117 matches found
CVE-2026-31532
CVE-2026-31532 affects the Linux kernel’s raw CAN socket implementation. A use-after-free can occur when, during unregistration of CAN receive filters, the kernel defers receiver deletion with RCU and frees per-CPU storage ro->uniq too early in raw_release(). The fix moves free_percpu(ro->u...
CVE-2026-46215
The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...
CVE-2026-23194
CVE-2026-23194 relates to the Linux kernel rust_binder handling of FDA objects of length zero. The issue was a out-of-bounds write when an empty fd-array (FDA) with 0 fds was processed, caused by treating skip == 0 as a special “pointer fixup.” The fix replaces this zero-special-case pattern (ori...
CVE-2026-23004
The CVE-2026-23004 issue in the Linux kernel concerns races in the IPv6 dst cache path (rt6_uncached_list_del/rt_del_uncached_list) leading to use-after-free during list_head initialization in INIT_LIST_HEAD, as observed by KASAN in rt6_uncached_list_flush_dev and related paths. The root cause is...
CVE-2026-23132
CVE-2026-23132 : Linux kernel vulnerability in the dw-dp bridge (drm/bridge: synopsys: dw-dp) resolved. The issue concerned error handling in dw_dp_bind(), with three problems: (1) Missing return after drm_bridge_attach() failure, causing continued execution; (2) Resource leak where drm_dp_aux_un...
CVE-2026-46182
The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...
CVE-2026-43467
CVE-2026-43467 affects the Linux kernel mlx5_core/mlx5_eswitch stack. Root cause: when moving a device to switchdev mode on a system that does not support IPsec, the code erroneously cleans up IPsec resources, triggering a local crash/DoS. With concrete details from multiple vendors (Red Hat, SUS...
CVE-2026-43434
CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...
CVE-2025-40164
Technical details for CVE-2025-40164 are not publicly provided in the connected documents. Monitor for updates; current sources only list the CVE without vendor/affected products, impact, or remediation specifics.
CVE-2026-43462
CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...
CVE-2025-68749
CVE-2025-68749 (Linux kernel) relates to a race in the ivpu accelerator driver when unbinding BOs. The fix adds bo_list_lock protection around the unmapping sequence, ensuring a BO is fully unmapped either during context teardown or when still on the BOs list. This prevents the Memory manager war...
CVE-2026-23211
CVE-2026-23211 concerns the Linux kernel memory management swap subsystem. The issue arises from a change that marked the swap address space as read-only, which could trigger a kernel panic if arch_prepare_to_swap() fails during heavy memory pressure. The documented root cause path includes pages...
CVE-2026-43435
CVE-2026-43435 relates to the Linux kernel rust_binder component where the oneway spam-detection logic in TreeRange (and missing logic in ArrayRange) could allow large spamming transactions to go undetected. The fix moves the spam-check after the new range is inserted and adds an equivalent low_o...
CVE-2026-46221
CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...
CVE-2026-31703
The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...
CVE-2026-23134
The event CVE-2026-23134 pertains to the Linux kernel slab/kmalloc_nolock() context checks on PREEMPT_RT. On PREEMPT_RT kernels, local_lock is a sleeping lock; when a BPF program runs from a tracepoint with preemption disabled, kmalloc_nolock() may call local_lock_irqsave() and attempt to acquire...
CVE-2026-23153
CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...
CVE-2026-45908
The CVE-2026-45908 issue affects the Linux kernel’s accel/amdxdna component, specifically amdxdna_ubuf_map. The function allocates memory for sg and internal sg table structures but does not free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, resulting in a mem...
CVE-2026-46224
The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...
CVE-2025-68340
CVE-2025-68340 (Linux kernel): A race/logic sequencing issue in the team device code can hang when adding a port device (e.g., gre0) configured as UP. Root cause: moving team_dev_type_check_change to after subsequent checks caused header_ops to switch from eth_header to ipgre_header mid-execution...
CVE-2026-23127
CVE-2026-23127 affects the Linux kernel perf subsystem. The issue is caused by a refcount warning in perf_mmap_rb() when updating event->mmap_count during group-member mmap creation with PERF_FLAG_FD_OUTPUT. Specifically, refcount_inc(&event->mmap_count) can run when mmap_count is 0, trigge...
CVE-2026-23149
Summary: CVE-2026-23149 affects the Linux kernel DRM subsystem, specifically drm_gem_change_handle_ioctl(). The vulnerability arises because GEM buffer object handles are u32 in the user API while internal idr_alloc() uses int ranges, causing a kernel warning (WARN_ON_ONCE) when a handle larger t...
CVE-2026-43029
The CVE-2026-43029 issue affects the Linux kernel MPTCP implementation. When data is received with MSG_PEEK and MSG_WAITALL, skb’s are not removed from the sk_receive_queue, causing sk_wait_data() to incorrectly report data available and potentially trigger a soft lockup. The root cause is the mi...
CVE-2026-45909
CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...
CVE-2026-23400
Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...
CVE-2026-31600
Summary of CVE-2026-31600 : Linux kernel arm64 memory management vulnerability where invalid large leaf mappings could cause a kernel panic due to mis-handling of cleared PTE_VALID bits. Publicly disclosed details describe the root cause in arm64 mm: handling invalid large leaf mappings and the o...
CVE-2026-43228
The CVE-2026-43228 entry concerns the Linux kernel hfs component where 64-bit CNID counts (next_id, folder_count, file_count) triggered kernel panics when MDB was corrupted. Root cause: BUG_ON-based overflow checks replaced by proper error handling. Impact: local DoS via kernel panic with a corru...
