Lucene search
K
LinuxLinux Kernel7.1

371 matches found

CVE
CVE
added 2026/05/01 1:56 p.m.22 views

CVE-2026-31718

The CVE-2026-31718 entries describe a use-after-free in ksmbd (Linux kernel in-kernel SMB3 server) triggered when a durable file handle survives a session disconnect. The root cause is an asymmetric cleanup of lock state: byte-range locks left on a freed conn->lock_list after fp->conn is nu...

9.8CVSS5.7AI score0.00356EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.22 views

CVE-2026-46035

CVE-2026-46035 affects the Linux kernel on UP (non-SMP) configurations and describes a vulnerability in mm/page_alloc. The issue arises because on UP, spin_trylock() is a no-op and may always succeed even if the lock is held, allowing alloc_frozen_pages_nolock() invoked from NMI to re-enter rmque...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.22 views

CVE-2026-46104

Linux kernel CVE-2026-46104 affects SELinux socket permission helpers. The vulnerability arises because sock_has_perm() and nlmsg_sock_has_extended_perms() dereference sk->sk_security directly, assuming the SELinux socket blob is at offset zero. In stacked LSM configurations this assumption fa...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.22 views

CVE-2026-46158

The CVE-2026-46158 issue is in the Linux kernel MPTCP implementation: when ADD_ADDR is retransmitted, the socket reference count may not be released reliably, creating a potential resource leak. The fix adds a proper exit path to call sock_put (__sock_put) at the end of the handling and removes a...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.22 views

CVE-2026-52932

In CVE-2026-52932, the Linux kernel xfrm IPcomp path contains a fix to ensure that the allocated destination scatter-gather (dst SG) list is freed on error as well as on success, preventing potential resource leaks. The root cause is improper memory deallocation during error handling in the xfrm ...

7.5CVSS5.7AI score0.00339EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.22 views

CVE-2026-53147

The CVE-2026-53147 issue affects the Linux kernel Thunderbolt XDomain handling. tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without confirming that the allocation is large enough for the target type. A peer could send a minimal XDomain packet that passes ...

8.1CVSS5.9AI score0.00283EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.22 views

CVE-2026-53154

The CVE-2026-53154 issue affects the Linux kernel mm/hugetlb path where, on error during copy of huge pages, the per-VMA reservation can leak despite free_huge_folio() restoring the global pool. Concrete details from connected sources show that two code paths allocate a hugetlb folio (alloc_huget...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.22 views

CVE-2026-53182

CVE-2026-53182 affects the Linux kernel nl80211: rejects oversized EMA RNR lists in nl80211_parse_rnr_elems, using a u8 counter and capping at 255 to align with the underlying data structure. Several advisories (Red Hat, Debian family, Ubuntu OSV entries, and Root) confirm patches are released in...

7.8CVSS5.7AI score0.00138EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.22 views

CVE-2026-53193

CVE-2026-53193 concerns the Linux kernel ALSA timer component. When a snd_timer object is freed via snd_timer_free() while there are still pending snd_timer_instance entries linked to it, slave instances may continue to point at the freed timer, creating a use-after-free condition. The vulnerabil...

7.8CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.22 views

CVE-2026-53222

In the Linux kernel, CVE-2026-53222 relates to the ptp: ocp driver. The root cause was use-after-free during driver removal caused by freeing resources in ptp_ocp_detach() before ptp_clock_unregister(), after a change that disables events via ptp_disable_all_events(). The fix changes the free/unr...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.22 views

CVE-2026-53256

CVE-2026-53256 concerns the Linux kernel Bluetooth RFCOMM implementation. A race in rfcomm_connect_ind() can cause a use-after-free when handling listener sockets: rfcomm_get_sock_by_channel() may drop the list lock without holding a reference, and subsequent operations may free the listener befo...

