13 matches found
CVE-2025-39735
CVE-2025-39735 affects the Linux kernel's JFS: a slab-out-of-bounds read in ea_get() can occur when processing extended attributes. The root cause is an overflow during clamping of ea_size against EALIST_SIZE(ea_buf->xattr) due to int upper-bound handling, causing a negative size to be used in...
CVE-2024-56766
The CVE-2024-56766 issue affects the Linux kernel’s MTD/NAND path (mtd: rawnand) with a double-free in atmel_pmecc_create_user(). The root cause is allocating the user object with kzalloc() and then freeing it with kfree() after converting the allocation to devm_kzalloc(), leading to a use-after-...
CVE-2024-57935
The CVE-ID describes a Linux kernel flaw in RDMA/hns: when destroying a QP, an invalid dip_ctx pointer could be accessed if the QP could not be modified to RTR, due to the dip_ctx not being attached. This is a local-attack surface with potential kernel access to cause a denial of service or crash...
CVE-2025-37813
CVE-2025-37813 concerns the Linux kernel USB xHCI Etron workaround. The vulnerability arises in the enqueue path during the Etron workaround where code can dereference a pointer after enqueuing to the final link TRB, and then access pointer + 1, which can crash the kernel or cause a NOOP in the l...
CVE-2025-22048
Summary of CVE-2025-22048 (Linux kernel LoongArch BPF issue) : The problem was triggered by sign-extending the BPF return value. After commit 73c359d1d356, a5 (BPF return value) was sign-extended to a0, and for native calls the a0 value was propagated back to a5. For bpf2bpf calls this propagatio...
CVE-2024-54191
CVE-2024-54191 affects the Linux kernel Bluetooth stack (ISO). The issue arises from a circular lock between the socket lock and hdev lock in the ISO path. The fix reworks iso_sock_recvmsg and related code so that the socket lock is released before acquiring hdev, breaking the circular dependency...
CVE-2025-38588
CVE-2025-38588 affects the Linux kernel IPv6 path: an infinite loop in rt6_nlmsg_size() due to list_del_rcu() interactions with rt6_nh structures, potentially causing denial of service. The patch reworks the loop by restarting when f6i->fib6_nsiblings is zero, and kernel live patches/advisorie...
CVE-2025-38587
CVE-2025-38587 affects the Linux kernel IPv6 code: fib6_info_uses_dev() may loop indefinitely due to relying on RCU without explicit protection, risking an infinite loop if anchors are removed by fib6_del_route() or fib6_add_rt2node(). The vulnerability has been resolved in the kernel; advisories...
CVE-2025-71151
CVE-2025-71151 concerns the Linux kernel CIFS SMB3 reconfiguration path. In smb3_reconfigure(), when smb3_sync_session_ctx_passwords() fails, the function returns without freeing and erasing the newly allocated new_password and new_password2, causing a memory leak and potential information leak. ...
CVE-2026-45973
CVE-2026-45973 affects the Linux kernel’s RDMA/mlx5 driver. A race during firmware reset in LAG mode could cause the driver to hang indefinitely while waiting for UMR completion on device unload, because the master/bond device would miss slave sys_error events. The fix adds a sys_error notifier r...
CVE-2026-23010
CVE-2026-23010 is a Linux kernel use-after-free affecting inet6_addr_del() in IPv6 address deletion. The issue arises from the commit that moved ipv6_del_addr() for temporary addresses before reading the ifp->flags, causing a UAF in inet6_addr_del() when handling inet6_ifaddr during address de...
CVE-2026-31772
The CVE-2026-31772 issue affects the Linux kernel Bluetooth HCI path. The root cause is a stack buffer overflow in hci_le_big_create_sync where DEFINE_FLEX allocates a stack struct for BIS entries with room for 17, but conn->num_bis can be up to 31, leading to a memcpy that can write beyond th...
CVE-2026-53251
CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....