31 matches found
CVE-2026-31635
CVE-2026-31635 affects the Linux kernel rxrpc component. The vulnerability stems from an inverted length check in rxgk_verify_response(), where oversized RESPONSE authenticators can be accepted and later cause a contradictory length that leads to a BUG_ON(len) in skb_to_sgvec(). This can crash th...
CVE-2026-31636
Summary: CVE-2026-31636 affects the Linux kernel rxrpc subsystem. The root cause is in rxgk_verify_authenticator(), which copies auth_len into a temporary buffer and then uses p + auth_len as the parser limit. Because p is a __be32*, this inflates the parser end pointer by four, enabling a slab-o...
CVE-2025-38727
Linux kernel vulnerability CVE-2025-38727 affects netlink in the Linux kernel. A bug in netlink_attachskb() may cause an infinite retry loop when memory checks for skb->truesize against sk_rcvbuf are inconclusive (rmem + skb->truesize > sk_rcvbuf), potentially triggering an rcu_sched sta...
CVE-2026-23201
CVE-2026-23201: Linux kernel fix for ceph oops due to invalid pointer in kfree() within parse_longname(). Root cause was advancing the pointer to skip the initial '_' in ceph snapshot names, causing kfree() to receive an invalid pointer when listing .snap directories. The patch eliminates the poi...
CVE-2025-39807
CVE-2025-39807 : Open kernel vulnerability in Linux kernel's DRM/Mediatek path, where after a hotplug event the cursor update could dereference NULL old_state->crtc, causing a kernel panic. The connected security sources confirm the fix adds NULL pointer checks to ensure stability by preventin...
CVE-2026-45904
The CVE-2026-45904 issue affects the Linux kernel’s PowerPC EEH driver, where a restructuring workaround caused a recursive lock scenario around pci_lock_rescan_remove. The problem arose when EEH event handling briefly acquired the PCI bus lock while eeh_pe_bus_get() could also attempt the same l...
CVE-2026-46213
The CVE-2026-46213 issue affects the Linux kernel HID Apple keyboard driver (appletb-kbd). A use-after-free (UAF) in the inactivity-timer cleanup path during driver tear-down was fixed by reordering teardown: (1) call hid_hw_close()/hid_hw_stop() before backlight cleanup to prevent late callbacks...
CVE-2026-46121
The CVE-2026-46121 issue affects the Linux kernel DAMON sysfs interface (mm/damon/sysfs-schemes). A race between reads and writes of memcg_path and path can lead to a use-after-free when a user reads or writes the sysfs files while a buffer is being deallocated. The root cause is that user-direct...
CVE-2026-46050
CVE-2026-46050 : In the Linux kernel, the md/raid10 deadlock arises when an array check runs concurrently with NOWAIT IO. The check path raises a barrier and increments nr_pending, while NOWAIT requests return immediately and do not increment nr_pending, leading to a mismatch. Upstream changes (r...
CVE-2026-23358
CVE-2026-23358 affects the Linux kernel drm/amdgpu driver. The issue arises during slot reset error handling where an uninitialized hive pointer could be used to decide flow at the error path, potentially leading to accessing an uninitialized list. The fix initializes the list and hive properly a...
CVE-2026-23415
The CVE-2026-23415 issue affects the Linux kernel futex subsystem. A race occurs between futex_key_to_node_opt() reading vma->vm_policy under speculative mmap lock/RCU and mbind() calling vma_replace_policy(), which can free the old mempolicy via kmem_cache_free(). This leads to a use-after-fr...
CVE-2026-31641
The CVE-2026-31641 entry relates to the Linux kernel rxrpc token parsing bug. A heap buffer overflow could occur when rxrpc_preparse_xdr_yfs_rxgk() reads raw key and ticket lengths from an XDR token, applies round_up(x,4), and then uses the rounded values for validation/allocation, while the unro...
CVE-2026-31643
CVE-2026-31643 covers a Linux kernel rxrpc memleak in the key parsing path. In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk could leak on several error paths after allocation. The issue is mitigated by freeing the allocated memory in the reject_token: path. Technical cover...
CVE-2026-23148
CVE-2026-23148 describes a race in the Linux kernel’s nvmet path where a completed bio can be re-submitted and dereferenced after bio_uninit() clears bio->bi_blkg, leading to a NULL pointer dereference in blk_cgroup_bio_start(). The race occurs when nvmet_bio_done() and nvmet_req_complete() in...
CVE-2026-23430
The CVE-2026-23430 issue affects the Linux kernel DRM/vmwgfx component, where the KMS surface dirty tracker was being overwritten, leading to a memory leak. The vulnerability has been resolved in the kernel by correcting this behavior. Connected sources confirm the root cause and the fix are impl...
