9 matches found
CVE-2022-49872
The CVE-2022-49872 issue affects the Linux kernel’s net: gso path. A GRO packet can have its gso_size changed and the existing assumption that checking the first list_skb member is sufficient is violated when skbs on the frag_list have differing head_frag heads. This can trigger a BUG_ON in skb_s...
CVE-2023-52781
CVE-2023-52781 concerns the Linux kernel USB config BOS descriptor handling. In usb_get_bos_descriptor(), an iteration issue occurs when skipping USB_DT_DEVICE_CAPABILITY, causing the same descriptor to be read repeatedly. The fix introduces a goto to advance the pointer and bytes read so the fun...
CVE-2026-23240
In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...
CVE-2025-71097
Technical details for CVE-2025-71097 are not provided in the connected documents. The sources confirm the CVE exists and is tracked in various advisories, but no further product/version/impact/fix specifics are included here. Monitor vendor advisories for updates.
CVE-2026-23242
CVE-2026-23242 affects the Linux kernel RDMA/siw header processing: siw_tcp_rx_data may dereference a NULL qp->rx_fpdu if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(). The fix adds a NULL check for rx_fpdu before accessing more_ddp_segs, preventing the NULL pointer dereference. P...
CVE-2025-71112
The CVE-2025-71112 entry concerns the Linux kernel net/hns3 VLAN handling. A VLAN ID may be used without validation when receiving a VLAN configuration mailbox from a VF, because vlan_del_fail_bmap length (BITS_TO_LONGS(VLAN_N_VID)) can permit out-of-bounds access if the VLAN ID is >= VLAN_N_V...
CVE-2025-39961
Summary. CVE-2025-39961 covers a race in the AMD IOMMU pgtable path where unmap may read pgtable->[root/mode] without a lock while the driver increases address space. This can lead to reading a mismatched page-table level, causing iommu_unmap to fail and upper layers to log WARN_ON. The fix, i...
CVE-2022-50365
CVE-2022-50365 pertains to the Linux kernel's skb tail handling during pull operations. The issue can arise when a program uses helpers like BPF_FUNC_skb_pull_data to read content beyond the skb headlen if all fragments are linear, potentially triggering a kernel BUG in net/core/skbuff.c:4219. Th...
CVE-2026-23292
CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...