7 matches found
CVE-2025-37811
CVE-2025-37811 is a Linux kernel vulnerability in the USB chipidea ci_hdrc_imx driver. The root cause is an unsafe dereference of data->usbmisc_data when usbmisc is NULL; the fix adds a guard before dereferencing the pointer. Reported under CVSSv3.1: AV Local, AC Low, PR Low, UI None, S U, C a...
CVE-2025-37964
CVE-2025-37964 affects the Linux kernel’s x86/mm path, specifically a window during mm switching where an IPITLB flush could be suppressed. The root cause: should_flush_tlb() could skip TLB flushes between load_new_mm_cr3() and writing loaded_mm, in a window labeled LOADED_MM_SWITCHING. The fix: ...
CVE-2025-38031
CVE-2025-38031 is a Linux kernel issue in the padata subsystem where a parallel_data refcount is incremented unconditionally by a patch, allowing a refcount leak if queue_work() returns that the work is already queued. The described fix is to check queue_work()’s return value and decrement the re...
CVE-2025-38569
CVE-2025-38569 (Linux kernel benet) arises from a bug in the be2net SR-IOV VF MAC address configuration flow where be_cmd_set_mac_list() calls dma_free_coherent() while still under spin_lock_bh, leading to a kernel crash (BUG at mm/vmalloc.c and OOPs) when SR-IOV VFs are created. The linked advis...
CVE-2026-43061
CVE-2026-43061 (Linux kernel): The serial8250 TX DMA deadlock was fixed. The root cause was that dmaengine_terminate_async did not guarantee the __dma_tx_complete callback would run, and that callback is the only place where dma->tx_running is cleared. If a TX DMA transaction is canceled and t...
CVE-2026-53273
CVE-2026-53273 describes a use-after-free in the Linux kernel TEE/OP-TEE path. When a client exits before the supplicant finishes processing, freed request memory could be dereferenced, enabling a potential crash or code execution path. The root cause is a race around request lifetime between the...
CVE-2026-43382
Summary: CVE-2026-43382 affects the Linux kernel batman-adv component. The issue arises when batadv_v_elp_get_throughput() runs with the RTNL lock already held, which could cause a deadlock during cancellation of a work item. The fix switches to rtnl_trylock to skip ethtool retrieval if the RTNL ...