Lucene search
K
LinuxLinux Kernel6.11.11

13 matches found

CVE
CVE
added 2025/04/18 7:1 a.m.166 views

CVE-2025-39735

CVE-2025-39735 affects the Linux kernel's JFS: a slab-out-of-bounds read in ea_get() can occur when processing extended attributes. The root cause is an overflow during clamping of ea_size against EALIST_SIZE(ea_buf->xattr) due to int upper-bound handling, causing a negative size to be used in...

7.1CVSS6.6AI score0.00215EPSS
CVE
CVE
added 2025/01/06 4:20 p.m.124 views

CVE-2024-56766

The CVE-2024-56766 issue affects the Linux kernel’s MTD/NAND path (mtd: rawnand) with a double-free in atmel_pmecc_create_user(). The root cause is allocating the user object with kzalloc() and then freeing it with kfree() after converting the allocation to devm_kzalloc(), leading to a use-after-...

7.8CVSS6.6AI score0.00217EPSS
CVE
CVE
added 2025/01/21 12:1 p.m.124 views

CVE-2024-57935

The CVE-ID describes a Linux kernel flaw in RDMA/hns: when destroying a QP, an invalid dip_ctx pointer could be accessed if the QP could not be modified to RTR, due to the dip_ctx not being attached. This is a local-attack surface with potential kernel access to cause a denial of service or crash...

5.5CVSS6.9AI score0.00172EPSS
CVE
CVE
added 2025/05/08 6:26 a.m.102 views

CVE-2025-37813

CVE-2025-37813 concerns the Linux kernel USB xHCI Etron workaround. The vulnerability arises in the enqueue path during the Etron workaround where code can dereference a pointer after enqueuing to the final link TRB, and then access pointer + 1, which can crash the kernel or cause a NOOP in the l...

5.5CVSS6.7AI score0.00149EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.82 views

CVE-2025-22048

Summary of CVE-2025-22048 (Linux kernel LoongArch BPF issue) : The problem was triggered by sign-extending the BPF return value. After commit 73c359d1d356, a5 (BPF return value) was sign-extended to a0, and for native calls the a0 value was propagated back to a5. For bpf2bpf calls this propagatio...

5.5CVSS6.4AI score0.00175EPSS
CVE
CVE
added 2025/01/11 12:29 p.m.66 views

CVE-2024-54191

CVE-2024-54191 affects the Linux kernel Bluetooth stack (ISO). The issue arises from a circular lock between the socket lock and hdev lock in the ISO path. The fix reworks iso_sock_recvmsg and related code so that the socket lock is released before acquiring hdev, breaking the circular dependency...

5.5CVSS6.5AI score0.00135EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.49 views

CVE-2025-38588

CVE-2025-38588 affects the Linux kernel IPv6 path: an infinite loop in rt6_nlmsg_size() due to list_del_rcu() interactions with rt6_nh structures, potentially causing denial of service. The patch reworks the loop by restarting when f6i->fib6_nsiblings is zero, and kernel live patches/advisorie...

5.5CVSS7.1AI score0.00147EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.45 views

CVE-2025-38587

CVE-2025-38587 affects the Linux kernel IPv6 code: fib6_info_uses_dev() may loop indefinitely due to relying on RCU without explicit protection, risking an infinite loop if anchors are removed by fib6_del_route() or fib6_add_rt2node(). The vulnerability has been resolved in the kernel; advisories...

5.5CVSS7.1AI score0.00147EPSS
CVE
CVE
added 2026/01/23 2:15 p.m.32 views

CVE-2025-71151

CVE-2025-71151 concerns the Linux kernel CIFS SMB3 reconfiguration path. In smb3_reconfigure(), when smb3_sync_session_ctx_passwords() fails, the function returns without freeing and erasing the newly allocated new_password and new_password2, causing a memory leak and potential information leak. ...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.30 views

CVE-2026-45973

CVE-2026-45973 affects the Linux kernel’s RDMA/mlx5 driver. A race during firmware reset in LAG mode could cause the driver to hang indefinitely while waiting for UMR completion on device unload, because the master/bond device would miss slave sys_error events. The fix adds a sys_error notifier r...

5.5CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.25 views

CVE-2026-23010

CVE-2026-23010 is a Linux kernel use-after-free affecting inet6_addr_del() in IPv6 address deletion. The issue arises from the commit that moved ipv6_del_addr() for temporary addresses before reading the ifp->flags, causing a UAF in inet6_addr_del() when handling inet6_ifaddr during address de...

7.8CVSS5.2AI score0.00182EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.20 views

CVE-2026-31772

The CVE-2026-31772 issue affects the Linux kernel Bluetooth HCI path. The root cause is a stack buffer overflow in hci_le_big_create_sync where DEFINE_FLEX allocates a stack struct for BIS entries with room for 17, but conn->num_bis can be up to 31, leading to a memcpy that can write beyond th...

7.8CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53251

CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....

5.5CVSS5.7AI score0.00175EPSS