CVE-2026-45990
CVE-2026-45990 concerns the Linux kernel slub/kvrealloc code, where forcing realloc with new alignment/NUMA node could trigger data loss during NUMA migration and a potential out-of-bounds write when shrinking. The root cause described is that the reallocation path could memcpy with an incorrect ...
CVE-2026-46030
CVE-2026-46030 affects the Linux kernel EDAC/versalnet path; the root cause is a memory leak in mc_probe due to a device_node reference not being freed. The fix uses the automatic cleanup attribute __free(device_node) to ensure of_node_put() is called when the local variable goes out of scope. Af...
CVE-2025-68211
CVE-2025-68211 (Linux kernel, KSM) is addressed by a patch that changes scan_get_next_rmap_item from per-address walking to a range walk using walk_page_range, allowing KSMD to skip unmapped holes in large VMAs. The fix targets inefficiency where KSMD would otherwise scan vast address spaces with...
CVE-2025-71068
CVE-2025-71068 concerns the Linux kernel: svcrdma path bound-check bug in inline path when indexing rqstp->rq_pages[rc_curpage] without ensuring rc_curpage is within allocated bounds. The description notes that guards were added before first use and after advancing to a new page, addressing th...
CVE-2026-23014
The CVE-2026-23014 issue concerns the Linux kernel perf subsystem, specifically the swevent hrtimer. The root cause is that after changing hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer(), the hrtimer could remain active when the event is freed. The fix adds a full hrtimer_cancel() on the...
CVE-2026-23218
CVE-2026-23218 affects the Linux kernel (loongson-64bit GPIO). The root cause is an incorrect NULL check in loongson_gpio_init_irqchip() after devm_kcalloc(), where chip->parent was checked instead of chip->irq.parents. This mischeck can lead to a NULL dereference during IRQ chip init. The ...
CVE-2026-43391
CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...
CVE-2026-46029
In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...
CVE-2026-46095
CVE-2026-46095 is a Linux kernel vulnerability resolved by moving the barrier raise before the llbitmap state machine transitions. The fix updates two functions, llbitmap_start_write() and llbitmap_start_discard(), to ensure the barrier is raised prior to any state changes, preventing a race wher...
CVE-2026-46141
The CVE-2026-46141 entry concerns a Linux kernel kmemleak memory leak in the powerpc/xive interrupt controller. When MSI‑X vectors are allocated for NVMe devices, the kernel stores per‑irq data in irq_data->chip_data. After a commit that untangled XIVE from child interrupt controllers, xive_ir...
CVE-2026-46142
The CVE-2026-46142 issue affects the Linux kernel’s net: libwx code, where reading the PF-restricted WX_CFG_PORT_ST register during VF initialization can trigger an illegal register access, potentially causing a system hang. The root cause is that a VF’s bus function ID can be read directly from ...
CVE-2025-40251
Technical details for CVE-2025-40251 are not publicly available in the provided documents. No affected products or fixes are specified here. Monitor for updates in forthcoming advisories.
CVE-2026-43094
CVE-2026-43094 affects the Linux kernel ixgbevf driver on Hyper-V VMs. The root cause is a missing negotiate_features callback in the Hyper-V mac_ops table, causing ixgbevf_negotiate_api() to dereference a NULL hw->mac.ops.negotiate_features() during feature negotiation. This can lead to a NUL...
CVE-2026-43372
CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...
CVE-2026-46035
CVE-2026-46035 affects the Linux kernel on UP (non-SMP) configurations and describes a vulnerability in mm/page_alloc. The issue arises because on UP, spin_trylock() is a no-op and may always succeed even if the lock is held, allowing alloc_frozen_pages_nolock() invoked from NMI to re-enter rmque...
CVE-2025-71144
The CVE-2025-71144 issue is in the Linux kernel’s MPTCP code path, where after a commit, if the MPC subflow is already TCP_CLOSE or falls back to TCP, mptcp_do_fastclose() may skip setting the send_fastclose flag, causing __mptcp_close_ssk() to stop resetting the subflow context. Consequently, a ...
CVE-2026-23016
The CVE concerns the Linux kernel’s conntrack/frag handling (inet: frags: drop fraglist conntrack references). A bug allows reassembled skb fragments to retain nf_conn references via frag_list, causing conntrack cleanup to block (hangs up to ~60s) when fragmentation/reassembly occurs (UDP/TCP pat...
CVE-2026-23079
CVE-2026-23079 affects the Linux kernel, specifically the gpio cdev path. The issue is that on error handling paths, in lineinfo_changed_notify(), allocated resources are not freed, causing resource leaks. The publicly described fix is to free those resources on error paths. Metrics indicate a CV...
CVE-2026-23184
CVE-2026-23184 concerns a Linux kernel use-after-free in binder_netlink_report() triggered by a BR_TRANSACTION_PENDING_FROZEN path in binder_proc_transaction(). A one-way transaction to a frozen target could be treated as successful, leading to unsafe access to a transaction structure after a pen...
CVE-2026-23360
CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...
CVE-2026-31491
In the Linux kernel’s RDMA/irdma component, CVE-2026-31491 stems from depth calculation functions that fail to properly guard against U32_MAX inputs for SQ/RQ/SRQ sizes. The issue can cause integer overflow and truncation, leading to the function returning success when it should fail. Public repo...
CVE-2026-43280
CVE-2026-43280 is a Linux kernel vulnerability in the drm/xe module where a malicious user can supply a malformed pat_index via the madvise IOCTL, triggering an out-of-bounds read from xe->pat.table due to missing bounds checking in xe_pat_index_get_coh_mode() (validated only by a call in madv...
CVE-2026-45952
The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...