8CVSS5.7AI score0.00266EPSS
CVE
CVE
added 2026/05/01 1:55 p.m.21 views

CVE-2026-31696

Summary (CVE-2026-31696) : In the Linux kernel’s rxrpc code, the non-XDR key parsing path (rxrpc_preparse()) lacked a validation check for ticket length, unlike the XDR path. This allowed an unprivileged user to supply a very large ticket length, causing the computed total token size (toksize) to...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.21 views

CVE-2026-46154

CVE-2026-46154 affects the Linux kernel sched_ext functionality. Root cause: in cgroup setters, scx_group_set_{weight,idle,bandwidth}() cache the scx_root before acquiring scx_cgroup_ops_rwsem, enabling a window where the pointer can become stale if a scheduler is disabled and freed (via RCU) and...

7CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.21 views

CVE-2026-46210

The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.21 views

CVE-2026-52926

CVE-2026-52926 affects the Linux kernel component used by batman-adv. The root cause is in batman-adv teardown: batman-adv/batadv_gw_node_free() removes entries from the gateway list but does not clear the currently selected gateway. This leaves a stale gateway reference in bat_priv->gw.curr_g...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.21 views

CVE-2026-53246

CVE-2026-53246 : In the Linux kernel SCTP implementation, a vulnerability exists in how COOKIE_ECHO payloads are processed. The cached peer INIT chunk embedded after the cookie could have its header length inflated without proper validation, allowing the parameter walk (via sctp_walk_params/sctp_...

9.8CVSS6AI score0.00481EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.21 views

CVE-2026-53266

The CVE-2026-53266 entry concerns the Linux kernel netfilter bridge path, where ebt_snat ARP sender hardware address rewrite could be performed on non-writable memory. Root cause: ARP SHA is written via skb_store_bits() relative to skb->data, and skb_header_pointer() only safely reads the ARP ...

8.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.21 views

CVE-2026-53284

CVE-2026-53284 (Linux kernel, btrfs): The issue arises in btrfs_write_and_wait_transaction() where, after an error from btrfs_write_marked_extent(), the code still calls btrfs_extent_io_tree_release() to clear the dirty_pages io tree. This tree may contain records not yet submitted, and subsequen...

7.5CVSS6AI score0.00432EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.21 views

CVE-2026-53293

CVE-2026-53293 : In the Linux kernel’s AMDGPU driver, the AMDGPU_INFO_READ_MMR_REG path had multiple issues: an incorrect order between the reset semaphore and the mm_lock (e.g., copy_to_user was called while holding the lock), memory allocation while holding the reset semaphore (risking deadlock...

5.5CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/06/29 4:53 a.m.21 views

CVE-2026-53325

CVE-2026-53325 affects the Linux kernel’s AGP AMD64 driver. The root cause is broken error propagation in agp_amd64_probe(): when no AMD northbridges are found, cache_nbs() returns a negative error code (e.g., -ENODEV), but the probe incorrectly checks for exactly -1. This allows initialization t...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.20 views

CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

7.8CVSS5.9AI score0.00127EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.20 views

CVE-2026-52927

Summary (CVE-2026-52927) Linux kernel: netfilter/ebtables: fix OOB read in compat_mtw_from_user. The issue arises from insufficient validation of user-supplied match_size/target_size when converting 32-bit user structures to kernel-native structures in compat_from_user(). If an extension provides...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/06/24 9:59 a.m.20 views

CVE-2026-52944

Technical details are not publicly available in the provided documents. The CVE describes a permission bypass in ksmbd/fsctl_set_sparse, but no concrete affected products/versions/fixes are included here. Monitor for updates and vendor advisories.

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.20 views

CVE-2026-53134

A vulnerability in the Linux kernel netfilter NFT_FIB code (CVE-2026-53134) could leak uninitialized kernel stack via the OIFNAME result register on certain lookup-fail paths. The issue stems from NFT_FIB_RESULT_OIFNAME writes only a single byte and leaves the remaining IFNAMSIZ span stale in nft...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.20 views

CVE-2026-53167

CVE-2026-53167 affects the Linux kernel’s FUSE path: FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios since !uptodate folios may contain uninitialized data. The vulnerability is scoped to systems without automatic page-alloc zero init (CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1). E...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.20 views

CVE-2026-53255

CVE-2026-53255 (Linux kernel) concerns a Bluetooth MGMT TLV parsing bug: tlv_data_is_valid() may read one byte past the advertising data when a malformed field’s length byte is at the buffer end, due to validating element length before verifying the type byte. This can enable local exploitation w...

