CVE-2023-53337

The CVE concerns the Linux kernel nilfs2 subsystem. After metadata corruption is detected, nilfs2 may degenerate to read-only mode and still perform log writes, causing mark_buffer_dirty() to be invoked on buffer heads lacking the uptodate flag. The vulnerability arises from writes to a read‑only...

CVE-2023-53346

The CVE-2023-53346 entry concerns a memory-leak in the Linux kernel’s kernel/fail_function logic. The issue occurs when using debugfs_lookup(): the returned object must be released with dput(), otherwise memory leaks accrue over time. The associated advisories indicate a straightforward remediati...

CVE-2023-53403

CVE-2023-53403: Linux kernel vulnerability in time/debug causing potential memory leak when using debugfs_lookup(). The issue arises because the result of debugfs_lookup() must be dput()-ed; if not, memory leaks occur over time. The documented mitigation is to replace the call with debugfs_lookup...

CVE-2026-31576

CVE-2026-31576 affects the Linux kernel hackrf driver. A race condition allows use-after-free and double-free when memory for the hackrf device is freed on the error path after probe() has registered the device. Open file descriptors and in-flight I/O can still reference the device while v4l2/vid...

CVE-2026-31578

CVE-2026-31578: Linux kernel as102_usb driver race leads to use-after-free/double-free when a device is deregistered while an open FD remains. The crash arises from freeing as102_dev_t after usb_register_dev() and before the final FD is closed; the fix defers freeing to the .release() path, ensur...

CVE-2022-50261

Summary (CVE-2022-50261) : Linux kernel drivers for STI DRM (sti_hda.c, sti_dvo.c, sti_hdmi.c) used an int return type for mode_valid(), but the drm_connector_helper_funcs prototype requires returning an enum drm_mode_status. This mismatch can trigger a CFI (kCFI) failure and runtime problems (ke...

CVE-2022-50286

In Linux kernel ext4, a delayed allocation bug occurs when converting files with inline data to extents on filesystems using both bigalloc and inline. The code path in ext4_clu_mapped() can search a non-existent extent tree (due to inline data) and cache invalid/garbage entries in the extent stat...

CVE-2022-50306

CVE-2022-50306 concerns a Linux kernel issue in ext4 where ext4_fc_replay_scan() could perform an out-of-bounds read during journal scan if the remaining space is smaller than EXT4_FC_TAG_BASE_LEN. The root cause is insufficient bounds checking for the three journal scan tags (ADD_RANGE/HEAD/TAIL...

CVE-2022-50320

The CVE-2022-50320 issue is a Linux kernel ACPI FPDT FPDT table bug where invalid physical addresses trigger ioremap warnings and an oops. The root cause is calling acpi_os_map_memory() on an invalid phys address; a fix adds a validation step to prevent mapping invalid addresses. The description ...

CVE-2022-50328

CVE-2022-50328 affects the Linux kernel component jbd2. It describes a use-after-free in jbd2_fc_wait_bufs caused by using bh after releasing the buffer head reference, with the recommended fix: validate uptodate status of the buffer before putting the buffer head reference count. The incident is...

CVE-2022-50379

CVE-2022-50379 involves the Linux kernel btrfs quota handling. The issue occurs during quota enabling: after committing the transaction, the quota_root is assigned and BTRFS_FS_QUOTA_ENABLED is set, then the code starts the qgroup rescan worker via qgroup_rescan_init(). If that init fails, the qu...

CVE-2023-53182

Technical details about CVE-2023-53182 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2023-53246

CVE-2023-53246 (Linux kernel, CIFS DFS upcall) : When CONFIG_CIFS_DFS_UPCALL is disabled, cifs_dfs_d_automount becomes NULL and the CIFS DFS referral handling can trigger a NULL pointer dereference in VFS follow_automount() while traversing a DFS referral. The fix adds an inline cifs_dfs_d_automo...

CVE-2023-53297

CVE-2023-53297 — Linux kernel Bluetooth L2CAP vulnerability : The issue arises in the L2CAP disconnect response path where conn->chan_lock is not held before calling l2cap_get_chan_by_scid; if that function returns NULL, a “bad unlock balance” condition can be triggered, potentially impacting ...

CVE-2023-53318

CVE-2023-53318 affects the Linux kernel and is associated with memory leaks in the recordmcount flow, specifically in the uwrite function. The vulnerability’s impact is listed as local access with medium base severity (CVSSv3.1: AV Local, AC Low, PR Low, UI None, S Unchanged, C None, I None, A Hi...

