25 matches found
CVE-2026-23416
The CVE-2026-23416 issue affects the Linux kernel (mm/mseal) where vm_area_struct end handling could become stale during VMA merges. The root cause is curr_end not staying in sync when a VMA is updated via vma_modify_flags(), leading to an incorrect curr_start on the next iteration. The fix uncon...
CVE-2026-46039
CVE-2026-46039 affects the Linux kernel. The root cause is a potential integer overflow in rxgk_extract_token() during the length check. The fix changes the check to round down the size of the available data rather than rounding up, preventing overflow. Kernel commits upstream (listed in referenc...
CVE-2026-43408
CVE-2026-43408 concerns the Linux kernel Ceph path handling: a missing zero-initialization of ceph_path_info before ceph_mdsc_build_path() calls can lead to crashes when ceph_mdsc_free_path_info() is invoked on error paths. Multiple code paths lacked proper initializers; the recommended fix is to...
CVE-2026-46010
CVE-2026-46010 affects the Linux kernel's rxrpc component. The root cause is missing error handling in rxgk_extract_token(): if rxgk_decrypt_skb() returns -ENOMEM, the function should return that error instead of proceeding, which can lead to an abort. Several advisories state the vulnerability c...
CVE-2026-43358
CVE-2026-43358 affects the Linux kernel's btrfs filesystem. The vulnerability is a missing RCU unlock in the error path of try_release_subpage_extent_buffer(), where rcu_read_lock() should be held before exiting the loop because an rcu_read_unlock() occurs past the loop. The issue was identified ...
CVE-2026-46146
CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...
CVE-2026-23012
CVE-2026-23012 affects the Linux kernel (mm/damon/core): a use-after-free in damon_call_control handling when a DAMON context is inactive. If damon_call() runs against a non-running context, the call returns an error but the damon_call_control object remains linked to the context’s call_controls ...
CVE-2026-23162
CVE-2026-23162 relates to the Intel Xe GPU driver in the Linux kernel (drm/xe/nvm). A double-free vulnerability occurs during initialization: after auxiliary_device_init() succeeds, if auxiliary_device_add() then fails, the memory may be freed twice (via the device release path and a premature fr...
CVE-2025-71090
CVE-2025-71090 describes a Linux kernel NFS daemon leak in nfsd4_add_rdaccess_to_wrdeleg(). The function overwrites fp->fi_fds[O_RDONLY] with a new nfsd_file even when a SHARE_ACCESS_READ is already open, thereby orphaning the prior reference. It previously stored the same nfsd_file pointer in...
CVE-2026-31650
The CVE concerns the Linux kernel mmc vub300 driver. The root cause is a use-after-free risk from device-managed controller allocation and a lifetime tie to the parent USB device rather than the interface, which can cause memory leaks if the driver is unbound without a disconnect. A last referenc...
CVE-2026-31511
CVE-2026-31511 affects the Linux kernel Bluetooth MGMT subsystem, specifically a dangling pointer in mgmt_add_adv_patterns_monitor_complete where mgmt_pending_free(cmd) could kfree cmd before unlinking from the list. Connected advisories indicate Debian/Root and other OSV entries report a patch w...
CVE-2026-31559
This CVE (CVE-2026-31559) affects the LoongArch implementation in the Linux kernel. The issue is a missing NULL check in kstrdup() during device-tree processing, fixed by replacing of_find_node_by_path("/") with of_root to avoid multiple of_node_put() calls, and by preventing a kernel oops during...
CVE-2026-43005
CVE-2026-43005 affects the Linux kernel hwmon driver for tps53679. The bug arises when i2c_smbus_read_block_data() returns 0 (zero-length read); tps53679_identify_chip() then accesses buf[ret-1] (buf[-1]), causing an out-of-bounds read. The fix changes the check from ret < 0 to ret
CVE-2025-71139
CVE-2025-71139 – Linux kernel kexec CMA/IMA handling : The issue arises when the kexec target address is allocated in CMA space. The kernel’s kimage_map_segment() path assumes IND_SOURCE pages exist and maps them via vmap(), but CMA-based allocation bypasses IND_SOURCE, leading to a warning and i...
CVE-2026-23018
CVE-2026-23018 describes a Linux kernel vulnerability in the btrfs code path. In btrfs_read_locked_inode(), a path with a read-locked leaf from a subvolume tree is used while calling btrfs_init_file_extent_tree(), which may perform GFP_KERNEL allocations and trigger memory reclaim. This can creat...
CVE-2026-23282
CVE-2026-23282 affects the Linux kernel SMB client (smb2_unlink). The root cause is uninitialised iov structures when SMB2_open_init() or SMB2_close_init() fails (e.g., on reconnect), which can cause oopses when SMB2_open_free(), SMB2_close_free(), or smb2_set_related() are invoked. The fix initi...
CVE-2026-31652
The CVE-2026-31652 issue is in the Linux kernel’s DAMON feature. When damon_stat_start() allocates damon_ctx and damon_call() subsequently fails, the damon_ctx object is not deallocated, causing a memory leak if DAMON is re-enabled. The leak is not resolved by deallocating after damon_call() fail...
CVE-2026-43059
CVE-2026-43059 affects the Linux kernel Bluetooth MGMT path. A change introducing mgmt_pending_valid() caused completion handlers to unlink commands from the pending list, which could lead to list corruption and potential memory safety issues. The patch fixes two issues: (1) in mgmt_add_adv_patte...
CVE-2026-23024
CVE-2026-23024 affects the Linux kernel: the idpf flow steering list could leak memory on module removal when entries remain. The fix iterates remaining entries during module unload and frees associated memory, guarded by a new flow_steer_list_lock to protect concurrent access. This is a memory-l...
CVE-2026-23151
CVE-2026-23151 in the Linux kernel Bluetooth MGMT path fixes a memory leak in set_ssp_complete due to missing mgmt_pending_free(cmd) calls (and similarly in set_advertising_complete).Root cause: mgmt_pending_cmd structures and their data were not freed after SSP commands completed, after a prior ...
CVE-2026-43095
In CVE-2026-43095, the Linux kernel ASoC SDCA subsystem fixes an IRQ cleanup flaw. IRQs are currently enabled via sdca_irq_populate() from component probe using devm_request_threaded_irq(), which can cause IRQs to persist after a sound card teardown. Some IRQ handlers hold references to the card ...
CVE-2026-31563
CVE-2026-31563 affects the Linux kernel macb network driver. The issue arises from freeing TX SKBs with napi_consume_skb() in IRQ-disabled context; a patch replaces it with dev_consume_skb_any() to avoid the warning trace and potential instability. All connected sources (NVD, SUSE, Red Hat, Debia...
CVE-2026-23022
The CVE-2026-23022 issue affects the Linux kernel’s idpf driver. It fixes a memory leak in idpf_vc_core_deinit() where hw->lan_regs was not freed, reported by kmemleak during reset. The root cause is a missing free in the deinitialization path of idpf_vc_core, leading to unreferenced memory be...
CVE-2026-23431
CVE-2026-23431 affects the Linux kernel component amlogic-spisg (spi driver). The issue is a memory leak in aml_spisg_probe() where ctlr allocated via spi_alloc_target()/spi_alloc_host() is not released on several error paths, causing leaks if probe fails after initial allocation. The fix uses me...
CVE-2026-31653
Summary : CVE-2026-31653 impacts the Linux kernel DAMON subsystem (DAMON_SYSFS). When a monitored process terminates before damon_call() runs, a dynamically allocated repeat_call_control is not deallocated, causing a memory leak. The connected sources document the root cause and confirm the fix: ...