplete capability checks. What’s affected: Linux kernel/iris media driver (SM...
CVE-2026-52913
CVE-2026-52913 is addressed in OSV entries as a flaw in the rootio-linux package. Root has patched CVE-2026-52913 in Root:Ubuntu-22.04, with multiple fixed versions available. Additional OSV records indicate patched status for Root:Ubuntu-24.04 and Root:Debian-11/12, also noting multiple fixed ve...
CVE-2026-52920
The CVE-2026-52920 involves the Linux kernel netfilter xt_policy module, where strict inbound policy matching previously consumed info->pol[] in an incorrect order when multiple transforms were applied. Root cause: match_policy_in() iterates sec_path entries from last to first, violating the f...
CVE-2026-52935
In the Linux kernel, CVE-2026-52935 affects the espintcp path under xfrm, where a retransmit/reuse of an in-flight partial send could lead to an out-of-bounds read in the send path. The root cause is reinitializing an sk_msg and reusing ctx->partial while a previous transfer still owns that st...
CVE-2026-52938
CVE-2026-52938 concerns a race in Linux kernel BPF storage: bpf_selem_unlink_nofail() clears smap before removal, allowing a concurrent reader in bpf_sk_storage_clone() to observe a NULL smap and dereference a NULL pointer, potentially crashing the kernel (DoS). Reports describe a null-ptr-deref ...
CVE-2026-53144
CVE-2026-53144 affects the Linux kernel's DRM/AMDKFD path, specifically a NULL dereference in get_queue_ids(). If usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() can return NULL; callers only check IS_ERR(), so a NULL pointer is not treated as an error, allowing suspend_que...
CVE-2026-53157
The CVE-2026-53157 issue affects the Linux kernel’s phonet code: phonet_device is removed from the per-net device list with list_del_rcu(), but freed immediately, creating a use-after-free for readers that still hold pointers. The root cause is mismatched lifetime management; the fix switches to ...
CVE-2026-53164
The CVE-2026-53164 entry concerns the Linux kernel IOMMU DMA SWIOTLB path. The vulnerability arises when iommu_dma_iova_link_swiotlb() maps an unaligned memory region and, if the middle portion is empty, calls iommu_map() with a 0 size, which the iommu_pt implementation treats as illegal, corrupt...
CVE-2026-53172
The CVE-2026-53172 issue in the Linux kernel’s accel/ethosu component is a local-privilege/heap corruption flaw caused by an incorrect mask (0x7f) when processing NPU_SET_IFM_REGION. This allows a userspace caller to supply a region index > 7, writing up to 1016 bytes past the start of region_...
CVE-2026-53173
Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...
CVE-2026-53187
The CVE-2026-53187 issue affects the Linux kernel RDMA/core: the cpu_id supplied via UVERBS_ATTR_ALLOC_DMAH_CPU_ID is passed to cpumask_test_cpu() without validating it against nr_cpu_ids, leading to an out-of-bounds read of the cpumask bitmap. On kernels built with CONFIG_DEBUG_PER_CPU_MAPS this...
CVE-2026-53201
CVE-2026-53201 affects the Linux kernel, with multiple sources (NVD, OSV, Debian security tracker, Ubuntu, etc.) describing a fix that reverts a prior optimization. The issue arises because the idle-skip optimization in the DRM/xe path can bypass GuC suspend, potentially skipping the context-swit...
CVE-2026-53206
CVE-2026-53206 affects the Linux kernel (accel/ivpu) where the firmware runtime memory in the image header lacked proper bounds checks. The issue is addressed by validating alignment and sizing to ensure the firmware image fits in memory, preventing allocation or transfer errors. The available co...
CVE-2026-53223
CVE-2026-53223 (Linux kernel) : A networking timestamping bug in net: guard timestamp cmsgs to real error queue skbs where skb_is_err_queue() incorrectly treated PACKET_OUTGOING as the sole marker for sk_error_queue. This misclassification affects AF_PACKET sockets, allowing timestamp-related con...
CVE-2026-53237
In CVE-2026-53237, the Linux kernel’s mvebu GPIO implementation can dereference a NULL mvchip->mvpwm during suspend/resume because mvebu_pwm_suspend() / mvebu_pwm_resume() are invoked for all GPIO banks, including those without PWM functionality. The root cause is that some banks have mvchip-&...
CVE-2026-53240
CVE-2026-53240 concerns a use-after-free in the Linux kernel xfrm: iptfs partial reassembly logic (__input_process_payload). The bug occurs when first_skb is saved to xtfs->ra_newskb under drop_lock and a concurrent path may complete reassembly, NULL the ra_newskb, and free the skb before the ...
CVE-2026-53271
CVE-2026-53271 affects the Linux kernel ksmbd component. The vulnerability is a NULL-deref in oplock/lease break notifiers: smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo->conn into a local buffer without READ_ONCE and without a NULL check. After opinfo_get_list() drops ci-&g...
CVE-2026-53302
The CVE-2026-53302 issue is in the Linux kernel cryptographic module (EIP93 hardware accelerator). The root cause is in eip93_hmac_setkey(): it allocates a temporary ahash transform for HMAC key material using a driver name (e.g., sha256-eip93) but masks CRYPTO_ALG_ASYNC, which excludes async alg...
CVE-2026-53308
The CVE-2026-53308 issue concerns the Linux kernel max77705 power supply driver. The root cause is improper management of a workqueue and interrupt handlers during device removal, which could lead to use-after-free of memory after the workqueue is destroyed but before the interrupt is freed via t...