CVE-2026-31633
In the Linux kernel rxrpc subsystem, CVE-2026-31633 is addressed by fixing an integer overflow in rxgk_verify_response(). The bug arises when token_len is rounded up before the length check, allowing the check to be bypassed. The patch ensures the unrounded token_len is also compared against len,...
CVE-2026-31640
CVE-2026-31640 affects the Linux kernel rxrpc component. The issue occurs in rxrpc_post_response() where the code compares the challenge serial number using the newer packet private data instead of the cached/older response, causing the comparison to always be false and potentially preventing the...
CVE-2026-31632
CVE-2026-31632 affects the Linux kernel rxrpc component. The issue is a memory leak in rxgk_verify_response() caused by not cleaning up the rxgk context it creates; a fix has been applied to ensure the rxgk context is properly cleaned up. The available documents do not provide exploit details or ...
CVE-2026-31782
The CVE-2026-31782 entry describes a Linux kernel perf/x86 issue where an auto counter reload could group software events with the x86_hybrid_pmu inside intel_pmu_hw_config. A container_of operation in intel_pmu_set_acr_caused_constr (via the hybrid helper) could read memory out of bounds. The fi...
CVE-2026-46269
CVE-2026-46269 affects the Linux kernel pinctrl driver for canaan k230. A NULL pointer dereference occurs during devicetree parsing when probing k230_pinctrl_parse_functions() accesses info->pctl_dev->dev before pctl_dev is initialized, causing a kernel crash (local DoS). The root cause is ...
CVE-2026-53209
The CVE-2026-53209 issue affects the Linux kernel Bluetooth subsystem (hci_sync). When hci_adv_bcast_annoucement() tries to prepend the Broadcast Announcement service data to an already-full extended advertising payload, the combined data could exceed the temporary buffer used to rebuild advertis...
CVE-2026-23008
CVE-2026-23008 affects the Linux kernel drm/vmwgfx path on HW version 10. The issue arises in KMS with 3D on HW10 when there are no GB Surfaces and no backing buffer for surface-backed framebuffers, leading to a possible NULL dereference and a driver crash that can cause a black screen. A fix was...
CVE-2026-23402
CVE-2026-23402 affects the Linux kernel KVM MMU on x86. The issue arises when overwriting a shadow-present SPTE with a different PFN, where KVM’s sanity check could allow harmful state changes in direct MMUs (i.e., MMUs without shadowed gPTEs). The problem is tracked in KVM’s mmu_set_spte path, a...
CVE-2026-31631
The CVE-2026-31631 issue concerns the Linux kernel’s rxrpc path, specifically a buffer overread in rxgk_do_verify_authenticator(). The vulnerability arises because the function checks the nonce before validating the buffer size, potentially reading beyond the allocated memory. A fix has been appl...
CVE-2026-23009
CVE-2026-23009 is a Linux kernel vulnerability in the xHCI sideband code where xhci_sideband_remove_endpoint() could dereference a non-existent transfer ring (ep->ring) during suspend/resume or re-enumeration, risking a crash. The fix adds a guard to only dereference ep->ring if it exists a...
CVE-2026-23338
The CVE-2026-23338 issue affects the Linux kernel component drm/amdgpu/userq. Userspace can trigger kernel warnings by providing an incorrect or growing number of fences across a userq wait ioctl, causing a backtrace to be emitted. The fix removes WARN_ONs so that, when the kernel detects nothing...
CVE-2026-31572
CVE-2026-31572 involves the Linux kernel driver for the i2c: designware: amdisp. A race exists between probe and runtime PM resume: when the ISP is powered on via runtime PM before probe completes, the amdisp I2C resume can occur early, causing a NULL dereference in kernel v7.0. The fix uses genp...
CVE-2026-23332
The CVE-2026-23332 issue affects the Linux kernel cpufreq/ intel_pstate driver. When booted with nosmt or maxcpus and attempting to disable turbo via /sys/devices/system/cpu/intel_pstate/no_turbo, a NULL pointer dereference can occur because for_each_possible_cpu() may consider offline CPUs and a...
CVE-2026-23366
The CVE-2026-23366 entry concerns the Linux kernel DRM client component. A vulnerability in drm_client_modeset_probe can lead to a NULL pointer dereference when ‘modes’ fails to be allocated with kcalloc; if an error path calls modes_destroy on this NULL pointer, a crash can occur. The issue is r...
CVE-2025-71126
CVE-2025-71126 relates to the Linux kernel MPTCP code and describes a deadlock when reinjecting during fallback. The issue occurs in mptcp_connect trying to acquire msk->fallback_lock while the task already holds it in __mptcp_retrans, creating a potential recursive lock and double-lock scenar...
CVE-2025-71187
Technical details are not publicly available in the provided documents. Monitor for updates.