7.1CVSS6AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.20 views

CVE-2026-53276

The CVE-2026-53276 entry concerns the Linux kernel Bluetooth ISO stack. A use-after-free occurs in iso_sock_rebind_bc where the bis pointer is cached and the socket lock is released before traversals, allowing a concurrent close() to free the hci_conn and its bis structure. The code then accesses...

7.8CVSS5.7AI score0.0012EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.19 views

CVE-2026-53150

CVE-2026-53150 affects the Linux kernel Thunderbolt validator. The bug arises when tb_property_entry_valid() accepts zero-length TEXT entries for DIRECTORY/DATA/TEXT, enabling a null-termination underflow (writes at property->value.text[length*4 - 1] with length 0). A fix rejects zero-length e...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.19 views

CVE-2026-53236

CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.18 views

CVE-2026-52931

CVE-2026-52931 — Linux kernel (batman-adv tp_meter): The vulnerability arises when batadv_tp_recv_ack() or batadv_tp_stop() are invoked with a tp_vars in the BATADV_TP_RECEIVER role. In that case, code paths access sender-only members that were never initialized, causing undefined behavior. The f...

9.8CVSS5.8AI score0.00404EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53161

The CVE-2026-53161 entry concerns a use-after-free in the Linux kernel fastrpc subsystem. A race between fastrpc_device_release() (on file close) and the workqueue processing DSP responses can free the fastrpc_user while an in-flight DSP invocation is completing, leading to dereferencing freed co...

7.8CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53181

CVE-2026-53181 affects the Linux kernel vsock/vmci stack. On failing handshake, vmci_transport_recv_listen() could leave sk_ack_backlog incremented (due to missing sk_acceptq_removed() call), allowing backlog growth toward sk_max_ack_backlog and a possible listener denial of new connections (-ECO...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53195

The CVE-2026-53195 issue affects the Linux kernel USB: serial: io_ti driver. build_i2c_fw_hdr() allocates a fixed buffer and copies img_header->Length (up to 65535) without validating it against remaining space, enabling a potential heap overflow. The root cause is that check_fw_sanity() valid...

7.8CVSS6AI score0.00153EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53211

CVE-2026-53211 (Linux kernel netfilter nft_meta_bridge) : The NFT_META_BRI_IIFHWADDR destination register is declared as 6 bytes but tracked as two 32-bit registers (8 bytes). In nft_meta_bridge_get_eval(), a memcpy writes 6 bytes of br_dev->dev_addr, leaving the upper 2 bytes of the second re...

5.5CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53212

The CVE-2026-53212 issue affects the Linux kernel nft_tunnel implementation within netfilter, where nft_tunnel_obj_destroy() used metadata_dst_free() to free a metadata_dst, bypassing dst_entry refcount accounting. This could leave in-flight packets that hold references (via dst_hold()) dangling,...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53216

The CVE-2026-53216 issue affects the Linux kernel mvpp2 XDP path. Short pool buffers can be smaller than PAGE_SIZE, yet XDP initially sets every xdp_buff frame size to PAGE_SIZE. The XDP helpers then use frame_sz to validate tail growth, which, with an oversized frame, can allow bpf_xdp_adjust_ta...

9.8CVSS6AI score0.00546EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53239

The CVE-2026-53239 issue is a Linux kernel use-after-free in the xfrm policy path, specifically in xfrm_policy_bysel_ctx(). A race between CPU0 deleting a policy and CPU1 rebuilding inexact policy bins can lead to UAF of the inexact bin, causing potential system instability or DoS. The fix prunes...

7.8CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53250

CVE-2026-53250 : In the Linux kernel, the xsk_skb_metadata() path is vulnerable to a TOCTOU race in which csum_start and csum_offset are read from shared UMEM and then read again for skb assignment. A malicious userspace process can overwrite values between reads, bypassing bounds checks and caus...

