Lucene search
K
LinuxLinux Kernel7.1

371 matches found

CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53145

Summary of CVE-2026-53145 (Linux kernel drm/gem change_handle race) : A race between gem_close and gem_change_handle ioctls in the DRM GEM subsystem was addressed but not cleanly fixed initially. The root cause involved confusion around the local handle variable (which is the new handle) and seve...

7.8CVSS5.9AI score0.00106EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53160

Summary: CVE-2026-53160 in the Linux kernel’s fastrpc component describes a use-after-free race in fastrpc_map_create. The vulnerability arises because fastrpc_map_lookup exposed a raw pointer after releasing fl->lock, and the caller then used kref_get_unless_zero on that unprotected pointer, ...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53171

The CVE affects the Linux kernel’s accel/ethosu driver. The dma_length() function can under- or overflow while deriving DMA region usage, causing region_size[] to be under-reported and potentially bypassing bounds checks in ethosu_job.c. The issue arises from arithmetic in len calculations, signe...

8.8CVSS6AI score0.00137EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53178

CVE-2026-53178 is a Linux kernel issue in the rtl8723bs Wi‑Fi driver (rtw_mlme) where an unsigned underflow can occur when subtracting fixed IE offsets from ie_length. The available connected sources indicate the bug has been fixed in the kernel (staging) by adding bounds checks to ensure ie_leng...

8.1CVSS5.7AI score0.00214EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53184

The CVE-2026-53184 issue affects the Linux kernel UDP sockmap path. On UDP receive, skb->dev is repurposed as dev_scratch; when a SK_SKB verdict program uses BPF socket-lookup helpers (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp), skb->dev may still hold the dev_scratch value, and dev_net(skb...

7.5CVSS5.7AI score0.00506EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53197

CVE-2026-53197 affects the Linux kernel xfrm/iptfs path. The bug is an ABBA deadlock: iptfs_destroy_state() cancels an hrtimer while holding a spinlock that the timer callback also tries to acquire. The output timer (iptfs_timer) path holds x->lock before cancel, while the timer callback (iptf...

5.5CVSS5.8AI score0.00097EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53207

The CVE-2026-53207 issue affects the Linux kernel mm/memory-failure path, where concurrent MADV_HWPOISON calls on the same hugetlb page can deadlock the non-recursive hugetlb_lock. The root cause is a sequence where a GUP reference is dropped under the hugetlb_lock, allowing free_huge_folio to re...

5.5CVSS5.8AI score0.00099EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53208

The CVE-2026-53208 entry concerns the Linux kernel Bluetooth subsystem: BR/EDR signaling packets are not enforcing MTUsig, allowing a remote BR/EDR peer within radio range (before pairing) to send a single 681-byte signaling packet containing multiple L2CAP_ECHO_REQ commands, which can trigger 16...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53234

The CVE-2026-53234 entry concerns the Linux kernel IBM EMAC network driver. The root cause is a use-after-free window created by using devm_register_netdev(), which defers unregister_netdev() to the devres cleanup phase after emac_remove() returns, allowing the network stack to access freed hardw...

7.8CVSS5.7AI score0.00131EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53242

CVE-2026-53242 affects the Linux kernel ALSA PCM path (snd_pcm_drain) on linked streams. The bug arises from wait queue handling: init_waitqueue_entry does not clear prev/next and add_wait_queue/remove_wait_queue sequencing can leave an orphaned wait entry on an old sleep queue after UNLINK, caus...

7.8CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53247

CVE-2026-53247: Linux kernel MTK ethernet driver (mtk_eth_soc) fix for use-after-free in metadata_dst teardown. mtk_free_dev() previously called metadata_dst_free() (kfree’d immediately, bypassing RCU). In RX, skb_dst_set_noref() kept non-refcounted pointers to metadata_dst; freed memory could ra...

9.8CVSS5.7AI score0.00507EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53252

The CVE-2026-53252 affects the Linux kernel Bluetooth HCI path. Root cause: memory leak of SRCU percpu memory when device init fails before hci_register_dev(), due to not cleaning up the SRCU struct on the unregistered fallback path. Fix: call cleanup_srcu_struct() in bt_host_release() fallback b...

