Lucene search
K
LinuxLinux Kernel7.1

371 matches found

CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53192

CVE-2026-53192 — Linux kernel ALSA timer UAF fix The vulnerability affects the ALSA timer path (snd_timer_user_params) in the Linux kernel. A race can occur during timer object release when a concurrent SNDRV_TIMER_IOCTL_PARAMS ioctl is in flight, potentially leading to a use-after-free if anothe...

7.8CVSS5.8AI score0.00134EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53194

The CVE-2026-53194 entry covers a defect in the Linux kernel USB serial driver kl5kusb105 (klsi_105_prepare_write_buffer). The bug occurs when the generic write path uses the bulk-out buffer (size 64) and copies the payload from the write_fifo without reserving space for the 2-byte header, result...

7.8CVSS6AI score0.00148EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53198

The CVE-2026-53198 issue affects ksmbd in the Linux kernel: a deferred byte-range lock (SMB2_LOCK) uses async_work with a cancel_fn (smb2_remove_blocked_lock) and cancel_argv pointing to a file_lock. If a second SMB2_CANCEL arrives before release_async_work(), the cancel callback can run again on...

8.8CVSS5.7AI score0.00466EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53209

The CVE-2026-53209 issue affects the Linux kernel Bluetooth subsystem (hci_sync). When hci_adv_bcast_annoucement() tries to prepend the Broadcast Announcement service data to an already-full extended advertising payload, the combined data could exceed the temporary buffer used to rebuild advertis...

7.8CVSS6AI score0.00138EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53214

The CVE-2026-53214 entry concerns the Linux kernel IPv6 code. The vulnerability occurs when addrconf_get_prefix_route() can return the fib6_null_entry sentinel, which has a NULL fib6_table pointer. Before setting a route’s expiration time, the code must verify that it is not operating on the fib6...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.17 views

CVE-2026-53288

CVE-2026-53288 affects the Linux kernel on arm64. The issue arises in the early kernel mapping where the final part of the data/end segment may overflow into the next page of init_pg_end, requiring an extra page reservation for kernel segments. The advisory explains that 4K-page early mappings ca...

5.5CVSS5.9AI score0.00122EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.17 views

CVE-2026-53296

CVE-2026-53296 is addressed in OSV entries for Root OS products, noting that the vulnerability in the rootio-linux component was patched in Ubuntu 22.04, Ubuntu 24.04, and Debian-based Root builds. Multiple fixed versions are available per the OSV records. The Debian/Ubuntu rootio-linux remediati...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.16 views

CVE-2026-31713

The CVE concerns the Linux kernel FUSE handling during sync init. When a FUSE server exits unexpectedly while processing FUSE_INIT, the mounting thread keeps the device fd open, preventing an abort and causing filesystem creation to hang. This is a regression relative to the async mount path, whe...

5.5CVSS5.8AI score0.00115EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.16 views

CVE-2026-52916

CVE-2026-52916 affects the Linux kernel’s BATMAN-adv frag handling. A crafted BATADV_UNICAST_FRAG packet can defragment into another BATADV_UNICAST_FRAG, causing unbounded recursion in batadv_batman_skb_recv() and leading to kernel stack exhaustion. The published description specifies that refrag...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.16 views

CVE-2026-53143

In the Linux kernel DRM/AMD KFD path, CVE-2026-53143 describes a buffer overflow during CRIU checkpoint/restore for SDMA queues on Navi3x. The v11 MQD manager used the larger v11_compute_mqd buffer (2048 bytes) for KFD_MQD_TYPE_SDMA, instead of the smaller v11_sdma_mqd (512 bytes), causing a 1536...

7.8CVSS6AI score0.00142EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.16 views

CVE-2026-53179

CVE-2026-53179 affects the Linux kernel, specifically the staging rtl8723bs driver. The vulnerability is a buffer over-read in rtw_update_protection: a pointer inside the ies buffer is used with the full ie_length, allowing reads beyond the intended data. This is a local impact issue with HIGH se...

