19 matches found
CVE-2025-21629
CVE-2025-21629: Linux kernel vulnerability where NETIF_F_IPV6_CSUM offload for BIG TCP/IPv6 packets with extension headers was disabled by a commit; this caused skb_warn_bad_offload to fire for large TCP packets. The issue is resolved by reverting the change and re-enabling IPv6 CSUM offload for ...
CVE-2025-23149
CVE-2025-23149 refers to a Linux kernel vulnerability in TPM handling. The issue is triggered when TPM_CHIP_FLAG_SUSPENDED is checked after tpm_find_get_ops(), which can spuriously invoke tpm_chip_start() while the TPM chip is suspended. The provided logs show a sequence leading to a potential tr...
CVE-2024-57852
CVE-2024-57852 affects the Linux kernel firmware: qcom: scm: smc handling of missing SCM device. The root cause is a NULL pointer dereference in qcom_scm_get_tzmem_pool(), which may return NULL and requires callers to handle it. The issue is addressed by the commit ca61d6836e6f, which makes the n...
CVE-2025-39688
CVE-2025-39688: In the Linux kernel NFS server, the fix for nfsd addresses handling of delegated states. The change adds SC_STATUS_FREEABLE to nfs4_lookup_stateid()'s always-allowed status mask, ensuring revoked delegations can be located when searching by stateid. It also removes SC_STATUS_FREEA...
CVE-2024-57805
CVE-2024-57805: In the Linux kernel ASoC: SOF: Intel: hda-dai, the link DMA was released on STOP, enabling a potential stream mix-up if a new stream starts before the previous is fully closed. This may lead to firmware errors or a crash. Root cause: releasing the link DMA on STOP rather than wait...
CVE-2025-21657
CVE-2025-21657 relates to the Linux kernel sched_ext component. The root cause was that scx_ops_bypass() re-enqueued scx tasks across CPUs by acquiring rq_lock() for online CPUs regardless of CPU state, which could trigger a spurious rq_pin_lock() warning. The fix replaces rq_lock() with raw_spin...
CVE-2024-57844
CVE-2024-57844 – Linux kernel (drm/xe): A fault occurs when a userspace fd is kept open, the device is unbound, and the fd is closed; the driver may dereference hardware state, leading to a kernel page fault. The upstream fix guards the critical section with drm_dev_enter()/drm_dev_exit() to avoi...
CVE-2025-38124
CVE-2025-38124 affects the Linux kernel UDP GSO fraglist handling. The vulnerability arises when a frag_list GSO skb has part of its payload pulled into head_skb, causing the frag_list SKBs to lose their expected geometry and triggering a failure in skb_segment. The description specifies the inva...
CVE-2024-57891
The CVE refers to a Linux kernel issue fixed in the sched_ext subsystem: an invalid IRQ restore could occur due to improper conversion of an inner rq_unlock_irqrestore() to rq_unlock() when adding outer irqsave/restore locking in scx_ops_bypass(). This could lead to the IRQs being re-enabled at a...
CVE-2025-21897
CVE-2025-21897: Linux kernel sched_ext vulnerability where pick_task_scx() could return non-queued tasks if balance() wasn’t called. The fix adds a workaround to emulate SCX_RQ_BAL_KEEP only when preceding balance_scx() is missing, and corrects the prior test that used @prev to decide if a task w...
CVE-2025-39770
CVE-2025-39770 affects the Linux kernel’s GSO/TSO handling for IPv6. When performing GSO on IPv6 packets with extension headers, the kernel may request checksum offload even though the egress device only advertises NETIF_F_IPV6_CSUM, which explicitly does not support offloading for packets with e...
CVE-2025-38683
CVE-2025-38683 affects hv_netvsc in the Linux kernel. The issue arises during namespace deletion when a VF NIC is moved to a new namespace and then back, causing netdev list handling to dereference NULL and trigger a kernel panic. The supplied references describe the root cause as a race in defau...
CVE-2026-23002
CVE-2026-23002 affects the Linux kernel’s buildid path. The fix switches the sleepable context reader to use __kernel_read() for reading file data instead of direct page cache access via read_cache_folio(), reducing the risk of a NULL pointer dereference in filemap_read_folio. The patch keeps exi...
CVE-2025-38628
CVE-2025-38628 affects the Linux kernel mlx5 vdpa path. The issue was a resource cleanup bug where cleanup paths could operate on uninitialized resources, triggering a splat when adding a vdpa device without a MAC address. The fixes ensure mlx5_vdpa_free() is the single entrypoint for removing vd...
CVE-2026-31648
Summary of CVE-2026-31648 (Linux kernel) • Affects the kernel vulnerability in filemap handling: nr_pages overflow in filemap_map_pages() can cause set_pte_range() to map beyond the size of a large folio, potentially corrupting page metadata. • Root cause (as documented): race condition between f...
CVE-2025-71080
CVE-2025-71080 involves a race in the Linux kernel on PREEMPT_RT where rt6_get_pcpu_route() may return NULL and allow another task on the same CPU to install a pcpu_rt entry, causing a later cmpxchg() failure and a BUG_ON(prev). The fix makes the cmpxchg() failure graceful by freeing the allocati...
CVE-2026-43392
Summary (CVE-2026-43392) : In the Linux kernel, the sched_ext vulnerability causes a potential DoS by starving the enable path in scx_enable() when fair-class workloads saturate the system. The root cause is a switch of the calling thread’s sched_class from fair to ext during the READY→ENABLED lo...
CVE-2026-31644
CVE-2026-31644 affects the Linux kernel LAN966X network driver. The issue arises in lan966x_fdma_reload() when allocation of new RX buffers fails, causing the restore path to restart DMA with old descriptors whose pages were already freed, and because page_pool_put_full_page() can release pages b...
CVE-2026-23390
CVE-2026-23390 : In the Linux kernel, the tracing/dma subsystem fixes a potential perf buffer overflow in the dma_map_sg tracepoint when handling large scatter-gather lists (e.g., large DRM buffers). The patch caps the three dynamic arrays at 128 entries using min() to prevent excessive allocatio...