5.5CVSS5.7AI score0.00136EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53259

CVE-2026-53259 (Linux kernel) fixes a race in IPv6 anycast address management. The root cause was a window where inserting an aca into the global inet6_acaddr_lst[] and its hash could be separated from the teardown path (RTNL), causing the ac_addr to be freed while still linked, i.e., a slab-use-...

7.8CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53260

Summary: CVE-2026-53260 relates to the Linux kernel tcp request-socket (reqsk) handling. The issue stems from a potential refcount underflow in __inet_csk_reqsk_queue_drop(), triggered when a reqsk is preempted between mod_timer() and refcount_set() during the queue/hash insertion path, causing t...

9.8CVSS5.7AI score0.00349EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53272

The CVE-2026-53272 issue affects the Linux kernel’s erofs subsystem. A use-after-free on sbi->sync_decompress can occur when z_erofs_endio() queues z_erofs_decompressqueue_work() and, after folios are unlocked, the unmount path completes with sbi freed before sbi->sync_decompress is accesse...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.13 views

CVE-2026-53283

CVE-2026-53283 concerns the Linux kernel AMD IOMMU driver. The issue arises when the inlined check path in __rlookup_amd_iommu() performs an out-of-bounds read on rlookup_table[devid] for a PCI device whose BDF isn’t described by IVRS. Prior to the commit that changed kvalloc() usage, the over-re...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.13 views

CVE-2026-53286

CVE-2026-53286 affects the Linux kernel IDPF driver: when auxiliary_device_add() fails in idpf_plug_vport_aux_dev() or idpf_plug_core_aux_dev(), the error path uninitializes the auxiliary device in a way that can trigger a use-after-free and a double free of the iadev object. The issue arises bec...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.13 views

CVE-2026-53289

Summary of CVE-2026-53289 (Linux kernel, ice driver). The vulnerability arises in ice_reset_all_vfs() where the return value of ice_vf_rebuild_vsi() is ignored. If VSI rebuild fails (for example during NVM firmware update via nvmupdate64e), ice_vsi_rebuild() tears down the VSI on its error path, ...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.13 views

CVE-2026-53291

CVE-2026-53291 affects the Linux kernel ALSA hda/conexant driver. The root cause is the ignored return value from snd_hda_jack_detect_enable_callback() in cx_probe(); if the call fails, an error pointer is returned and not checked, potentially leading to a crash when jack events are handled. The ...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.12 views

CVE-2026-52941

Summary: CVE-2026-52941 affects the Linux kernel net/smc stack. The smc_msg_event tracepoint used by smc_tx_sendmsg/smc_rx_recvmsg dereferenced conn.lnk unconditionally, causing a NULL pointer dereference when conn.lnk is NULL on SMC-D, leading to a crash. The fix guards against !conn->lnk and...

5.5CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53133

The CVE-2026-53133 entry concerns the Linux kernel RDMA/umem component where an IOMMU-assisted mapping can split a very large block across multiple SG entries. During reassembly in __rdma_block_iter_next(), 32-bit stack values can overflow, causing incorrect DMA addresses for blocks at or beyond ...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53136

The CVE-2026-53136 issue affects the Linux kernel in the DRM AMD display driver. It arises from VBIOS info fields HdmiRegNum and Hdmi6GRegNum being used as loop bounds to copy retimer I2C settings into fixed-size arrays without validation, enabling an out-of-bounds heap write during driver probe....

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53140

The CVE-2026-53140 issue pertains to the Linux kernel drm/v3d driver. A fault in v3d_rewrite_csd_job_wg_counts_from_indirect() maps both the indirect buffer and the workgroup buffer and, if any workgroup count read from the buffer is zero, the cleanup is skipped on an early exit, leaking the virt...

5.5CVSS6AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53149

CVE-2026-53149 affects the Linux kernel Thunderbolt code path, where __tb_property_parse_dir() may read beyond the root directory block due to missing bounds checks on content_offset/content_len. The issue could allow reading past a directory block, with high impact to confidentiality and availab...