7.1CVSS6AI score0.00131EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53220

CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53232

The CVE-2026-53232 entry concerns the Linux kernel net: phy component. The root cause is that on PHY probing failure, the SFP upstream is not cleaned up, leaving a dangling upstream reference on the SFP bus. Impact is potential system instability or unexpected behavior during SFP events. The issu...

8.8CVSS5.7AI score0.00221EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53252

The CVE-2026-53252 affects the Linux kernel Bluetooth HCI path. Root cause: memory leak of SRCU percpu memory when device init fails before hci_register_dev(), due to not cleaning up the SRCU struct on the unregistered fallback path. Fix: call cleanup_srcu_struct() in bt_host_release() fallback b...

5.5CVSS5.7AI score0.00136EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53278

CVE-2026-53278 affects the Linux kernel arm_mpam component. The vulnerability arises when __destroy_component_cfg() is invoked from mpam_disable() before the configuration array has been allocated, causing a NULL pointer dereference. The function frees the configuration array and mbwu_state; sinc...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53280

CVE-2026-53280 relates to the Linux kernel IOMMU path. A NULL dereference of group->domain could occur when a default IOMMU domain fails to allocate during the first probe, causing a crash at domain->ops->attach_dev in __iommu_attach_device() invoked by pci_dev_reset_iommu_done(). The co...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53285

The CVE-2026-53285 issue concerns the Linux kernel drm/amd/display path, where dcn32_enable_phantom_plane() allocates ~335 KiB via kvzalloc() within an FPU-enabled, softirq-disabled region. This vmalloc flow can trigger BUG_ON(in_interrupt()), causing a kernel crash (DoS). The root cause is the l...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53295

The CVE-2026-53295 entry covers a Linux kernel vulnerability in the mailbox subsystem: a missing sanity check for the mailbox channel array can lead to a dereference and an OOPS if no channel array is attached. The publicly provided connected sources confirm a patch/fix was applied in kernels and...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/21 12:17 p.m.15 views

CVE-2026-43498

CVE-2026-43498 is a Linux kernel issue in the accel/ivpu path. The vulnerability stems from the ability to re-export imported GEM buffers; a fix adds a custom prime_handle_to_fd callback that checks if the GEM object is imported and returns -EOPNOTSUPP in that case. Under re-export scenarios, buf...

7.8CVSS5.9AI score0.00113EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53135

The CVE-2026-53135 issue affects the Linux kernel’s DRM AMD display path, specifically SDP debugfs writes. Root cause: dp_sdp_message_debugfs_write() dereferenced connector->base.state->crtc without NULL checks, potentially crashing when a connected-but-unbound connector exists (e.g., after...

5.5CVSS5.9AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53142

CVE-2026-53142 concerns the Linux kernel DRM XE driver. The issue arises when display probing state (xe->info.probe_display) is not updated after intel_display_device_info_runtime_init(), allowing xe_display_flush_cleanup_work() to dereference a NULL mode config via for_each_intel_crtc() durin...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53146

CVE-2026-53146 affects the Linux kernel Thunderbolt XDomain handling. tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size, allowing a short response to read past valid frame data into stale DMA contents. The fixed behavior is to...

7.1CVSS6AI score0.00242EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53151

CVE-2026-53151 concerns the Linux kernel AF_RXRPC subsystem, where legacy parsing of the SACK table could trigger an invalid buffer access when processing fragmented UDP packets. The fix updates rxrpc_input_soft_acks() and rxrpc_input_ack() logic so that SACK contents are not copied into a flat b...

9.8CVSS6AI score0.00497EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53177

CVE-2026-53177 affects bnxt_en in the Linux kernel. A NULL pointer dereference can occur in bnxt_io_error_detected() when PCIe error recovery runs for a NIC that is closed, due to bp->bnapi being freed on NIC close. The fix is to check bp->bnapi for NULL before disabling and synchronizing I...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53186

CVE-2026-53186 affects the Linux kernel SRP path in RDMA: the SRP_RSP data length (resp_data_len) is not bounded by the actual received bytes, risking an out-of-bounds read when processing sense data. The copy is capped to 96 bytes, but the source offset can point far past the received data, pote...

