Lucene search
K
LinuxLinux Kernel6.18

117 matches found

CVE
CVE
added 2026/04/23 11:12 a.m.96 views

CVE-2026-31532

CVE-2026-31532 affects the Linux kernel’s raw CAN socket implementation. A use-after-free can occur when, during unregistration of CAN receive filters, the kernel defers receiver deletion with RCU and frees per-CPU storage ro->uniq too early in raw_release(). The fix moves free_percpu(ro->u...

7.8CVSS5.7AI score0.00124EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.53 views

CVE-2026-46215

The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...

7.8CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.43 views

CVE-2026-23194

CVE-2026-23194 relates to the Linux kernel rust_binder handling of FDA objects of length zero. The issue was a out-of-bounds write when an empty fd-array (FDA) with 0 fds was processed, caused by treating skip == 0 as a special “pointer fixup.” The fix replaces this zero-special-case pattern (ori...

7.8CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.41 views

CVE-2026-23004

The CVE-2026-23004 issue in the Linux kernel concerns races in the IPv6 dst cache path (rt6_uncached_list_del/rt_del_uncached_list) leading to use-after-free during list_head initialization in INIT_LIST_HEAD, as observed by KASAN in rt6_uncached_list_flush_dev and related paths. The root cause is...

7.8CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/02/14 3:14 p.m.36 views

CVE-2026-23132

CVE-2026-23132 : Linux kernel vulnerability in the dw-dp bridge (drm/bridge: synopsys: dw-dp) resolved. The issue concerned error handling in dw_dp_bind(), with three problems: (1) Missing return after drm_bridge_attach() failure, causing continued execution; (2) Resource leak where drm_dp_aux_un...

5.5CVSS5.5AI score0.00116EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46182

The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...

5.5CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.33 views

CVE-2026-43467

CVE-2026-43467 affects the Linux kernel mlx5_core/mlx5_eswitch stack. Root cause: when moving a device to switchdev mode on a system that does not support IPsec, the code erroneously cleans up IPsec resources, triggering a local crash/DoS. With concrete details from multiple vendors (Red Hat, SUS...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.32 views

CVE-2026-43434

CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...

7.8CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2025/11/12 10:26 a.m.30 views

CVE-2025-40164

Technical details for CVE-2025-40164 are not publicly provided in the connected documents. Monitor for updates; current sources only list the CVE without vendor/affected products, impact, or remediation specifics.

5.5CVSS6.1AI score0.00171EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.30 views

CVE-2026-43462

CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...

7.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2025/12/24 12:9 p.m.29 views

CVE-2025-68749

CVE-2025-68749 (Linux kernel) relates to a race in the ivpu accelerator driver when unbinding BOs. The fix adds bo_list_lock protection around the unmapping sequence, ensuring a BO is fully unmapped either during context teardown or when still on the BOs list. This prevents the Memory manager war...

4.7CVSS6AI score0.00086EPSS
CVE
CVE
added 2026/02/18 2:16 p.m.29 views

CVE-2026-23211

CVE-2026-23211 concerns the Linux kernel memory management swap subsystem. The issue arises from a change that marked the swap address space as read-only, which could trigger a kernel panic if arch_prepare_to_swap() fails during heavy memory pressure. The documented root cause path includes pages...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/05/08 2:22 p.m.29 views

CVE-2026-43435

CVE-2026-43435 relates to the Linux kernel rust_binder component where the oneway spam-detection logic in TreeRange (and missing logic in ArrayRange) could allow large spamming transactions to go undetected. The fix moves the spam-check after the new range is inserted and adds an equivalent low_o...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.28 views

CVE-2026-31703

The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...

7.8CVSS5.5AI score0.00114EPSS
CVE
CVE
added 2026/02/14 3:14 p.m.27 views

CVE-2026-23134

The event CVE-2026-23134 pertains to the Linux kernel slab/kmalloc_nolock() context checks on PREEMPT_RT. On PREEMPT_RT kernels, local_lock is a sleeping lock; when a BPF program runs from a tracepoint with preemption disabled, kmalloc_nolock() may call local_lock_irqsave() and attempt to acquire...

5.5CVSS5.2AI score0.00107EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.27 views

CVE-2026-23153

CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...

4.7CVSS5.2AI score0.00074EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.27 views

CVE-2026-45908

The CVE-2026-45908 issue affects the Linux kernel’s accel/amdxdna component, specifically amdxdna_ubuf_map. The function allocates memory for sg and internal sg table structures but does not free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, resulting in a mem...

5.5CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.27 views

CVE-2026-46224

The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2025/12/23 1:58 p.m.26 views

CVE-2025-68340

CVE-2025-68340 (Linux kernel): A race/logic sequencing issue in the team device code can hang when adding a port device (e.g., gre0) configured as UP. Root cause: moving team_dev_type_check_change to after subsequent checks caused header_ops to switch from eth_header to ipgre_header mid-execution...

