6 matches found
CVE-2025-40082
CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...
CVE-2025-38736
Technical details about CVE-2025-38736 are not provided in the connected documents. The initial description notes a Linux kernel MDIO PHY address masking fix (mask with 0x1f) in net: usb: asix_devices to prevent OOB/invalid MDIO addresses. Connected advisories reference the CVE, but do not supply...
CVE-2025-39965
CVE-2025-39965 concerns the Linux kernel where xfrm_alloc_spi incorrectly treated 0 as a valid SPI. A state with x->id.spi == 0 was added to the byspi list, and __xfrm_state_delete failed to remove such states, leading to a use-after-free vulnerability on list traversal. The issue is resolved ...
CVE-2026-46146
CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...
CVE-2026-45924
Summary: CVE-2026-45924 affects ksmbd in the Linux kernel. The vulnerability arises because ksmbd_vfs_kern_path_end_removing() is not called on certain error paths, leaving inode locks and references unbalanced after a prior ksmbd_vfs_kern_path_start_removing(). This can cause potential deadlocks...
CVE-2026-31559
This CVE (CVE-2026-31559) affects the LoongArch implementation in the Linux kernel. The issue is a missing NULL check in kstrdup() during device-tree processing, fixed by replacing of_find_node_by_path("/") with of_root to avoid multiple of_node_put() calls, and by preventing a kernel oops during...