Lucene search
K
LinuxLinux Kernel6.9.1

24 matches found

CVE
CVE
added 2025/01/15 1:10 p.m.157 views

CVE-2024-53681

CVE-2024-53681 : In the Linux kernel nvmet subsystem, the code path nvmet_root_discovery_nqn_store mishandled the subsysnqn string as a fixed-size buffer even though it is allocated to the string size. The root cause is buffer overrun risk when the subsysnqn is longer than the old buffer. The fix...

5.5CVSS6.8AI score0.00185EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.137 views

CVE-2024-36484

CVE-2024-36484 is a Linux kernel vulnerability where the socket acceptance check was relaxed at accept time (net/ipv4/af_inet.c). The issue can arise when a process shuts down a listener before it enters accept, causing the child to reach accept() in FIN_WAIT1 status after the commit “tcp: defer ...

5.5CVSS6.3AI score0.00301EPSS
CVE
CVE
added 2024/07/29 3:54 p.m.117 views

CVE-2024-42083

CVE-2024-42083 affects the Linux kernel, addressing a bug in ionic_run_xdp() where multi-buffer jumbo frames were not fully unmapped for XDP_TX/XDP_REDIRECT. SG pages could be reused, causing a kernel panic (general protection fault). A patch/fix was applied in the kernel (e.g., 6.10.x targets an...

5.5CVSS6.5AI score0.0021EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.87 views

CVE-2025-38268

CVE-2025-38268: In the Linux kernel, a deadlock window existed in the USB Type‑C/TCPM Alt Mode interaction due to an unprotected state check in tcpm_queue_vdm_unlocked, which could allow the Alt Mode driver to grab the TCPM lock while state changes occurred. The fix moves tcpm_queue_vdm_unlocked ...

5.5CVSS6.5AI score0.00117EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.87 views

CVE-2025-38441

CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...

5.5CVSS6.3AI score0.00156EPSS
CVE
CVE
added 2024/06/19 1:45 p.m.86 views

CVE-2024-38595

CVE-2024-38595 affects the Linux kernel mlx5 subsystem: a patch changing register devlink flow did not update the peer devlink set logic, triggering a call trace when peer devlink set is done after devl_register. The fix aligns peer devlink set logic with the register flow to prevent the trace. I...

5.5CVSS6.4AI score0.00211EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.80 views

CVE-2025-38489

CVE-2025-38489: In the Linux kernel (s390/BPF), the on-disk description notes that bpf_arch_text_poke() with new_addr == NULL caused intermittent panics; the fix re‑instates the previously removed correction from commit c730fce7c70c, restoring the intended behavior and adding a clarifying comment...

5.5CVSS6.3AI score0.00136EPSS
CVE
CVE
added 2024/07/29 3:52 p.m.78 views

CVE-2024-42071

CVE-2024-42071 is a Linux kernel issue related to the ionic driver where napi_consume_skb() is invoked outside a safe NAPI context. The root cause described in the sources is that a non-NAPI/softirq path should call napi_consume_skb with budget=0, as indicated by the code notes and stack traces (...

5.5CVSS6.5AI score0.0021EPSS
CVE
CVE
added 2024/07/30 7:46 a.m.70 views

CVE-2024-42111

CVE-2024-42111 affects the Linux kernel BTRFS qgroup handling. The root cause was a patch (b5357cb268c4) that skipped the qgroup inherit checks when qgroup is disabled, allowing a malformed btrfs_qgroup_inherit structure to pass. This could lead to a slab-out-of-bounds read (KASAN) during transac...

6.3CVSS6.7AI score0.00206EPSS
CVE
CVE
added 2024/07/30 7:45 a.m.69 views

CVE-2024-42100

Technical details for CVE-2024-42100 are not provided in the connected documents. The materials reference the CVE but do not specify affected products, versions, root cause, impact, or fixes beyond the initial description; monitor for updates.

5.5CVSS6.4AI score0.00239EPSS
CVE
CVE
added 2024/07/12 12:37 p.m.68 views

CVE-2024-40986

CVE-2024-40986 affects the Linux kernel DMA engine for Xilinx XDMA. The issue arises from data synchronization in xdma_channel_isr() where the code does not properly sequence operations before using xdma->stop_request, requiring the vchan lock prior to stop_request usage. The vulnerability is ...