5.5CVSS6.2AI score0.00118EPSS
CVE
CVE
added 2026/02/14 3:9 p.m.26 views

CVE-2026-23127

CVE-2026-23127 affects the Linux kernel perf subsystem. The issue is caused by a refcount warning in perf_mmap_rb() when updating event->mmap_count during group-member mmap creation with PERF_FLAG_FD_OUTPUT. Specifically, refcount_inc(&event->mmap_count) can run when mmap_count is 0, trigge...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2026/02/14 4:1 p.m.26 views

CVE-2026-23149

Summary: CVE-2026-23149 affects the Linux kernel DRM subsystem, specifically drm_gem_change_handle_ioctl(). The vulnerability arises because GEM buffer object handles are u32 in the user API while internal idr_alloc() uses int ranges, causing a kernel warning (WARN_ON_ONCE) when a handle larger t...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.26 views

CVE-2026-43029

The CVE-2026-43029 issue affects the Linux kernel MPTCP implementation. When data is received with MSG_PEEK and MSG_WAITALL, skb’s are not removed from the sk_receive_queue, causing sk_wait_data() to incorrectly report data available and potentially trigger a soft lockup. The root cause is the mi...

7.5CVSS5.8AI score0.00329EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.26 views

CVE-2026-45909

CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...

7.8CVSS5.8AI score0.00162EPSS
CVE
CVE
added 2026/03/29 12:55 p.m.25 views

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

5.5CVSS5.8AI score0.0009EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.25 views

CVE-2026-31600

Summary of CVE-2026-31600 : Linux kernel arm64 memory management vulnerability where invalid large leaf mappings could cause a kernel panic due to mis-handling of cleared PTE_VALID bits. Publicly disclosed details describe the root cause in arm64 mm: handling invalid large leaf mappings and the o...

7.5CVSS5.5AI score0.0029EPSS
CVE
CVE
added 2026/05/06 11:28 a.m.25 views

CVE-2026-43228

The CVE-2026-43228 entry concerns the Linux kernel hfs component where 64-bit CNID counts (next_id, folder_count, file_count) triggered kernel panics when MDB was corrupted. Root cause: BUG_ON-based overflow checks replaced by proper error handling. Impact: local DoS via kernel panic with a corru...

5.5CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2026/05/27 12:55 p.m.24 views

CVE-2026-45990

CVE-2026-45990 concerns the Linux kernel slub/kvrealloc code, where forcing realloc with new alignment/NUMA node could trigger data loss during NUMA migration and a potential out-of-bounds write when shrinking. The root cause described is that the reallocation path could memcpy with an incorrect ...

5.5CVSS6AI score0.00133EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.24 views

CVE-2026-46030

CVE-2026-46030 affects the Linux kernel EDAC/versalnet path; the root cause is a memory leak in mc_probe due to a device_node reference not being freed. The fix uses the automatic cleanup attribute __free(device_node) to ensure of_node_put() is called when the local variable goes out of scope. Af...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2025/12/16 1:48 p.m.23 views

CVE-2025-68211

CVE-2025-68211 (Linux kernel, KSM) is addressed by a patch that changes scan_get_next_rmap_item from per-address walking to a range walk using walk_page_range, allowing KSMD to skip unmapped holes in large VMAs. The fix targets inefficiency where KSMD would otherwise scan vast address spaces with...

5.5CVSS6AI score0.00123EPSS
CVE
CVE
added 2026/01/13 3:31 p.m.23 views

CVE-2025-71068

CVE-2025-71068 concerns the Linux kernel: svcrdma path bound-check bug in inline path when indexing rqstp->rq_pages[rc_curpage] without ensuring rc_curpage is within allocated bounds. The description notes that guards were added before first use and after advancing to a new page, addressing th...

7.8CVSS6.1AI score0.00129EPSS
CVE
CVE
added 2026/01/28 2:24 p.m.23 views

CVE-2026-23014

The CVE-2026-23014 issue concerns the Linux kernel perf subsystem, specifically the swevent hrtimer. The root cause is that after changing hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer(), the hrtimer could remain active when the event is freed. The fix adds a full hrtimer_cancel() on the...

7.8CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.23 views

CVE-2026-23218

CVE-2026-23218 affects the Linux kernel (loongson-64bit GPIO). The root cause is an incorrect NULL check in loongson_gpio_init_irqchip() after devm_kcalloc(), where chip->parent was checked instead of chip->irq.parents. This mischeck can lead to a NULL dereference during IRQ chip init. The ...

5.5CVSS5.2AI score0.001EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.23 views

CVE-2026-43391

CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...

