8 matches found
CVE-2025-21728
CVE-2025-21728: Linux kernel vulnerability where BPF programs in non-preemptible contexts calling bpf_send_signal() can sleep, causing issues. The fix changes irqs_disabled() to !preemptible(). Affects kernels with BPF support; CVSSv3.1 base 5.5 (LOCAL, LOW privileges, NONE user interaction, HIGH...
CVE-2025-37997
CVE-2025-37997 corresponds to a race in Linux kernel/ipset region locking for hash types. The issue arises from incorrect region lock handling in region macros (ahash_bucket_start/end/ahash_region), enabling a race between the garbage collector and adding elements when timeouts are used. Connecte...
CVE-2025-23144
The CVE-2025-23144 issue affects the Linux kernel backlight subsystem (led_bl/led_sysfs). Root cause: led_sysfs_enable() was not guaranteed to run with the led_access lock held, leading to a lockdep warning during led-backlight removal; the patch enforces holding the led_access lock when calling ...
CVE-2026-31418
CVE-2026-31418 is a Linux kernel vulnerability in netfilter/ipset mtype_del where drop of empty buckets is not performed correctly, leaving buckets with only deleted entries when n->pos points past them. The fix changes how a bucket is treated as empty: release the bucket directly when all pos...
CVE-2026-46053
CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...
CVE-2026-23351
CVE-2026-23351 affects the Linux kernel netfilter nft_set_pipapo data type. The issue is a use-after-free in the pipapo set when many elements are expired and the commit-time garbage collection (GC) can run for a long time in a non-preemptible context, triggering soft lockups and RCU stalls. The ...
CVE-2025-71137
CVE-2025-71137 relates to the Linux kernel, where the octeontx2-pf driver patch fixes a UBSAN shift-out-of-bounds error by ensuring the RX ring size (rx_pending) is not set below the permitted length. This prevents UBSAN faults when users pass small or zero ring sizes via ethtool -G. The fix is a...
CVE-2026-23379
CVE-2026-23379 affects the Linux kernel net/sched ETS offload path. The root cause was an overflow in WRR weight computation (q_sum, q_psum) due to using 32-bit unsigned integers, which could lead to division by zero. The documented fix is to switch q_sum and q_psum to 64-bit integers, preventing...