7.1CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53158

The CVE-2026-53158 issue affects the Linux kernel misc: fastrpc subsystem, where a NULL pointer dereference could occur in rpmsg callback if fastrpc_rpmsg_probe() hasn’t completed or if the callback fires before dev_set_drvdata(). The fault trace points to a NULL cctx in fastrpc_channel_ctx when ...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53165

CVE-2026-53165 describes a race in the Linux kernel iomap subsystem where, during buffered read error reporting, a separate in-flight read can detach a folio and set folio->mapping to NULL before an error is reported, leading to a NULL dereference of folio->mapping in fserror_report_io(). T...

7.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53169

In the Linux kernel, accel/ethosu has been fixed to reject NPU_OP_RESIZE commands from userspace. The driver previously used an unconditional WARN_ON(1) in DRM_IOCTL_ETHOSU_GEM_CREATE, enabling kernel log spam and, if panic_on_warn was set, potential DoS via a local unprivileged user. The patch r...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53170

Concrete details confirm a vulnerability in the Linux kernel accel/ethosu driver: cmd_state_init() leaves dma->len at U64_MAX to signal uninitialized length, and dma_length() can wrap a positive stride to a small value, causing a bypass of region checks in ethosu_job.c when userspace omits the...

8.8CVSS5.9AI score0.00137EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53174

CVE-2026-53174 affects the Linux kernel overlay filesystem (ovl). The bug in ovl_iterate_merged() stores PTR_ERR(cache) in err before validating the cache with IS_ERR(cache), so on success err may hold a truncated cache pointer and be returned as a bogus non-zero error. The repro path goes throug...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53185

CVE-2026-53185 concerns the Linux kernel zram subsystem. The issue is a use-after-free in zram_bvec_write_partial(), where zram_read_page() can dispatch reads asynchronously for ZRAM_WB slots and return before the backing read completes. The caller may then operate on a buffer that is freed, risk...

7.8CVSS5.8AI score0.00102EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53190

CVE-2026-53190 concerns a Linux kernel vulnerability in the drm/virtio path where a refcount leak could occur in error handling of virtio_gpu_dma_fence_wait(). The root cause is that dma_fence_unwrap_for_each() calls dma_fence_unwrap_first(), which assigns cursor->chain = dma_fence_get(head) (...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53200

The CVE refers to the Linux kernel KVM on ARM64 where the XN bit handling was broken when FEAT_XNX is not enabled. Specifically, a FIELD_PREP() mask used to clear XN[0] manipulated the wrong bit, unconditionally granting execute permissions. The issue is resolved by correcting the bit manipulatio...

8.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53217

The CVE-2026-53217 issue affects the Linux kernel MVPP2 driver: RX data was synchronized at the hardware packet offset, leaving end-of-frame data possibly stale on non‑coherent DMA. Root cause is incorrect DMA sync range (starting at dma_addr and not covering the actual written packet tail). The ...

8.6CVSS5.7AI score0.00401EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53230

CVE-2026-53230 describes a slab-out-of-bounds vulnerability in the Linux kernel mlx5 driver: mlx5_query_nic_vport_mac_list sizes its firmware command buffer using the PF’s log_max_current_uc/mc_list, risking an overflow when querying a VF vport with a larger max. The resulting memory access is a ...

8.7CVSS6AI score0.00131EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53231

CVE-2026-53231 (Linux kernel) : The issue affects the PHY subsystem where PHY-driven SFP cages are not supported with the genphy code. Investigations show that sfp_bus_add_upstream() for genphy can deadlock because PHY probing runs under RTNL for genphy while non-genphy drivers do not. The root c...

5.5CVSS5.8AI score0.00087EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53235

Summary of technical details (CVE-2026-53235) : The Linux kernel GRO receive path had a bug in skb_gro_receive_list() where skb_pull(skb, skb_gro_offset(skb)) could run without ensuring the data is linear (missing pskb_may_pull() guard). When packets arrive via napi_gro_frags(), skb_headlen can b...

7.5CVSS5.7AI score0.00466EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53238

CVE-2026-53238 affects the Linux kernel netlabel/privacy path in netlbl_unlabel_addrinfo_get, where the address attribute length was used to infer IPv4/IPv6 data but the corresponding mask length was not independently validated. A crafted Generic Netlink request could supply a valid IPv4/IPv6 add...