CVE-2026-31579

The CVE-2026-31579 issue affects the Linux kernel’s WireGuard integration where wg_netns_pre_exit() manually acquired rtnl_lock(), risking a hung task when another thread holds the RTNL mutex. The vulnerability is mitigated by moving the cleanup to the .exit_rtnl hook (which the framework already...

CVE-2026-43057

CVE-2026-43057 concerns the Linux kernel networking stack. The issue arises in how IPv6 traffic with extension headers or with no inner IP protocol is processed when using IPV6_CSUM GSO fallback. The fix, described in the CVE entry and corroborated by Debian/Red Hat advisories, changes the fallba...

CVE-2022-50359

CVE-2022-50359 affects Linux kernel media driver cx88: null-ptr-deref in buffer_prepare() when cx88_risc_buffer() fails, leading to empty buffer and null-ptr-deref in buffer_queue(). The issue is fixed by validating the return value of cx88_risc_buffer() before use. Affected reports in connected ...

CVE-2023-53387

The CVE-2023-53387 issue affects the Linux kernel SCSI/UFS stack. In the UFS error handling flow, when a device management NOP OUT times out and doorbell clearing also fails, the dev_cmd.complete pointer is not NULL, causing __ufshcd_transfer_req_compl() to call complete() on a stack-allocated st...

CVE-2022-50334

CVE-2022-50334: In the Linux kernel, hugetlbfs_parse_param() dereferenced param->string when a zero-length fs parameter could yield null, due to vfs_parse_fs_string setting string to NULL. This NULL-ptr-deref was triggered when illegal parameters like size=, were parsed. The fix adds a sanity ...

CVE-2023-53395

The CVE-2023-53395 entry refers to ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer. The issue arises from ASL Timer instructions that require no argument; without AML_NO_OPERAND_RESOLVE, interpreting the Timer instruction could produce an error, and the fix adds AML_NO_OPERAND_RESOLVE to the Tim...

CVE-2026-31577

CVE-2026-31577 affects the Linux kernel nilfs2 filesystem. The vulnerability is a NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map during GC if NILFS_IOCTL_CLEAN_SEGMENTS is invoked immediately after mount, before any btree operation on the DAT inode. The root cause is i_assoc_inode...

CVE-2026-31580

CVE-2026-31580 affects the Linux kernel (bcache component). The issue is a use-after-free in cached_dev.sb_bio when a device is stopped while a superblock write is in progress, which can cause a crash/DoS through libceph I/O paths. Public reports align on this being resolved by patching bcache to...

CVE-2026-31581

CVE-2026-31581 affects the Linux kernel ALSA 6fire USB audio driver. The issue is a use-after-free in usb6fire_chip_abort() where the chip structure is allocated as the card’s private data and, after snd_card_free_when_closed() frees the card (when no file handles are open), a later write to chip...

CVE-2026-43131

CVE-2026-43131 affects the Linux kernel DRM AMD PM path. When SMU is disabled during Reliability, Availability, and Serviceability (RAS) initialization, a null pointer dereference can occur in drm/amd/pm, potentially causing a system crash (DoS). Public-availability details come from multiple sou...

CVE-2026-31575

The CVE-2026-31575 issue affects the Linux kernel mm/userfaultfd code, where hugetlb fault mutex hashing used linear_page_index() (PAGE_SIZE units) instead of huge-page units, causing different mutexes to be used for addresses within the same huge page. The mismatch can allow races between faulti...

CVE-2026-31609

CVE-2026-31609 affects the Linux kernel SMB client; the double-free occurs in smbd_free_send_io() after smbd_send_batch_flush() because smbd_send_batch_flush() already frees via smbd_free_send_io() and has been moved to the batch list. The issue has been addressed in multiple advisories and patch...

CVE-2026-31582

CVE-2026-31582 affects the Linux kernel hwmon powerz driver. A use-after-free occurs when a USB disconnect frees the URB and mutex, and a subsequent powerz_read() can dereference the freed URB in powerz_read_data(). The fix, as described across sources, is to set priv->urb to NULL in powerz_di...

CVE-2026-31583

The CVE-2026-31583 issue affects the Linux kernel em28xx media driver. A race in em28xx_v4l2_open() occurs because dev->v4l2 is read without holding dev->lock, racing with em28xx_v4l2_init()/em28xx_v4l2_fini() that free the structure and set dev->v4l2 to NULL under lock. This leads to us...

CVE-2026-31584

CVE-2026-31584 - Linux kernel (MediaTek vcodec) use-after-free in encoder release path : The fops_vcodec_release() frees the context (ctx) without cancelling or synchronizing pending/running encode work, allowing the mtk_venc_worker to dereference freed ctx. Root cause: v4l2_m2m_ctx_release() wai...