36 matches found
CVE-2026-43467
CVE-2026-43467 affects the Linux kernel mlx5_core/mlx5_eswitch stack. Root cause: when moving a device to switchdev mode on a system that does not support IPsec, the code erroneously cleans up IPsec resources, triggering a local crash/DoS. With concrete details from multiple vendors (Red Hat, SUS...
CVE-2026-43029
The CVE-2026-43029 issue affects the Linux kernel MPTCP implementation. When data is received with MSG_PEEK and MSG_WAITALL, skb’s are not removed from the sk_receive_queue, causing sk_wait_data() to incorrectly report data available and potentially trigger a soft lockup. The root cause is the mi...
CVE-2026-23400
Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...
CVE-2026-23014
The CVE-2026-23014 issue concerns the Linux kernel perf subsystem, specifically the swevent hrtimer. The root cause is that after changing hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer(), the hrtimer could remain active when the event is freed. The fix adds a full hrtimer_cancel() on the...
CVE-2026-43372
CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...
CVE-2026-46142
The CVE-2026-46142 issue affects the Linux kernel’s net: libwx code, where reading the PF-restricted WX_CFG_PORT_ST register during VF initialization can trigger an illegal register access, potentially causing a system hang. The root cause is that a VF’s bus function ID can be read directly from ...
CVE-2026-43094
CVE-2026-43094 affects the Linux kernel ixgbevf driver on Hyper-V VMs. The root cause is a missing negotiate_features callback in the Hyper-V mac_ops table, causing ixgbevf_negotiate_api() to dereference a NULL hw->mac.ops.negotiate_features() during feature negotiation. This can lead to a NUL...
CVE-2025-71144
The CVE-2025-71144 issue is in the Linux kernel’s MPTCP code path, where after a commit, if the MPC subflow is already TCP_CLOSE or falls back to TCP, mptcp_do_fastclose() may skip setting the send_fastclose flag, causing __mptcp_close_ssk() to stop resetting the subflow context. Consequently, a ...
CVE-2026-23016
The CVE concerns the Linux kernel’s conntrack/frag handling (inet: frags: drop fraglist conntrack references). A bug allows reassembled skb fragments to retain nf_conn references via frag_list, causing conntrack cleanup to block (hangs up to ~60s) when fragmentation/reassembly occurs (UDP/TCP pat...
CVE-2026-23079
CVE-2026-23079 affects the Linux kernel, specifically the gpio cdev path. The issue is that on error handling paths, in lineinfo_changed_notify(), allocated resources are not freed, causing resource leaks. The publicly described fix is to free those resources on error paths. Metrics indicate a CV...
CVE-2026-23360
CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...
CVE-2026-31491
In the Linux kernel’s RDMA/irdma component, CVE-2026-31491 stems from depth calculation functions that fail to properly guard against U32_MAX inputs for SQ/RQ/SRQ sizes. The issue can cause integer overflow and truncation, leading to the function returning success when it should fail. Public repo...
CVE-2025-71092
Summary : The CVE-2025-71092 entry corresponds to a Linux kernel issue in RDMA/bnxt_re where an OOB write occurred during hw_stats allocation in bnxt_re_copy_err_stats(). The root cause was that three counters (BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, BNXT_RE_RESP_REMOTE_ACCESS_ERRS) were a...
CVE-2026-23376
CVE-2026-23376 affects the Linux kernel nvmet-fcloop component. The vulnerability arises from not checking remoteport port_state before freeing resources in the fcloop_t2h_xmt_ls_rsp path, where lsrsp resources may be freed incorrectly if the remote port is not online. The fix updates fcloop_t2h_...
CVE-2026-43396
In the Linux kernel, the vulnerability CVE-2026-43396 is in the drm/xe/sync path. When dma_fence_chain_alloc() fails, the user fence reference is not released, causing a memory leak. Documented across multiple sources (Red Hat, SUSE, Ubuntu, Debian OSV entries, and NVD), the issue is fixed by the...
CVE-2026-43464
Summary: CVE-2026-43464 affects the Linux kernel mlx5e driver in XDP multi-buffer scenarios. When XDP programs modify buffer layout via bpf_xdp_pull_data() or bpf_xdp_adjust_tail(), the driver previously failed to count dropped fragments, causing negative page reference counts during cleanup and ...
CVE-2025-71299
CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...
CVE-2025-71123
CVE-2025-71123 affects the Linux kernel Ext4 mount option parsing. The vulnerability stems from improper string copying in parse_apply_sb_mount_options(), where strscpy_pad() could copy a non-NUL-terminated string into a fixed-size destination, triggering fortify warnings (strnlen: detected buffe...
CVE-2026-23387
The CVE-2026-23387 issue concerns the Linux kernel fix for a double-put in pinctrl/cirrus cs42l43 handling during cs42l43_pin_probe, caused by an explicit put after devm_add_action_or_reset() already performing an action on failure. Connected OSV entries (ROOT-OS-DEBIAN-13-CVE-2026-23387 and ROOT...
CVE-2026-23384
CVE-2026-23384 : In the Linux kernel's RDMA/ionic component, a kernel stack leak was fixed in the function ionic_create_cq(). The resp structure leaks 7 bytes from rsvd[7], and up to 4 additional bytes in cqid[2] (potentially 11 bytes total) if udma_mask only has bit 0 set and cqid[1] is not writ...