7.8CVSS5.9AI score0.00112EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53263

CVE-2026-53263 is reported in OSV entries as affecting the rootio-linux package in Ubuntu/Debian environments, with patches available in multiple fixed versions (e.g., Root:Ubuntu:22.04 and Root:Ubuntu:24.04; Debian 11/12 tracks). The Debian/Ubuntu Nessus OSV entries note patches for these distri...

5.5CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53264

CVE-2026-53264 concerns the Linux kernel’s networking scheduler (net/sched) where a race between simultaneous NEWTFILTER and DELFILTER operations can lead to a use-after-free of an action. The provided description and patches state that final freeing of the action was incorrectly performed withou...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53267

The CVE-2026-53267 entry concerns a Linux kernel netfilter nft_ct use-after-free style issue where a per-CPU template conntrack entry can be treated as a real ct, causing a 16-byte memcpy path to overflow the kernel stack when using NFT_REG32_15. The root cause is that a template ct is not reject...

7.8CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.18 views

CVE-2026-53287

CVE-2026-53287 affects the Linux kernel audit CAPSET path. A copy-paste bug in __audit_log_capset() writes cap_pi (inheritable) with cap_effective, corrupting inheritable audit data and enabling privilege-escalation prep in the audit trail. The issue is fixed in the Linux kernel; patches exist in...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.18 views

CVE-2026-53290

CVE-2026-53290 relates to the Linux kernel DRM subsystem (xe/stall path). The issue occurs in xe_eu_stall_stream_close() where drm_dev_put() is invoked before the stream is disabled and its resources freed. If this drops the last reference, device structures may be freed while subsequent cleanup ...

7.8CVSS5.8AI score0.00124EPSS
CVE
CVE
added 2026/05/01 1:55 p.m.17 views

CVE-2026-31697

The CVE-2026-31697 entry concerns the Linux kernel crypto: ccp driver. The issue arises when retrieving the CPU ID: if the firmware command fails (notably with an invalid length), copying the firmware ID to userspace can overflow a kernel buffer and leak data to userspace. Public reports describe...

7.1CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.17 views

CVE-2026-52912

The CVE-2026-52912 affects the Linux kernel netfilter nf_queue handling of bridge LOCAL_IN traffic. br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge master before queueing, allowing a queued bridge packet to retain a freed bridge master in skb->dev. On reinjection, b...

7.8CVSS5.7AI score0.00142EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.17 views

CVE-2026-52922

CVE-2026-52922 affects batman-adv in the Linux kernel. The root cause is that batadv_dat_forward_data() duplicates an skb via pskb_copy_for_clone() but does not verify the allocation result before passing the skb to batadv_send_skb_prepare_unicast_4addr(), which can dereference a NULL skb and tri...

7.5CVSS5.8AI score0.00394EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.17 views

CVE-2026-52930

CVE-2026-52930 (Linux kernel) : The issue is in ipc/shm: orphan cleanup cleanup of shm segments. shm_nattch was updated while holding shm_perm.lock, but shm_destroy_orphaned() traversed shm_ids(ns).rwsem, leading to a race where an orphaned segment could be considered removable before the destina...

5.5CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.17 views

CVE-2026-53153

CVE-2026-53153 affects the Linux kernel memcg list_lru path. A race during memcg_reparent_list_lrus() clears the dying memcg’s xarray entry before reparenting per-node lists, letting concurrent list_lru_del/walk operate on the parent and corrupt next/prev pointers. The fix reverses the order: rep...

7.8CVSS5.8AI score0.00106EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.17 views

CVE-2026-53168

The CVE-2026-53168 issue affects the Linux kernel FUSE implementation. It concerns fuse_notify() pagecache operations on directories, where FUSE_NOTIFY_STORE/RETRIEVE could allow the FUSE daemon to access pagecache contents in kernel-internal storage for directories using FOPEN_CACHE_DIR. The fix...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53191

CVE-2026-53191 affects the Linux kernel io_uring/net path. In bundle recv retries (with incremental mode and provided buffer rings IOU_PBUF_RING_INC), a memory handling bug caused IORING_CQE_F_BUF_MORE to be dropped during flag merge, allowing the kernel to leave a stale BUF_MORE in carried flags...

7.8CVSS6AI score0.00138EPSS
Total number of security vulnerabilities371