5 matches found
CVE-2025-40082
CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...
CVE-2026-46146
CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...
CVE-2026-45924
Summary: CVE-2026-45924 affects ksmbd in the Linux kernel. The vulnerability arises because ksmbd_vfs_kern_path_end_removing() is not called on certain error paths, leaving inode locks and references unbalanced after a prior ksmbd_vfs_kern_path_start_removing(). This can cause potential deadlocks...
CVE-2026-43057
CVE-2026-43057 concerns the Linux kernel networking stack. The issue arises in how IPv6 traffic with extension headers or with no inner IP protocol is processed when using IPV6_CSUM GSO fallback. The fix, described in the CVE entry and corroborated by Debian/Red Hat advisories, changes the fallba...
CVE-2025-71126
CVE-2025-71126 relates to the Linux kernel MPTCP code and describes a deadlock when reinjecting during fallback. The issue occurs in mptcp_connect trying to acquire msk->fallback_lock while the task already holds it in __mptcp_retrans, creating a potential recursive lock and double-lock scenar...