CVE-2026-23414
CVE-2026-23414 is addressed in the Linux kernel TLS code. The vulnerability involved the async_hold queue that pins encrypted input skbs while AEAD operations reference scatterlist data. The fix centralizes purge of async_hold in tls_decrypt_async_wait(), ensuring all callers (recvmsg drain path,...
CVE-2026-43465
CVE-2026-43465: Linux kernel mlx5e XDP multi-buf frag counting flaw. When XDP programs modify the XDP buffer layout (via bpf_xdp_pull_data/bpf_xdp_adjust_tail), the driver failed to count dropped fragments, risking negative page fragment reference counting and potential instability. Public report...
CVE-2025-71181
CVE-2025-71181 relates to the Linux kernel: the rust_binder change to remove spin_lock() in rust_shrink_free_page() during a Rust Binder port to 6.18 appears to fix a potential deadlock scenario described in the public advisories. The affected area is the Rust Binder integration within Linux, spe...
CVE-2026-31567
CVE-2026-31567 concerns the Linux kernel: a patch removes the WARN_ON() check in pm_restore_gfp_mask() to stop spurious warnings during hibernation paths (e.g., SNAPSHOT_CREATE_IMAGE, SNAPSHOT_UNFREEZE, snapshot_release) while keeping the underlying guard. The change is in the GFP mask management...
CVE-2025-71110
Technical details about CVE-2025-71110 are not publicly available in the provided connected documents. No specific affected products, versions, or remediation information are disclosed here; monitor for updates.
CVE-2026-23349
CVE-2026-23349 concerns the Linux kernel HID subsystem, specifically the pidff module. The issue arises from not clearing all conditional effect bits, which can lead to NULL pointer dereferences and potential system instability. The root cause is improper handling of the ffbit flag where some con...
CVE-2026-23421
The CVE-2026-23421 issue is a Linux kernel memory-leak in drm/xe/configfs where ctx_restore_mid_bb is allocated in wa_bb_store() but freed only partially by xe_config_device_release(), leaving ctx_restore_mid_bb[0].cs undisposed when a configfs device is removed. The vulnerability is described as...
CVE-2026-31459
CVE-2026-31459 affects the Linux kernel DAMON_SYSFS path. The vulnerability is a memory leak: when damon_sysfs_new_test_ctx() fails inside damon_sysfs_commit_input(), param_ctx is leaked because the cleanup at the out label is skipped. The patch series “mm/damon/sysfs: fix memory leak and NULL de...
CVE-2026-31783
The CVE-2026-31783 entry refers to a Linux kernel issue in spi: amlogic: spifc-a4 where the on-host NAND ECC engine teardown was missing in probe unwind and remove-time cleanup. The fix adds a devm cleanup action so nand_ecc_unregister_on_host_hw_engine() runs automatically on probe failures and ...
CVE-2026-23261
CVE-2026-23261 corresponds to a Linux kernel NVMe over Fabrics issue where nvme_fc_init_ctrl leaks admin blk-mq resources if subsequent steps fail during controller setup. The fix ensures the admin_tagset is freed by checking ctrl->ctrl.admin_tagset in the fail_ctrl path and calling nvme_remov...
CVE-2025-71106
CVE-2025-71106 - Linux kernel fix . The vulnerability concerns the filesystems_freeze_callback() check (freeze_all_ptr) introduced by the commit “power: always freeze efivarfs.” The check was inverted, causing all file systems to be frozen when filesystem_freeze_enabled is false. This could trigg...
CVE-2026-23322
The CVE-2026-23322 entry concerns the Linux kernel IPMI sender path. The root cause is a use-after-free and list corruption in the SMI sender error handling: when sender() fails, smi_work() delivers an error response but restarts without clearing curr_msg, leaving newmsg pointing to the same mess...
CVE-2025-71103
CVE-2025-71103 pertains to the Linux kernel DRM MSM Adreno driver. The issue occurs on A7xx GPUs without IFPC support, where ifpc_reglist could be dereferenced in a7xx_patch_pwrup_reglist(), leading to a kernel crash with a NULL pointer dereference (pc : a6xx_hw_init...). The vulnerability has be...
CVE-2026-23314
The CVE-2026-23314 entry describes a Linux kernel issue in the regulator/bq257xx subsystem: in bq257xx_reg_dt_parse_gpio(), if it fails to obtain a subchild, it may return without calling of_node_put(child), leaking a device node reference. The vulnerability is reported as resolved in the Linux k...
CVE-2026-23329
CVE-2026-23329 affects the Linux kernel libie_fwlog_deinit in the ixgbe driver flow. The vulnerability arises when unloading the driver (even if firmware logging was never initialized), enabling a call path that can lead to a kernel oops and Denial of Service. Reproduced by unloading the ixgbe dr...
CVE-2026-23342
CVE-2026-23342 describes a race in the Linux kernel’s PREEMPT_RT path for BPF cpumap/xdp_bulk_queue. The issue arises when bq_enqueue() and __cpu_map_flush() run concurrently on the same CPU, breaking assumptions about atomicity and enabling races such as double __list_del_clearprev() and concurr...