9.1CVSS6AI score0.00544EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.15 views

CVE-2026-53257

The CVE-2026-53257 entry concerns the Linux kernel wifi subsystem (cfg80211/mac80211). The issue arises when HE (High Efficiency) and EHT elements are inconsistent between capabilities and operations, which could trigger a crash if eht_cap is set but eht_oper isn’t. The vulnerability is addressed...

5.5CVSS5.8AI score0.00104EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.15 views

CVE-2026-53258

CVE-2026-53258 affects the Linux kernel WiFi stack: when a 6 GHz split scan fails, rdev->int_scan_req is leaked because cfg80211_scan() fails before ___cfg80211_scan_done() releases it. The leak is observed in kernel mode tracing (kmemleak) and is associated with a wpa_supplicant process in th...

5.5CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53279

CVE-2026-53279 affects the Linux kernel driver path drm/gma500/oaktrail_lvds. The issue occurs during LVDS initialization where the code looks up an I2C adapter (via i2c_get_adapter) and may read EDID, then either uses the adapter or falls back to allocating/registering its own adapter. On late i...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53282

The CVE-2026-53282 issue affects the Linux kernel’s x86/kexec purgatory code used by kexec-tools. The root cause was the purgatory path looking above the top of the stack to locate a return address for a kjump even in non-kjump kexec, which could trigger a fault/crash. A commit fixed the actual k...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53294

Technical details for CVE-2026-53294 are not publicly available in the provided documents. Monitor for updates from Debian/Ubuntu OSV entries and kernel advisories for affected components, versions, and fixes.

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.14 views

CVE-2026-52915

CVE-2026-52915 concerns the Linux kernel netfilter ip6t_hbh module, where ip6t_opts may store at most IP6T_OPTS_OPTSNR (16) option descriptors but hbh_mt6_check() did not reject larger optsnr values from userspace. This allowed a potential out-of-bounds condition (UBSAN: array-index-out-of-bounds...

7.1CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.14 views

CVE-2026-52929

The CVE affects the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the rollback only shrinks queued chunks and lowers outcnt, leaving removed stream metadata behind. A subsequent re-add can reuse a stale ext and trigger a null-pointer dereference in the scheduler get path, pot...

7.5CVSS5.7AI score0.00394EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.14 views

CVE-2026-52942

The CVE corresponds to a Linux kernel netfilter nf_log issue where the fallback dump_mac_header() could read past the buffer if the MAC header was not set. The root cause was testing mac_header against network_header without verifying skb_mac_header_was_set(), causing skb_mac_header to point far ...

7.1CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.14 views

CVE-2026-53137

CVE-2026-53137 concerns the Linux kernel drm/amd display path where, during HDCP2.x repeater authentication over HDMI, the driver reads the sink RxStatus and uses a 10-bit message size field (max 1023) to set the read length for the ReceiverID list. The length was not clamped to the destination b...

7.8CVSS6AI score0.00143EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.14 views

CVE-2026-53138

The CVE-2026-53138 issue affects the Linux kernel’s drm/amd/display driver. A malformed VBIOS image can cause unbounded record-chain walk loops in bios_parser.c and bios_parser2.c due to for(;;) loops that terminate only on a 0xFF sentinel or zero record_size. This can lead to a large number of i...

7.1CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.14 views

CVE-2026-53155

In Linux kernels, CVE-2026-53155 relates to mm/huge_memory and device-private PMD entries. A commit (65edfda6f3f2) updated set_pmd_migration_entry() to use pmdp_huge_get_and_clear() in the softleaf case but did not adjust the function fully, causing incorrect use of pmd_write(), pmd_soft_dirty(),...

5.5CVSS5.4AI score0.00107EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53196

In the Linux kernel USB: serial: io_ti driver, CVE-2026-53196 describes a heap overflow in get_manuf_info() caused by reading rom_desc->Size bytes from an I2C EEPROM into a 10-byte buffer (kmalloc_obj()). Size is only checked against TI_MAX_I2C_SIZE (16384), allowing a malicious device to set ...