5.5CVSS6.5AI score0.00229EPSS
CVE
CVE
added 2024/07/29 3:52 p.m.68 views

CVE-2024-42075

CVE-2024-42075 concerns the Linux kernel’s bpf arena logic, which failed to account for mremap, risking use-after-free in arena_vm_close. The vulnerability is addressed by adding a reference count for multiple mmap events to protect the arena during remapping. The connected documents indicate the...

5.5CVSS6.6AI score0.0021EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.29 views

CVE-2026-46031

The CVE-2026-46031 entry describes a Linux kernel issue in the ks8851 network driver where a race/deadlock can occur between TX softirq handling and RX processing when BHs are enabled around IRQ handling. The root cause is a potential deadlock: ks8851_irq() holds a spinlock while ks8851_start_xmi...

7.5CVSS5.8AI score0.0037EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.28 views

CVE-2026-22979

CVE-2026-22979 is a Linux kernel vulnerability affecting memory accounting for GRO-fragmented SKBs. The issue arose because skb_segment_list() continued to add each fragment’s truesize to delta_truesize while subtracting it from the parent SKB, even though fragments are no longer charged to the s...

5.5CVSS5.3AI score0.0012EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.24 views

CVE-2026-31562

Summary: CVE-2026-31562 affects the Linux kernel DRM/mediatek DSI driver. A local attacker could trigger a NULL pointer dereference due to an uninitialized drvdata being read during mipi_dsi_host_register, causing a crash in mediatek-drm probe and blocking subsequent DRM operations. The fixed beh...

5.5CVSS5.3AI score0.00121EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.23 views

CVE-2025-71100

CVE-2025-71100 affects the Linux kernel wifi rtl8192cu (rtlwifi). The issue arises when tid values from ieee80211_get_tid() may exceed the bounds of sta_entry->tids[] (MAX_TID_COUNT), triggering an out-of-bounds access and UBSAN warning. The patched code adds a bounds check to ensure TID

7.8CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2026/01/25 2:36 p.m.23 views

CVE-2026-23013

CVE-2026-23013 pertains to the Linux kernel: in the octeon_ep_vf IRQ handling, the rollback path frees IRQs with a mismatched dev_id, using the literal 'oct' instead of the original ioq_vector. This can leave irqaction registrations alive, causing a use-after-free or crash when the interrupt fire...

7.8CVSS5.2AI score0.00152EPSS
CVE
CVE
added 2026/03/18 5:41 p.m.22 views

CVE-2026-23254

CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...

5.5CVSS5.4AI score0.00114EPSS
CVE
CVE
added 2026/04/03 3:15 p.m.22 views

CVE-2026-23427

Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...

9.8CVSS5.8AI score0.0029EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.21 views

CVE-2026-23354

CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.21 views

CVE-2026-31647

CVE-2026-31647 concerns the Linux kernel idpf driver. The vulnerability stems from improper nesting of PREEMPT_RT raw/BH spinlocks during asynchronous VC handling, which could yield an invalid wait context. A fix switches from the completion’s raw spinlock to a local lock in the idpf_vc_xn struct...

5.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23373

CVE-2026-23373 affects the Linux kernel wifi: rsi driver. The issue arises in rsi_mac80211_config where it should default to a zero value but instead uses -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init and diverging from other drivers’ behavior. Multiple sources describe the vulnerab...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/04/02 11:40 a.m.19 views

CVE-2026-23417

CVE-2026-23417 affects the Linux kernel BPF component where PROBE_MEM32 immediate stores (BPF_ST|BPF_PROBE_MEM32) were not blinded by the JIT constant-blinding path. The root cause is that convert_ctx_accesses() rewrites BPF_ST|BPF_MEM to BPF_ST|BPF_PROBE_MEM32 during verification, but the blindi...

5.5CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/04/24 2:35 p.m.17 views

CVE-2026-31561

CVE-2026-31561 affects the Linux kernel: the fix removes the X86_CR4_FRED bit from the CR4 pinning mask to avoid a boot-time window where exceptions cannot be handled. The vulnerability is detailed as a problem where FRED was temporarily disabled during AP boot, which could let an attacker modify...

5.5CVSS5.5AI score0.00122EPSS