14330 matches found
CVE-2025-71187
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2025-71270
CVE-2025-71270 concerns LoongArch Linux kernel: the fix enables exception handling for BPF memory accesses in JIT-compiled code. Specifically, do_ade() now handles EX_TYPE_BPF memory access exceptions during BPF_PROBE_MEM* operations by invoking the common fixup routine, stabilizing recoverable m...
CVE-2026-23355
The CVE-2026-23355 issue affects the Linux kernel libata subsystem. It describes a defect where queued work for a deferred command (deferred_qc) is not canceled when cleared, allowing a WARN_ON() condition to fire later if ap->ops->qc_defer() returns non-zero. The root cause is that, althou...
CVE-2026-31513
Summary: CVE-2026-31513 affects the Linux kernel Bluetooth L2CAP code. A stack-out-of-bounds read occurs in l2cap_ecred_conn_req when handling a malformed Enhanced Credit Based Connection Request with more SCIDs than allowed. The bug arises from computing rsp_len before validating the number of S...
CVE-2026-31544
The CVE-2026-31544 issue affects the Linux kernel firmware component arm_scmi, where the helper __scmi_event_handler_get_ops could yield a NULL instead of an ERR_PTR when an event handler is missing or not created. This caused a NULL dereference in the notify error path, potentially leading to a ...
CVE-2026-31584
CVE-2026-31584 - Linux kernel (MediaTek vcodec) use-after-free in encoder release path : The fops_vcodec_release() frees the context (ctx) without cancelling or synchronizing pending/running encode work, allowing the mtk_venc_worker to dereference freed ctx. Root cause: v4l2_m2m_ctx_release() wai...
CVE-2026-31765
Summary: CVE-2026-31765 affects the Linux kernel AMDGPU driver. A mismatch between the reserved trap area (AMDGPU_VA_RESERVED_TRAP_SIZE) and the allocated KFD GPU memory on systems with 64KB pages can cause a kernel crash, including a NULL pointer dereference, when running certain GPU tests (e.g....
CVE-2026-31766
The CVE-2026-31766 issue affects the Linux kernel AMDGPU driver: amdgpu_userq_get_doorbell_index() passes user-supplied doorbell_offset to amdgpu_doorbell_index_on_bar() without proper bounds checking. An arbitrarily large doorbell_offset can drive the computed doorbell index outside the allocate...
CVE-2026-43176
The CVE-2026-43176 entry refers to a vulnerability in the Linux kernel’s rtw89 WiFi driver (PCI path) affecting RTL8922DE where release report content was not properly validated. This could cause a crash (DoS) when handling a malformed TX release report. The root cause is insufficient validation ...
CVE-2026-43192
The provided sources describe CVE-2026-43192 as a Linux kernel issue in the device-mapper multipath (dm mpath) subsystem. A missing cleanup (dm_put_device) when failing to retrieve the SCSI handler name during path parsing (scsi_dh_attached_handler_name) could leak references to the path device. ...
CVE-2026-52918
The CVE-2026-52918 entry concerns a race in the Linux kernel Bluetooth subsystem. Specifically, bt_sock_poll() traverses the accept_q without proper synchronization, allowing a race between normal polling and child socket teardown which can drop the last reference on the same socket. The advisory...
CVE-2026-52921
CVE-2026-52921 : In the Linux kernel, netfilter ipset hash:* range iteration could continue past the upper bound when iterating IPv4 ranges, due to a 32-bit iterator not stopping at the end. This allowed traversal state to move past the requested boundary and potentially affect retries. The issue...
CVE-2026-52928
CVE-2026-52928 affects the Linux kernel af_unix implementation. In non-stream sockets (e.g., SOCK_DGRAM, SOCK_SEQPACKET), SIOCATMARK is incorrectly handled for MSG_OOB and should be rejected; the fix returns -EOPNOTSUPP before inspecting the receive queue. Multiple advisories note the issue is re...
CVE-2026-53128
CVE-2026-53128 affects the Linux kernel DRBD path, specifically drbd_adm_dump_devices(). The root cause is that rcu_read_lock() was not held across the RCU read section before rcu_read_unlock(), as flagged by the Clang thread-safety analyzer. The CVE is tracked in OSV and Debian advisories, with ...
CVE-2026-53203
CVE-2026-53203 affects the Linux kernel’s accel/ivpu component. A buffer overflow can occur when the firmware returns a metric-stream info size larger than the allocated buffer during get_info_ioctl; if this happens, the operation could copy beyond the buffer. Remediation implemented in the publi...