8.8CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.23 views

CVE-2026-46029

In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...

7CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.23 views

CVE-2026-46095

CVE-2026-46095 is a Linux kernel vulnerability resolved by moving the barrier raise before the llbitmap state machine transitions. The fix updates two functions, llbitmap_start_write() and llbitmap_start_discard(), to ensure the barrier is raised prior to any state changes, preventing a race wher...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.23 views

CVE-2026-46141

The CVE-2026-46141 entry concerns a Linux kernel kmemleak memory leak in the powerpc/xive interrupt controller. When MSI‑X vectors are allocated for NVMe devices, the kernel stores per‑irq data in irq_data->chip_data. After a commit that untangled XIVE from child interrupt controllers, xive_ir...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.23 views

CVE-2026-46142

The CVE-2026-46142 issue affects the Linux kernel’s net: libwx code, where reading the PF-restricted WX_CFG_PORT_ST register during VF initialization can trigger an illegal register access, potentially causing a system hang. The root cause is that a VF’s bus function ID can be read directly from ...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2025/12/04 4:8 p.m.22 views

CVE-2025-40251

Technical details for CVE-2025-40251 are not publicly available in the provided documents. No affected products or fixes are specified here. Monitor for updates in forthcoming advisories.

5.5CVSS6AI score0.00127EPSS
CVE
CVE
added 2026/05/06 7:40 a.m.22 views

CVE-2026-43094

CVE-2026-43094 affects the Linux kernel ixgbevf driver on Hyper-V VMs. The root cause is a missing negotiate_features callback in the Hyper-V mac_ops table, causing ixgbevf_negotiate_api() to dereference a NULL hw->mac.ops.negotiate_features() during feature negotiation. This can lead to a NUL...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/08 2:21 p.m.22 views

CVE-2026-43372

CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.22 views

CVE-2026-46035

CVE-2026-46035 affects the Linux kernel on UP (non-SMP) configurations and describes a vulnerability in mm/page_alloc. The issue arises because on UP, spin_trylock() is a no-op and may always succeed even if the lock is held, allowing alloc_frozen_pages_nolock() invoked from NMI to re-enter rmque...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/01/14 3:8 p.m.21 views

CVE-2025-71144

The CVE-2025-71144 issue is in the Linux kernel’s MPTCP code path, where after a commit, if the MPC subflow is already TCP_CLOSE or falls back to TCP, mptcp_do_fastclose() may skip setting the send_fastclose flag, causing __mptcp_close_ssk() to stop resetting the subflow context. Consequently, a ...

5.5CVSS6.1AI score0.00116EPSS
CVE
CVE
added 2026/01/31 11:38 a.m.21 views

CVE-2026-23016

The CVE concerns the Linux kernel’s conntrack/frag handling (inet: frags: drop fraglist conntrack references). A bug allows reassembled skb fragments to retain nf_conn references via frag_list, causing conntrack cleanup to block (hangs up to ~60s) when fragmentation/reassembly occurs (UDP/TCP pat...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/02/04 4:8 p.m.21 views

CVE-2026-23079

CVE-2026-23079 affects the Linux kernel, specifically the gpio cdev path. The issue is that on error handling paths, in lineinfo_changed_notify(), allocated resources are not freed, causing resource leaks. The publicly described fix is to free those resources on error paths. Metrics indicate a CV...

5.5CVSS5.1AI score0.00107EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.21 views

CVE-2026-23184

CVE-2026-23184 concerns a Linux kernel use-after-free in binder_netlink_report() triggered by a BR_TRANSACTION_PENDING_FROZEN path in binder_proc_transaction(). A one-way transaction to a frozen target could be treated as successful, leading to unsafe access to a transaction structure after a pen...

7.8CVSS5.3AI score0.0012EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.21 views

CVE-2026-23360

CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.21 views

CVE-2026-31491

In the Linux kernel’s RDMA/irdma component, CVE-2026-31491 stems from depth calculation functions that fail to properly guard against U32_MAX inputs for SQ/RQ/SRQ sizes. The issue can cause integer overflow and truncation, leading to the function returning success when it should fail. Public repo...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/06 11:29 a.m.21 views

CVE-2026-43280

CVE-2026-43280 is a Linux kernel vulnerability in the drm/xe module where a malicious user can supply a malformed pat_index via the madvise IOCTL, triggering an out-of-bounds read from xe->pat.table due to missing bounds checking in xe_pat_index_get_coh_mode() (validated only by a call in madv...

7.1CVSS5.8AI score0.00118EPSS
CVE
CVE
added 2026/05/27 12:18 p.m.21 views

CVE-2026-45952

The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...

5.5CVSS5.8AI score0.00126EPSS
Total number of security vulnerabilities117