6.8CVSS6AI score0.00284EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53197

CVE-2026-53197 affects the Linux kernel xfrm/iptfs path. The bug is an ABBA deadlock: iptfs_destroy_state() cancels an hrtimer while holding a spinlock that the timer callback also tries to acquire. The output timer (iptfs_timer) path holds x->lock before cancel, while the timer callback (iptf...

5.5CVSS5.8AI score0.00097EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53199

CVE-2026-53199 pertains to the Linux kernel hv_netvsc path, where netvsc_copy_to_send_buf previously used phys_to_virt() on page buffer PFNs and could fault when fragments referenced high mem/user pages on 32-bit x86 with HIGHMEM. The fix maps pages with kmap_local_page() and reconstructs native ...

7.5CVSS6AI score0.0053EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53213

In the Linux kernel drm/vc4 component, CVE-2026-53213 is a memory-leak fix related to krealloc(): if krealloc() returns NULL, the original pointer may be overwritten, leaking memory. The recommended pattern is to assign krealloc() to a temporary variable, check for NULL, then update the original ...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53219

The CVE-2026-53219 issue affects the Linux kernel netfilter x_tables path. The root cause is that native/compat get-entries copied the fixed rule entry header to userspace before sanitizing and overwriting the counter fields, exposing the percpu allocation address (pcnt) in SMP environments. The ...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53226

The CVE-2026-53226 issue affects the Linux kernel GPIO Rockchip driver: generic IRQ chips allocated via irq_alloc_domain_generic_chips() are not freed on driver removal, leaving domain generic chips and the global gc_list leaked and potentially visited later by suspend/resume/shutdown callbacks, ...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53227

CVE-2026-53227 affects the Linux kernel net/openvswitch path. The issue arises when allocating the reply skb after taking ovs_mutex, where an error path can leave the skb with an ERR_PTR and later free it during cleanup, leading to a possible invalid free. The fix sets the pointer to NULL after s...

5.5CVSS5.8AI score0.00136EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53229

The CVE-2026-53229 issue concerns the Linux kernel mlx5e driver: on XDP_TX transmit failure, DMA mappings are not properly unmapped and XDP frames are not freed, causing a potential DMA/resource leak. The description specifies that in mlx5e_xmit_xdp_buff(), when sq->xmit_xdp_frame() returns fa...

7.5CVSS5.7AI score0.00466EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53242

CVE-2026-53242 affects the Linux kernel ALSA PCM path (snd_pcm_drain) on linked streams. The bug arises from wait queue handling: init_waitqueue_entry does not clear prev/next and add_wait_queue/remove_wait_queue sequencing can leave an orphaned wait entry on an old sleep queue after UNLINK, caus...

7.8CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53247

CVE-2026-53247: Linux kernel MTK ethernet driver (mtk_eth_soc) fix for use-after-free in metadata_dst teardown. mtk_free_dev() previously called metadata_dst_free() (kfree’d immediately, bypassing RCU). In RX, skb_dst_set_noref() kept non-refcounted pointers to metadata_dst; freed memory could ra...

9.8CVSS5.7AI score0.00507EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53249

CVE-2026-53249 is a Linux kernel vulnerability where the IPOPT_SSRR and IPOPT_LSRR IPv4 options are restricted to CAP_NET_RAW, preventing unprivileged processes from steering packets through attacker-controlled nodes to leak information (e.g., TCP ISN). The issue is patched in multiple OS context...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53251

CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53254

The CVE-2026-53254 issue affects the Linux kernel Bluetooth RFCOMM MCC handlers, which cast skb data to protocol-specific structs without validating skb->len. A malicious remote device could send truncated MCC frames, causing out-of-bounds reads. The fix is to validate and access required data...

8.1CVSS5.8AI score0.00283EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53260

Summary: CVE-2026-53260 relates to the Linux kernel tcp request-socket (reqsk) handling. The issue stems from a potential refcount underflow in __inet_csk_reqsk_queue_drop(), triggered when a reqsk is preempted between mod_timer() and refcount_set() during the queue/hash insertion path, causing t...

9.8CVSS5.7AI score0.00349EPSS
Total number of security vulnerabilities371