CVE-2026-53248
In Linux kernel, the airoha net driver has a use-after-free in metadata_dst teardown (CVE-2026-53248). The airoha_metadata_dst_free() function frees the metadata_dst with kfree() immediately, bypassing the RCU grace period, while the RX path may hold a non-refcounted pointer from skb to the dst v...
CVE-2026-53261
The CVE-2026-53261 issue affects the Linux kernel devlink path: when a devlink instance obtains a nested relation before registration and probe later fails, devl_unregister() does not run for an unregistered instance, leaking devlink->rel. The fix releases any pending relation from devlink_fre...
CVE-2026-53308
The CVE-2026-53308 issue concerns the Linux kernel max77705 power supply driver. The root cause is improper management of a workqueue and interrupt handlers during device removal, which could lead to use-after-free of memory after the workqueue is destroyed but before the interrupt is freed via t...
CVE-2026-53310
CVE-2026-53310 affects the Linux kernel’s soc/tegra: cbb component. The root cause was a misused base address during target timeout lookup: the code read target timeout registers from cbb->regs while applying offsets from a different fabric’s target map, which could trigger a kernel page fault...
CVE-2026-53313
CVE-2026-53313 is a Linux kernel vulnerability in the drm/amd/display path where NULL pointer dereference can occur in logging paths. Specifically, in dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(), code checked if (!dc_dmub_srv || !dc_dmub_srv->dmub) and then invoked DC...
CVE-2026-23432
CVE-2026-23432 : In the Linux kernel mshv component, there is a use-after-free in the error path of mshv_map_user_memory . The problem occurs when, in the error path, the code calls vfree() directly on a region while the MMU notifier remains registered; if userspace later unmaps that memory, the ...
CVE-2026-31535
Summary: CVE-2026-31535 affects the Linux kernel SMB client receive credit management. A race in handling smbdirect_socket.recv_io.credits.available can cause over- or under-counted credits, potentially destabilizing the SMB receive path. The root cause is a window where a peer might have consume...
CVE-2026-31757
CVE-2026-31757 affects the Linux kernel USB subsystem (usbio). The issue is a memory leak where, if usb_submit_urb() fails during device probing (usbio_probe()), the previously allocated URB is not freed. The fix directs control flow to an error path (err_free_urb) to properly release the URB and...
CVE-2026-53141
The CVE-2026-53141 issue affects the Linux kernel drm/v3d driver’s global performance monitor reference counting. The root cause is leaking references obtained by v3d_perfmon_find(): (1) the SET_GLOBAL_ioctl path leaks on error, (2) CLEAR_GLOBAL leaks the find reference and the earlier stash of t...
CVE-2026-53156
The CVE-2026-53156 entry concerns a Linux kernel vmem core use-after-free in error paths. The description specifies that several error paths call __nvmem_device_put() which may free the underlying memory and other resources, and the code may continue to use the nvmem structure. The fix is to ensu...
CVE-2026-53210
The CVE-2026-53210 issue is in the Linux kernel’s Trusted Execution Environment (TEE) subsystem. A shm leak occurs in register_shm_helper() when TEE_IOC_SHM_REGISTER registers a zero-length shared memory, because shm is allocated before iov_iter_npages() and not freed if it returns 0; the code pa...
CVE-2026-23299
CVE-2026-23299 relates to a Linux kernel Bluetooth issue where, when TX timestamping is enabled (SO_TIMESTAMPING), SKBs may be queued in the sk_error_queue during socket destruction and could leak if unread or if the controller is removed. The fixed mitigation is the addition of skb_queue_purge()...
CVE-2026-53233
CVE-2026-53233 concerns the Linux kernel: a double-free in netdev_nl_bind_rx_doit() linked to how genlmsg_reply() consumes the skb. The error path calls nlmsg_free(rsp) and the code should not unbind; instead the error is propagated to the user. This aligns with the description that such issues s...
CVE-2026-53162
Summary (CVE-2026-53162) : In the Linux kernel memcg subsystem, a non-NMI-safe path around random-number generation during NMI handling could corrupt the ChaCha batch state, enabling memcg charge draining. The fix replaces the get_random_u32_below() path with a per-CPU round-robin counter stored ...
CVE-2026-53188
The CVE-2026-53188 entry concerns a Linux kernel RDMA/core flaw where fops passed to ib_get_ucaps() could be spoofed via a block device sharing a dev_t with a character device (char/block alias). The root cause is insufficient validation of f_ops, allowing a local attacker with access to device n...