5.5CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53244

CVE-2026-53244 concerns the Linux kernel NFSD component. When exporting a filesystem with the atomic_create hook, an error from atomic_create() could cause nfsd4_create_file() to fail unlocking the parent directory, risking resource exhaustion and potential DoS. The root cause is that dentry hand...

7.5CVSS5.7AI score0.00359EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53262

CVE-2026-53262 affects the Linux kernel ioctl path for the pppol2tp module (l2tp) where pppol2tp_ioctl() dereferenced sock->sk->sk_user_data without proper locking while a sleep could occur during copy_from_user(). If a concurrent socket close happened, l2tp_session_close() could free the s...

7.8CVSS5.8AI score0.00125EPSS
CVE
CVE
added 2026/06/26 7:40 p.m.12 views

CVE-2026-53292

Summary (CVE-2026-53292): The Linux kernel phonet subsystem contains a flaw in pn_socket_autobind() where, if pn_socket_bind() returns -EINVAL while the socket was never bound (pn_port() == 0) and sk states are not TCP_CLOSE, a BUG_ON() triggers a kernel panic from a user-triggerable path. The pa...

5.5CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/06/26 7:41 p.m.12 views

CVE-2026-53321

CVE-2026-53321 affects the Linux kernel io_uring/napi busy polling, where there was no cap on the maximum polling time when no events are found. The root cause is an unbounded busy_poll loop that can cause a task to be stuck, potentially leading to DoS-like unresponsiveness. Several connected sou...

5.5CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52913

CVE-2026-52913 is addressed in OSV entries as a flaw in the rootio-linux package. Root has patched CVE-2026-52913 in Root:Ubuntu-22.04, with multiple fixed versions available. Additional OSV records indicate patched status for Root:Ubuntu-24.04 and Root:Debian-11/12, also noting multiple fixed ve...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52920

The CVE-2026-52920 involves the Linux kernel netfilter xt_policy module, where strict inbound policy matching previously consumed info->pol[] in an incorrect order when multiple transforms were applied. Root cause: match_policy_in() iterates sec_path entries from last to first, violating the f...

8.3CVSS5.7AI score0.00299EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52935

In the Linux kernel, CVE-2026-52935 affects the espintcp path under xfrm, where a retransmit/reuse of an in-flight partial send could lead to an out-of-bounds read in the send path. The root cause is reinitializing an sk_msg and reusing ctx->partial while a previous transfer still owns that st...

7.8CVSS5.9AI score0.0012EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52938

CVE-2026-52938 concerns a race in Linux kernel BPF storage: bpf_selem_unlink_nofail() clears smap before removal, allowing a concurrent reader in bpf_sk_storage_clone() to observe a NULL smap and dereference a NULL pointer, potentially crashing the kernel (DoS). Reports describe a null-ptr-deref ...

5.5CVSS5.8AI score0.001EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53144

CVE-2026-53144 affects the Linux kernel's DRM/AMDKFD path, specifically a NULL dereference in get_queue_ids(). If usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() can return NULL; callers only check IS_ERR(), so a NULL pointer is not treated as an error, allowing suspend_que...

5.5CVSS5.7AI score0.00122EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53157

The CVE-2026-53157 issue affects the Linux kernel’s phonet code: phonet_device is removed from the per-net device list with list_del_rcu(), but freed immediately, creating a use-after-free for readers that still hold pointers. The root cause is mismatched lifetime management; the fix switches to ...

7.8CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53164

The CVE-2026-53164 entry concerns the Linux kernel IOMMU DMA SWIOTLB path. The vulnerability arises when iommu_dma_iova_link_swiotlb() maps an unaligned memory region and, if the middle portion is empty, calls iommu_map() with a 0 size, which the iommu_pt implementation treats as illegal, corrupt...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53172

The CVE-2026-53172 issue in the Linux kernel’s accel/ethosu component is a local-privilege/heap corruption flaw caused by an incorrect mask (0x7f) when processing NPU_SET_IFM_REGION. This allows a userspace caller to supply a region index > 7, writing up to 1016 bytes past the start of region_...

7.8CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53173

Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...

7.8CVSS5.9AI score0.00129EPSS
Total number of security vulnerabilities371